New file |
| | |
| | | --- |
| | | kind: Template |
| | | apiVersion: v1 |
| | | metadata: |
| | | annotations: |
| | | description: Application template for a non-HA persistent authoring environment, for Red Hat Process Automation Manager 7.0 |
| | | iconClass: icon-jboss |
| | | tags: rhpam,jboss,authoring |
| | | version: "1.2" |
| | | openshift.io/display-name: Red Hat Process Automation Manager 7.0 authoring environment (non-HA, persistent, with https) |
| | | template.openshift.io/bindable: "false" |
| | | name: rhpam70-authoring |
| | | labels: |
| | | template: rhpam70-authoring |
| | | rhpam: "1.2" |
| | | message: A new persistent Process Automation Manager application have been created in your project. |
| | | The username/password for accessing the KIE Server / Business Central interface is ${KIE_ADMIN_USER}/${KIE_ADMIN_PWD}. |
| | | Please be sure to create the secrets named "${BUSINESS_CENTRAL_HTTPS_SECRET}" and "${KIE_SERVER_HTTPS_SECRET}" containing the |
| | | ${BUSINESS_CENTRAL_HTTPS_KEYSTORE} and ${KIE_SERVER_HTTPS_KEYSTORE} files used for serving secure content. |
| | | parameters: |
| | | - displayName: Application Name |
| | | description: The name for the application. |
| | | name: APPLICATION_NAME |
| | | value: myapp |
| | | required: true |
| | | - displayName: KIE Admin User |
| | | description: KIE administrator username |
| | | name: KIE_ADMIN_USER |
| | | value: adminUser |
| | | required: false |
| | | - displayName: KIE Admin Password |
| | | description: KIE administrator password |
| | | name: KIE_ADMIN_PWD |
| | | from: "[a-zA-Z]{6}[0-9]{1}!" |
| | | generate: expression |
| | | required: false |
| | | - displayName: KIE Server Controller User |
| | | description: KIE server controller username (Sets the org.kie.server.controller.user system property) |
| | | name: KIE_SERVER_CONTROLLER_USER |
| | | value: controllerUser |
| | | required: false |
| | | - displayName: KIE Server Controller Password |
| | | description: KIE server controller password (Sets the org.kie.server.controller.pwd system property) |
| | | name: KIE_SERVER_CONTROLLER_PWD |
| | | from: "[a-zA-Z]{6}[0-9]{1}!" |
| | | generate: expression |
| | | required: false |
| | | - displayName: KIE Server User |
| | | description: KIE execution server username (Sets the org.kie.server.user system property) |
| | | name: KIE_SERVER_USER |
| | | value: executionUser |
| | | required: false |
| | | - displayName: KIE Server Password |
| | | description: KIE execution server password (Sets the org.kie.server.pwd system property) |
| | | name: KIE_SERVER_PWD |
| | | from: "[a-zA-Z]{6}[0-9]{1}!" |
| | | generate: expression |
| | | required: false |
| | | - displayName: KIE Server ID |
| | | description: Business server identifier. Determines the template ID in Business Central or controller. If this parameter is left blank, it is set using the $HOSTNAME environment variable or a random value. (Sets the org.kie.server.id system property). |
| | | name: KIE_SERVER_ID |
| | | required: false |
| | | - displayName: KIE Server Bypass Auth User |
| | | description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property) |
| | | name: KIE_SERVER_BYPASS_AUTH_USER |
| | | value: 'false' |
| | | required: false |
| | | - displayName: KIE Server Persistence DS |
| | | description: KIE execution server persistence datasource (Sets the org.kie.server.persistence.ds system property) |
| | | name: KIE_SERVER_PERSISTENCE_DS |
| | | value: java:/jboss/datasources/rhpam |
| | | required: false |
| | | ## PostgreSQL database parameters BEGIN |
| | | - displayName: KIE Server PostgreSQL Database User |
| | | description: KIE execution server PostgreSQL database username |
| | | name: KIE_SERVER_POSTGRESQL_USER |
| | | value: rhpam |
| | | required: false |
| | | - displayName: KIE Server PostgreSQL Database Password |
| | | description: KIE execution server PostgreSQL database password |
| | | name: KIE_SERVER_POSTGRESQL_PWD |
| | | from: "[a-zA-Z]{6}[0-9]{1}!" |
| | | generate: expression |
| | | required: false |
| | | - displayName: KIE Server PostgreSQL Database Name |
| | | description: KIE execution server PostgreSQL database name |
| | | name: KIE_SERVER_POSTGRESQL_DB |
| | | value: rhpam7 |
| | | required: false |
| | | - displayName: PostgreSQL ImageStream Tag |
| | | description: The PostgreSQL image version, which is intended to correspond to the PostgreSQL version. Default is "9.6". |
| | | name: POSTGRESQL_IMAGE_STREAM_TAG |
| | | value: "9.6" |
| | | - displayName: PostgreSQL Database max prepared connections |
| | | description: Allows the PostgreSQL to handle XA transactions. |
| | | name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS |
| | | value: '100' |
| | | required: true |
| | | - displayName: Database Volume Capacity |
| | | description: Size of persistent storage for database volume. |
| | | name: DB_VOLUME_CAPACITY |
| | | value: 1Gi |
| | | ## PostgreSQL database parameters END |
| | | - displayName: KIE MBeans |
| | | description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties) |
| | | name: KIE_MBEANS |
| | | value: enabled |
| | | required: false |
| | | - displayName: Drools Server Filter Classes |
| | | description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property) |
| | | name: DROOLS_SERVER_FILTER_CLASSES |
| | | value: 'true' |
| | | required: false |
| | | - displayName: Business Central Custom http Route Hostname |
| | | description: 'Custom hostname for http service route. Leave blank for default hostname, |
| | | e.g.: <application-name>-rhpamcentr-<project>.<default-domain-suffix>' |
| | | name: BUSINESS_CENTRAL_HOSTNAME_HTTP |
| | | value: '' |
| | | required: false |
| | | - displayName: Business Central Custom https Route Hostname |
| | | description: 'Custom hostname for https service route. Leave blank for default |
| | | hostname, e.g.: secure-<application-name>-rhpamcentr-<project>.<default-domain-suffix>' |
| | | name: BUSINESS_CENTRAL_HOSTNAME_HTTPS |
| | | value: '' |
| | | required: false |
| | | - displayName: Execution Server Custom http Route Hostname |
| | | description: 'Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, |
| | | e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>' |
| | | name: EXECUTION_SERVER_HOSTNAME_HTTP |
| | | value: '' |
| | | required: false |
| | | - displayName: Execution Server Custom https Route Hostname |
| | | description: 'Custom hostname for https service route. Leave blank for default |
| | | hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>' |
| | | name: EXECUTION_SERVER_HOSTNAME_HTTPS |
| | | value: '' |
| | | required: false |
| | | - displayName: Use the secure route name to set KIE_SERVER_HOST. |
| | | description: Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value. |
| | | name: EXECUTION_SERVER_USE_SECURE_ROUTE_NAME |
| | | value: 'false' |
| | | required: false |
| | | - displayName: Business Central Server Keystore Secret Name |
| | | description: The name of the secret containing the keystore file |
| | | name: BUSINESS_CENTRAL_HTTPS_SECRET |
| | | example: businesscentral-app-secret |
| | | required: true |
| | | - displayName: Business Central Server Keystore Filename |
| | | description: The name of the keystore file within the secret |
| | | name: BUSINESS_CENTRAL_HTTPS_KEYSTORE |
| | | value: keystore.jks |
| | | required: false |
| | | - displayName: Business Central Server Certificate Name |
| | | description: The name associated with the server certificate |
| | | name: BUSINESS_CENTRAL_HTTPS_NAME |
| | | value: jboss |
| | | required: false |
| | | - displayName: Business Central Server Keystore Password |
| | | description: The password for the keystore and certificate |
| | | name: BUSINESS_CENTRAL_HTTPS_PASSWORD |
| | | value: mykeystorepass |
| | | required: false |
| | | - displayName: KIE Server Keystore Secret Name |
| | | description: The name of the secret containing the keystore file |
| | | name: KIE_SERVER_HTTPS_SECRET |
| | | example: kieserver-app-secret |
| | | required: true |
| | | - displayName: KIE Server Keystore Filename |
| | | description: The name of the keystore file within the secret |
| | | name: KIE_SERVER_HTTPS_KEYSTORE |
| | | value: keystore.jks |
| | | required: false |
| | | - displayName: KIE Server Certificate Name |
| | | description: The name associated with the server certificate |
| | | name: KIE_SERVER_HTTPS_NAME |
| | | value: jboss |
| | | required: false |
| | | - displayName: KIE Server Keystore Password |
| | | description: The password for the keystore and certificate |
| | | name: KIE_SERVER_HTTPS_PASSWORD |
| | | value: mykeystorepass |
| | | required: false |
| | | - displayName: Database Volume Capacity |
| | | description: Size of persistent storage for database volume. |
| | | name: DB_VOLUME_CAPACITY |
| | | value: 1Gi |
| | | required: true |
| | | - displayName: ImageStream Namespace |
| | | description: Namespace in which the ImageStreams for Red Hat Middleware images are |
| | | installed. These ImageStreams are normally installed in the openshift namespace. |
| | | You should only need to modify this if you've installed the ImageStreams in a |
| | | different namespace/project. |
| | | name: IMAGE_STREAM_NAMESPACE |
| | | value: openshift |
| | | required: true |
| | | - displayName: KIE Server ImageStream Name |
| | | description: The name of the image stream to use for KIE Execution Server. Default is "rhpam70-kieserver-openshift". |
| | | name: KIE_SERVER_IMAGE_STREAM_NAME |
| | | value: "rhpam70-kieserver-openshift" |
| | | required: true |
| | | - displayName: ImageStream Tag |
| | | description: A named pointer to an image in an image stream. Default is "1.2". |
| | | name: IMAGE_STREAM_TAG |
| | | value: "1.2" |
| | | required: true |
| | | - displayName: Maven repository URL |
| | | description: Fully qualified URL to a Maven repository or service. |
| | | name: MAVEN_REPO_URL |
| | | example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/ |
| | | required: false |
| | | - displayName: Maven repository username |
| | | description: Username to access the Maven repository, if required. |
| | | name: MAVEN_REPO_USERNAME |
| | | required: false |
| | | - displayName: Maven repository password |
| | | description: Password to access the Maven repository, if required. |
| | | name: MAVEN_REPO_PASSWORD |
| | | required: false |
| | | - displayName: Username for the Maven service hosted by Business Central |
| | | description: Username to access the Maven service hosted by Business Central inside EAP. |
| | | name: BUSINESS_CENTRAL_MAVEN_USERNAME |
| | | required: true |
| | | value: mavenUser |
| | | - displayName: Password for the Maven service hosted by Business Central |
| | | description: Password to access the Maven service hosted by Business Central inside EAP. |
| | | name: BUSINESS_CENTRAL_MAVEN_PASSWORD |
| | | from: "[a-zA-Z]{6}[0-9]{1}!" |
| | | generate: expression |
| | | required: true |
| | | - displayName: Business Central Volume Capacity |
| | | description: Size of the persistent storage for Business Central's runtime data. |
| | | name: BUSINESS_CENTRAL_VOLUME_CAPACITY |
| | | value: 1Gi |
| | | required: true |
| | | - displayName: Business Central Container Memory Limit |
| | | description: Business Central Container memory limit |
| | | name: BUSINESS_CENTRAL_MEMORY_LIMIT |
| | | value: 2Gi |
| | | required: false |
| | | - displayName: Execution Server Container Memory Limit |
| | | description: Execution Server Container memory limit |
| | | name: EXCECUTION_SERVER_MEMORY_LIMIT |
| | | value: 1Gi |
| | | required: false |
| | | - displayName: RH-SSO URL |
| | | description: RH-SSO URL |
| | | name: SSO_URL |
| | | example: https://rh-sso.example.com/auth |
| | | required: false |
| | | - displayName: RH-SSO Realm name |
| | | description: RH-SSO Realm name |
| | | name: SSO_REALM |
| | | required: false |
| | | - displayName: Business Central RH-SSO Client name |
| | | description: Business Central RH-SSO Client name |
| | | name: BUSINESS_CENTRAL_SSO_CLIENT |
| | | required: false |
| | | - displayName: Business Central RH-SSO Client Secret |
| | | description: Business Central RH-SSO Client Secret |
| | | name: BUSINESS_CENTRAL_SSO_SECRET |
| | | example: "252793ed-7118-4ca8-8dab-5622fa97d892" |
| | | required: false |
| | | - displayName: KIE Server RH-SSO Client name |
| | | description: KIE Server RH-SSO Client name |
| | | name: KIE_SERVER_SSO_CLIENT |
| | | required: false |
| | | - displayName: KIE Server RH-SSO Client Secret |
| | | description: KIE Server RH-SSO Client Secret |
| | | name: KIE_SERVER_SSO_SECRET |
| | | example: "252793ed-7118-4ca8-8dab-5622fa97d892" |
| | | required: false |
| | | - displayName: RH-SSO Realm Admin Username |
| | | description: RH-SSO Realm Admin Username used to create the Client if it doesn't exist |
| | | name: SSO_USERNAME |
| | | required: false |
| | | - displayName: RH-SSO Realm Admin Password |
| | | description: RH-SSO Realm Admin Password used to create the Client |
| | | name: SSO_PASSWORD |
| | | required: false |
| | | - displayName: RH-SSO Disable SSL Certificate Validation |
| | | description: RH-SSO Disable SSL Certificate Validation |
| | | name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION |
| | | value: "false" |
| | | required: false |
| | | - displayName: LDAP Endpoint |
| | | description: LDAP Endpoint to connect for authentication |
| | | name: AUTH_LDAP_URL |
| | | example: "ldap://myldap.example.com" |
| | | required: false |
| | | - displayName: LDAP Bind DN |
| | | description: Bind DN used for authentication |
| | | name: AUTH_LDAP_BIND_DN |
| | | example: "uid=admin,ou=users,ou=exmample,ou=com" |
| | | required: false |
| | | - displayName: LDAP Bind Credentials |
| | | description: LDAP Credentials used for authentication |
| | | name: AUTH_LDAP_BIND_CREDENTIAL |
| | | example: "Password" |
| | | required: false |
| | | - displayName: LDAP JAAS Security Domain |
| | | description: The JMX ObjectName of the JaasSecurityDomain used to decrypt the password. |
| | | name: AUTH_LDAP_JAAS_SECURITY_DOMAIN |
| | | required: false |
| | | - displayName: LDAP Base DN |
| | | description: LDAP Base DN of the top-level context to begin the user search. |
| | | name: AUTH_LDAP_BASE_CTX_DN |
| | | example: "ou=users,ou=example,ou=com" |
| | | required: false |
| | | - displayName: LDAP Base Search filter |
| | | description: LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}). |
| | | name: AUTH_LDAP_BASE_FILTER |
| | | example: "(uid={0})" |
| | | required: false |
| | | - displayName: LDAP Search scope |
| | | description: The search scope to use. |
| | | name: AUTH_LDAP_SEARCH_SCOPE |
| | | example: "SUBTREE_SCOPE" |
| | | required: false |
| | | - displayName: LDAP Search time limit |
| | | description: The timeout in milliseconds for user or role searches. |
| | | name: AUTH_LDAP_SEARCH_TIME_LIMIT |
| | | example: "10000" |
| | | required: false |
| | | - displayName: LDAP DN attribute |
| | | description: The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used. |
| | | name: AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE |
| | | example: "distinguishedName" |
| | | required: false |
| | | - displayName: LDAP Parse username |
| | | description: A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString. |
| | | name: AUTH_LDAP_PARSE_USERNAME |
| | | example: "true" |
| | | required: false |
| | | - displayName: LDAP Username begin string |
| | | description: Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true. |
| | | name: AUTH_LDAP_USERNAME_BEGIN_STRING |
| | | required: false |
| | | - displayName: LDAP Username end string |
| | | description: Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true. |
| | | name: AUTH_LDAP_USERNAME_END_STRING |
| | | required: false |
| | | - displayName: LDAP Role attributeID |
| | | description: Name of the attribute containing the user roles. |
| | | name: AUTH_LDAP_ROLE_ATTRIBUTE_ID |
| | | example: memberOf |
| | | required: false |
| | | - displayName: LDAP Roles Search DN |
| | | description: The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is. |
| | | name: AUTH_LDAP_ROLES_CTX_DN |
| | | example: "ou=groups,ou=example,ou=com" |
| | | required: false |
| | | - displayName: LDAP Role search filter |
| | | description: A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}). |
| | | name: AUTH_LDAP_ROLE_FILTER |
| | | example: "(memberOf={1})" |
| | | required: false |
| | | - displayName: LDAP Role recursion |
| | | description: The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0. |
| | | name: AUTH_LDAP_ROLE_RECURSION |
| | | example: "1" |
| | | required: false |
| | | - displayName: LDAP Default role |
| | | description: A role included for all authenticated users |
| | | name: AUTH_LDAP_DEFAULT_ROLE |
| | | example: "guest" |
| | | required: false |
| | | - displayName: LDAP Role name attribute ID |
| | | description: Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute. |
| | | name: AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID |
| | | example: "name" |
| | | required: false |
| | | - displayName: LDAP Role DN contains roleNameAttributeID |
| | | description: A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries. |
| | | name: AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN |
| | | example: "false" |
| | | required: false |
| | | - displayName: LDAP Role Attribute ID is DN |
| | | description: Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true. |
| | | name: AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN |
| | | example: "false" |
| | | required: false |
| | | - displayName: LDAP Referral user attribute ID |
| | | description: If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree. |
| | | name: AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK |
| | | required: false |
| | | objects: |
| | | - kind: ServiceAccount |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-kieserver" |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | - kind: RoleBinding |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-kieserver-view" |
| | | subjects: |
| | | - kind: ServiceAccount |
| | | name: "${APPLICATION_NAME}-kieserver" |
| | | roleRef: |
| | | name: view |
| | | - kind: Service |
| | | apiVersion: v1 |
| | | spec: |
| | | ports: |
| | | - name: http |
| | | port: 8080 |
| | | targetPort: 8080 |
| | | - name: https |
| | | port: 8443 |
| | | targetPort: 8443 |
| | | - name: git-ssh |
| | | port: 8001 |
| | | targetPort: 8001 |
| | | selector: |
| | | deploymentConfig: "${APPLICATION_NAME}-rhpamcentr" |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-rhpamcentr" |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-rhpamcentr" |
| | | annotations: |
| | | description: All the Business Central web server's ports. |
| | | - kind: Service |
| | | apiVersion: v1 |
| | | spec: |
| | | ports: |
| | | - name: http |
| | | port: 8080 |
| | | targetPort: 8080 |
| | | - name: https |
| | | port: 8443 |
| | | targetPort: 8443 |
| | | selector: |
| | | deploymentConfig: "${APPLICATION_NAME}-kieserver" |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-kieserver" |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-kieserver" |
| | | annotations: |
| | | description: All the KIE server web server's ports. |
| | | - apiVersion: v1 |
| | | kind: Service |
| | | metadata: |
| | | annotations: |
| | | description: The database server's port. |
| | | labels: |
| | | application: ${APPLICATION_NAME} |
| | | service: "${APPLICATION_NAME}-postgresql" |
| | | name: ${APPLICATION_NAME}-postgresql |
| | | spec: |
| | | ports: |
| | | - port: 5432 |
| | | targetPort: 5432 |
| | | selector: |
| | | deploymentConfig: ${APPLICATION_NAME}-postgresql |
| | | - kind: Route |
| | | apiVersion: v1 |
| | | id: "${APPLICATION_NAME}-rhpamcentr-http" |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-rhpamcentr" |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-rhpamcentr" |
| | | annotations: |
| | | description: Route for Business Central's http service. |
| | | haproxy.router.openshift.io/timeout: 60s |
| | | spec: |
| | | host: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}" |
| | | to: |
| | | name: "${APPLICATION_NAME}-rhpamcentr" |
| | | port: |
| | | targetPort: http |
| | | - kind: Route |
| | | apiVersion: v1 |
| | | id: "${APPLICATION_NAME}-rhpamcentr-https" |
| | | metadata: |
| | | name: secure-${APPLICATION_NAME}-rhpamcentr |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-rhpamcentr" |
| | | annotations: |
| | | description: Route for Business Central's https service. |
| | | haproxy.router.openshift.io/timeout: 60s |
| | | spec: |
| | | host: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}" |
| | | to: |
| | | name: ${APPLICATION_NAME}-rhpamcentr |
| | | port: |
| | | targetPort: https |
| | | tls: |
| | | termination: passthrough |
| | | - kind: Route |
| | | apiVersion: v1 |
| | | id: "${APPLICATION_NAME}-kieserver-http" |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-kieserver" |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-kieserver" |
| | | annotations: |
| | | description: Route for KIE server's http service. |
| | | spec: |
| | | host: "${EXECUTION_SERVER_HOSTNAME_HTTP}" |
| | | to: |
| | | name: "${APPLICATION_NAME}-kieserver" |
| | | port: |
| | | targetPort: http |
| | | - kind: Route |
| | | apiVersion: v1 |
| | | id: "${APPLICATION_NAME}-kieserver-https" |
| | | metadata: |
| | | name: secure-${APPLICATION_NAME}-kieserver |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-kieserver" |
| | | annotations: |
| | | description: Route for KIE server's https service. |
| | | spec: |
| | | host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}" |
| | | to: |
| | | name: ${APPLICATION_NAME}-kieserver |
| | | port: |
| | | targetPort: https |
| | | tls: |
| | | termination: passthrough |
| | | - kind: DeploymentConfig |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-rhpamcentr" |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-rhpamcentr" |
| | | spec: |
| | | strategy: |
| | | type: Recreate |
| | | triggers: |
| | | - type: ImageChange |
| | | imageChangeParams: |
| | | automatic: true |
| | | containerNames: |
| | | - "${APPLICATION_NAME}-rhpamcentr" |
| | | from: |
| | | kind: ImageStreamTag |
| | | namespace: "${IMAGE_STREAM_NAMESPACE}" |
| | | name: "rhpam70-businesscentral-openshift:${IMAGE_STREAM_TAG}" |
| | | - type: ConfigChange |
| | | replicas: 1 |
| | | selector: |
| | | deploymentConfig: "${APPLICATION_NAME}-rhpamcentr" |
| | | template: |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-rhpamcentr" |
| | | labels: |
| | | deploymentConfig: "${APPLICATION_NAME}-rhpamcentr" |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-rhpamcentr" |
| | | spec: |
| | | terminationGracePeriodSeconds: 60 |
| | | containers: |
| | | - name: "${APPLICATION_NAME}-rhpamcentr" |
| | | image: rhpam70-businesscentral-openshift |
| | | imagePullPolicy: Always |
| | | resources: |
| | | limits: |
| | | memory: "${BUSINESS_CENTRAL_MEMORY_LIMIT}" |
| | | volumeMounts: |
| | | - name: businesscentral-keystore-volume |
| | | mountPath: "/etc/businesscentral-secret-volume" |
| | | readOnly: true |
| | | - name: "${APPLICATION_NAME}-rhpamcentr-pvol" |
| | | mountPath: "/opt/eap/standalone/data/bpmsuite" |
| | | livenessProbe: |
| | | exec: |
| | | command: |
| | | - "/bin/bash" |
| | | - "-c" |
| | | - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp" |
| | | initialDelaySeconds: 180 |
| | | timeoutSeconds: 2 |
| | | periodSeconds: 15 |
| | | readinessProbe: |
| | | exec: |
| | | command: |
| | | - "/bin/bash" |
| | | - "-c" |
| | | - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp" |
| | | initialDelaySeconds: 60 |
| | | timeoutSeconds: 2 |
| | | periodSeconds: 30 |
| | | failureThreshold: 6 |
| | | ports: |
| | | - name: jolokia |
| | | containerPort: 8778 |
| | | protocol: TCP |
| | | - name: http |
| | | containerPort: 8080 |
| | | protocol: TCP |
| | | - name: https |
| | | containerPort: 8443 |
| | | protocol: TCP |
| | | - name: git-ssh |
| | | containerPort: 8001 |
| | | protocol: TCP |
| | | env: |
| | | - name: KIE_ADMIN_USER |
| | | value: "${KIE_ADMIN_USER}" |
| | | - name: KIE_ADMIN_PWD |
| | | value: "${KIE_ADMIN_PWD}" |
| | | - name: KIE_MBEANS |
| | | value: "${KIE_MBEANS}" |
| | | - name: KIE_SERVER_CONTROLLER_USER |
| | | value: "${KIE_SERVER_CONTROLLER_USER}" |
| | | - name: KIE_SERVER_CONTROLLER_PWD |
| | | value: "${KIE_SERVER_CONTROLLER_PWD}" |
| | | - name: KIE_SERVER_USER |
| | | value: "${KIE_SERVER_USER}" |
| | | - name: KIE_SERVER_PWD |
| | | value: "${KIE_SERVER_PWD}" |
| | | - name: MAVEN_REPO_URL |
| | | value: "${MAVEN_REPO_URL}" |
| | | - name: MAVEN_REPO_USERNAME |
| | | value: "${MAVEN_REPO_USERNAME}" |
| | | - name: MAVEN_REPO_PASSWORD |
| | | value: "${MAVEN_REPO_PASSWORD}" |
| | | - name: KIE_MAVEN_USER |
| | | value: "${BUSINESS_CENTRAL_MAVEN_USERNAME}" |
| | | - name: KIE_MAVEN_PWD |
| | | value: "${BUSINESS_CENTRAL_MAVEN_PASSWORD}" |
| | | - name: HTTPS_KEYSTORE_DIR |
| | | value: "/etc/businesscentral-secret-volume" |
| | | - name: HTTPS_KEYSTORE |
| | | value: "${BUSINESS_CENTRAL_HTTPS_KEYSTORE}" |
| | | - name: HTTPS_NAME |
| | | value: "${BUSINESS_CENTRAL_HTTPS_NAME}" |
| | | - name: HTTPS_PASSWORD |
| | | value: "${BUSINESS_CENTRAL_HTTPS_PASSWORD}" |
| | | - name: PROBE_IMPL |
| | | value: probe.eap.jolokia.EapProbe |
| | | - name: PROBE_DISABLE_BOOT_ERRORS_CHECK |
| | | value: 'true' |
| | | - name: SSO_URL |
| | | value: "${SSO_URL}" |
| | | - name: SSO_OPENIDCONNECT_DEPLOYMENTS |
| | | value: "ROOT.war" |
| | | - name: SSO_REALM |
| | | value: "${SSO_REALM}" |
| | | - name: SSO_SECRET |
| | | value: "${BUSINESS_CENTRAL_SSO_SECRET}" |
| | | - name: SSO_CLIENT |
| | | value: "${BUSINESS_CENTRAL_SSO_CLIENT}" |
| | | - name: SSO_USERNAME |
| | | value: "${SSO_USERNAME}" |
| | | - name: SSO_PASSWORD |
| | | value: "${SSO_PASSWORD}" |
| | | - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION |
| | | value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" |
| | | - name: HOSTNAME_HTTP |
| | | value: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}" |
| | | - name: HOSTNAME_HTTPS |
| | | value: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}" |
| | | - name: AUTH_LDAP_URL |
| | | value: "${AUTH_LDAP_URL}" |
| | | - name: AUTH_LDAP_BIND_DN |
| | | value: "${AUTH_LDAP_BIND_DN}" |
| | | - name: AUTH_LDAP_BIND_CREDENTIAL |
| | | value: "${AUTH_LDAP_BIND_CREDENTIAL}" |
| | | - name: AUTH_LDAP_JAAS_SECURITY_DOMAIN |
| | | value: "${AUTH_LDAP_JAAS_SECURITY_DOMAIN}" |
| | | - name: AUTH_LDAP_BASE_CTX_DN |
| | | value: "${AUTH_LDAP_BASE_CTX_DN}" |
| | | - name: AUTH_LDAP_BASE_FILTER |
| | | value: "${AUTH_LDAP_BASE_FILTER}" |
| | | - name: AUTH_LDAP_SEARCH_SCOPE |
| | | value: "${AUTH_LDAP_SEARCH_SCOPE}" |
| | | - name: AUTH_LDAP_SEARCH_TIME_LIMIT |
| | | value: "${AUTH_LDAP_SEARCH_TIME_LIMIT}" |
| | | - name: AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE |
| | | value: "${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}" |
| | | - name: AUTH_LDAP_PARSE_USERNAME |
| | | value: "${AUTH_LDAP_PARSE_USERNAME}" |
| | | - name: AUTH_LDAP_USERNAME_BEGIN_STRING |
| | | value: "${AUTH_LDAP_USERNAME_BEGIN_STRING}" |
| | | - name: AUTH_LDAP_USERNAME_END_STRING |
| | | value: "${AUTH_LDAP_USERNAME_END_STRING}" |
| | | - name: AUTH_LDAP_ROLE_ATTRIBUTE_ID |
| | | value: "${AUTH_LDAP_ROLE_ATTRIBUTE_ID}" |
| | | - name: AUTH_LDAP_ROLES_CTX_DN |
| | | value: "${AUTH_LDAP_ROLES_CTX_DN}" |
| | | - name: AUTH_LDAP_ROLE_FILTER |
| | | value: "${AUTH_LDAP_ROLE_FILTER}" |
| | | - name: AUTH_LDAP_ROLE_RECURSION |
| | | value: "${AUTH_LDAP_ROLE_RECURSION}" |
| | | - name: AUTH_LDAP_DEFAULT_ROLE |
| | | value: "${AUTH_LDAP_DEFAULT_ROLE}" |
| | | - name: AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID |
| | | value: "${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}" |
| | | - name: AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN |
| | | value: "${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}" |
| | | - name: AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN |
| | | value: "${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}" |
| | | - name: AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK |
| | | value: "${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}" |
| | | volumes: |
| | | - name: businesscentral-keystore-volume |
| | | secret: |
| | | secretName: "${BUSINESS_CENTRAL_HTTPS_SECRET}" |
| | | - name: "${APPLICATION_NAME}-rhpamcentr-pvol" |
| | | persistentVolumeClaim: |
| | | claimName: "${APPLICATION_NAME}-rhpamcentr-claim" |
| | | - kind: DeploymentConfig |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-kieserver" |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-kieserver" |
| | | spec: |
| | | strategy: |
| | | type: Recreate |
| | | triggers: |
| | | - type: ImageChange |
| | | imageChangeParams: |
| | | automatic: true |
| | | containerNames: |
| | | - "${APPLICATION_NAME}-kieserver" |
| | | from: |
| | | kind: ImageStreamTag |
| | | namespace: "${IMAGE_STREAM_NAMESPACE}" |
| | | name: "${KIE_SERVER_IMAGE_STREAM_NAME}:${IMAGE_STREAM_TAG}" |
| | | - type: ConfigChange |
| | | replicas: 1 |
| | | selector: |
| | | deploymentConfig: "${APPLICATION_NAME}-kieserver" |
| | | template: |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-kieserver" |
| | | labels: |
| | | deploymentConfig: "${APPLICATION_NAME}-kieserver" |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-kieserver" |
| | | spec: |
| | | serviceAccountName: "${APPLICATION_NAME}-kieserver" |
| | | terminationGracePeriodSeconds: 60 |
| | | containers: |
| | | - name: "${APPLICATION_NAME}-kieserver" |
| | | image: "${KIE_SERVER_IMAGE_STREAM_NAME}" |
| | | imagePullPolicy: Always |
| | | resources: |
| | | limits: |
| | | memory: "${EXCECUTION_SERVER_MEMORY_LIMIT}" |
| | | volumeMounts: |
| | | - name: kieserver-keystore-volume |
| | | mountPath: "/etc/kieserver-secret-volume" |
| | | readOnly: true |
| | | livenessProbe: |
| | | exec: |
| | | command: |
| | | - "/bin/bash" |
| | | - "-c" |
| | | - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/healthcheck" |
| | | initialDelaySeconds: 180 |
| | | timeoutSeconds: 2 |
| | | periodSeconds: 15 |
| | | failureThreshold: 3 |
| | | readinessProbe: |
| | | exec: |
| | | command: |
| | | - "/bin/bash" |
| | | - "-c" |
| | | - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck" |
| | | initialDelaySeconds: 60 |
| | | timeoutSeconds: 2 |
| | | periodSeconds: 30 |
| | | failureThreshold: 6 |
| | | ports: |
| | | - name: jolokia |
| | | containerPort: 8778 |
| | | protocol: TCP |
| | | - name: http |
| | | containerPort: 8080 |
| | | protocol: TCP |
| | | - name: https |
| | | containerPort: 8443 |
| | | protocol: TCP |
| | | env: |
| | | - name: DATASOURCES |
| | | value: "RHPAM" |
| | | - name: RHPAM_DATABASE |
| | | value: "rhpam7" |
| | | - name: RHPAM_JNDI |
| | | value: "${KIE_SERVER_PERSISTENCE_DS}" |
| | | - name: RHPAM_JTA |
| | | value: "true" |
| | | ## PostgreSQL driver settings BEGIN |
| | | - name: RHPAM_DATABASE |
| | | value: "${KIE_SERVER_POSTGRESQL_DB}" |
| | | - name: RHPAM_DRIVER |
| | | value: "postgresql" |
| | | - name: RHPAM_USERNAME |
| | | value: "${KIE_SERVER_POSTGRESQL_USER}" |
| | | - name: RHPAM_PASSWORD |
| | | value: "${KIE_SERVER_POSTGRESQL_PWD}" |
| | | - name: RHPAM_SERVICE_HOST |
| | | value: "${APPLICATION_NAME}-postgresql" |
| | | - name: RHPAM_SERVICE_PORT |
| | | value: "5432" |
| | | - name: TIMER_SERVICE_DATA_STORE |
| | | value: "${APPLICATION_NAME}-postgresql" |
| | | - name: KIE_SERVER_PERSISTENCE_DIALECT |
| | | value: "org.hibernate.dialect.PostgreSQLDialect" |
| | | ## PostgreSQL driver settings END |
| | | - name: DROOLS_SERVER_FILTER_CLASSES |
| | | value: "${DROOLS_SERVER_FILTER_CLASSES}" |
| | | - name: KIE_ADMIN_USER |
| | | value: "${KIE_ADMIN_USER}" |
| | | - name: KIE_ADMIN_PWD |
| | | value: "${KIE_ADMIN_PWD}" |
| | | - name: KIE_MBEANS |
| | | value: "${KIE_MBEANS}" |
| | | - name: KIE_SERVER_BYPASS_AUTH_USER |
| | | value: "${KIE_SERVER_BYPASS_AUTH_USER}" |
| | | - name: KIE_SERVER_CONTROLLER_USER |
| | | value: "${KIE_SERVER_CONTROLLER_USER}" |
| | | - name: KIE_SERVER_CONTROLLER_PWD |
| | | value: "${KIE_SERVER_CONTROLLER_PWD}" |
| | | - name: KIE_SERVER_CONTROLLER_SERVICE |
| | | value: "${APPLICATION_NAME}-rhpamcentr" |
| | | - name: KIE_SERVER_CONTROLLER_PROTOCOL |
| | | value: "ws" |
| | | - name: KIE_SERVER_ID |
| | | value: "${KIE_SERVER_ID}" |
| | | - name: KIE_SERVER_HOST |
| | | value: "${EXECUTION_SERVER_HOSTNAME_HTTP}" |
| | | - name: EXECUTION_SERVER_ROUTE_NAME |
| | | value: "${APPLICATION_NAME}-kieserver" |
| | | - name: EXECUTION_SERVER_USE_SECURE_ROUTE_NAME |
| | | value: "${EXECUTION_SERVER_USE_SECURE_ROUTE_NAME}" |
| | | - name: KIE_SERVER_PERSISTENCE_DS |
| | | value: "${KIE_SERVER_PERSISTENCE_DS}" |
| | | - name: KIE_SERVER_USER |
| | | value: "${KIE_SERVER_USER}" |
| | | - name: KIE_SERVER_PWD |
| | | value: "${KIE_SERVER_PWD}" |
| | | - name: MAVEN_REPOS |
| | | value: "RHPAMCENTR,EXTERNAL" |
| | | - name: RHPAMCENTR_MAVEN_REPO_SERVICE |
| | | value: "${APPLICATION_NAME}-rhpamcentr" |
| | | - name: RHPAMCENTR_MAVEN_REPO_PATH |
| | | value: "/maven2/" |
| | | - name: RHPAMCENTR_MAVEN_REPO_USERNAME |
| | | value: "${BUSINESS_CENTRAL_MAVEN_USERNAME}" |
| | | - name: RHPAMCENTR_MAVEN_REPO_PASSWORD |
| | | value: "${BUSINESS_CENTRAL_MAVEN_PASSWORD}" |
| | | - name: EXTERNAL_MAVEN_REPO_URL |
| | | value: "${MAVEN_REPO_URL}" |
| | | - name: EXTERNAL_MAVEN_REPO_USERNAME |
| | | value: "${MAVEN_REPO_USERNAME}" |
| | | - name: EXTERNAL_MAVEN_REPO_PASSWORD |
| | | value: "${MAVEN_REPO_PASSWORD}" |
| | | - name: HTTPS_KEYSTORE_DIR |
| | | value: "/etc/kieserver-secret-volume" |
| | | - name: HTTPS_KEYSTORE |
| | | value: "${KIE_SERVER_HTTPS_KEYSTORE}" |
| | | - name: HTTPS_NAME |
| | | value: "${KIE_SERVER_HTTPS_NAME}" |
| | | - name: HTTPS_PASSWORD |
| | | value: "${KIE_SERVER_HTTPS_PASSWORD}" |
| | | - name: SSO_URL |
| | | value: "${SSO_URL}" |
| | | - name: SSO_OPENIDCONNECT_DEPLOYMENTS |
| | | value: "ROOT.war" |
| | | - name: SSO_REALM |
| | | value: "${SSO_REALM}" |
| | | - name: SSO_SECRET |
| | | value: "${KIE_SERVER_SSO_SECRET}" |
| | | - name: SSO_CLIENT |
| | | value: "${KIE_SERVER_SSO_CLIENT}" |
| | | - name: SSO_USERNAME |
| | | value: "${SSO_USERNAME}" |
| | | - name: SSO_PASSWORD |
| | | value: "${SSO_PASSWORD}" |
| | | - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION |
| | | value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" |
| | | - name: HOSTNAME_HTTP |
| | | value: "${EXECUTION_SERVER_HOSTNAME_HTTP}" |
| | | - name: HOSTNAME_HTTPS |
| | | value: "${EXECUTION_SERVER_HOSTNAME_HTTPS}" |
| | | - name: AUTH_LDAP_URL |
| | | value: "${AUTH_LDAP_URL}" |
| | | - name: AUTH_LDAP_BIND_DN |
| | | value: "${AUTH_LDAP_BIND_DN}" |
| | | - name: AUTH_LDAP_BIND_CREDENTIAL |
| | | value: "${AUTH_LDAP_BIND_CREDENTIAL}" |
| | | - name: AUTH_LDAP_JAAS_SECURITY_DOMAIN |
| | | value: "${AUTH_LDAP_JAAS_SECURITY_DOMAIN}" |
| | | - name: AUTH_LDAP_BASE_CTX_DN |
| | | value: "${AUTH_LDAP_BASE_CTX_DN}" |
| | | - name: AUTH_LDAP_BASE_FILTER |
| | | value: "${AUTH_LDAP_BASE_FILTER}" |
| | | - name: AUTH_LDAP_SEARCH_SCOPE |
| | | value: "${AUTH_LDAP_SEARCH_SCOPE}" |
| | | - name: AUTH_LDAP_SEARCH_TIME_LIMIT |
| | | value: "${AUTH_LDAP_SEARCH_TIME_LIMIT}" |
| | | - name: AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE |
| | | value: "${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}" |
| | | - name: AUTH_LDAP_PARSE_USERNAME |
| | | value: "${AUTH_LDAP_PARSE_USERNAME}" |
| | | - name: AUTH_LDAP_USERNAME_BEGIN_STRING |
| | | value: "${AUTH_LDAP_USERNAME_BEGIN_STRING}" |
| | | - name: AUTH_LDAP_USERNAME_END_STRING |
| | | value: "${AUTH_LDAP_USERNAME_END_STRING}" |
| | | - name: AUTH_LDAP_ROLE_ATTRIBUTE_ID |
| | | value: "${AUTH_LDAP_ROLE_ATTRIBUTE_ID}" |
| | | - name: AUTH_LDAP_ROLES_CTX_DN |
| | | value: "${AUTH_LDAP_ROLES_CTX_DN}" |
| | | - name: AUTH_LDAP_ROLE_FILTER |
| | | value: "${AUTH_LDAP_ROLE_FILTER}" |
| | | - name: AUTH_LDAP_ROLE_RECURSION |
| | | value: "${AUTH_LDAP_ROLE_RECURSION}" |
| | | - name: AUTH_LDAP_DEFAULT_ROLE |
| | | value: "${AUTH_LDAP_DEFAULT_ROLE}" |
| | | - name: AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID |
| | | value: "${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}" |
| | | - name: AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN |
| | | value: "${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}" |
| | | - name: AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN |
| | | value: "${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}" |
| | | - name: AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK |
| | | value: "${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}" |
| | | volumes: |
| | | - name: kieserver-keystore-volume |
| | | secret: |
| | | secretName: "${KIE_SERVER_HTTPS_SECRET}" |
| | | ## PostgreSQL deployment config BEGIN |
| | | - kind: DeploymentConfig |
| | | apiVersion: v1 |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-postgresql" |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-postgresql" |
| | | spec: |
| | | strategy: |
| | | type: Recreate |
| | | triggers: |
| | | - type: ImageChange |
| | | imageChangeParams: |
| | | automatic: true |
| | | containerNames: |
| | | - "${APPLICATION_NAME}-postgresql" |
| | | from: |
| | | kind: ImageStreamTag |
| | | namespace: "${IMAGE_STREAM_NAMESPACE}" |
| | | name: "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" |
| | | - type: ConfigChange |
| | | replicas: 1 |
| | | selector: |
| | | deploymentConfig: "${APPLICATION_NAME}-postgresql" |
| | | template: |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-postgresql" |
| | | labels: |
| | | deploymentConfig: "${APPLICATION_NAME}-postgresql" |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-postgresql" |
| | | spec: |
| | | terminationGracePeriodSeconds: 60 |
| | | containers: |
| | | - name: "${APPLICATION_NAME}-postgresql" |
| | | image: postgresql |
| | | imagePullPolicy: Always |
| | | livenessProbe: |
| | | exec: |
| | | command: |
| | | - "/usr/libexec/check-container" |
| | | - "--live" |
| | | initialDelaySeconds: 120 |
| | | timeoutSeconds: 10 |
| | | readinessProbe: |
| | | exec: |
| | | command: |
| | | - "/usr/libexec/check-container" |
| | | initialDelaySeconds: 5 |
| | | timeoutSeconds: 1 |
| | | ports: |
| | | - containerPort: 5432 |
| | | protocol: TCP |
| | | volumeMounts: |
| | | - mountPath: "/var/lib/pgsql/data" |
| | | name: "${APPLICATION_NAME}-postgresql-pvol" |
| | | env: |
| | | - name: POSTGRESQL_USER |
| | | value: "${KIE_SERVER_POSTGRESQL_USER}" |
| | | - name: POSTGRESQL_PASSWORD |
| | | value: "${KIE_SERVER_POSTGRESQL_PWD}" |
| | | - name: POSTGRESQL_DATABASE |
| | | value: "${KIE_SERVER_POSTGRESQL_DB}" |
| | | - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS |
| | | value: "${POSTGRESQL_MAX_PREPARED_TRANSACTIONS}" |
| | | volumes: |
| | | - name: "${APPLICATION_NAME}-postgresql-pvol" |
| | | persistentVolumeClaim: |
| | | claimName: "${APPLICATION_NAME}-postgresql-claim" |
| | | ## PostgreSQL deployment config END |
| | | - apiVersion: v1 |
| | | kind: PersistentVolumeClaim |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-rhpamcentr-claim" |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-rhpamcentr" |
| | | spec: |
| | | accessModes: |
| | | - ReadWriteOnce |
| | | resources: |
| | | requests: |
| | | storage: "${BUSINESS_CENTRAL_VOLUME_CAPACITY}" |
| | | ## PostgreSQL persistent volume claim BEGIN |
| | | - apiVersion: v1 |
| | | kind: PersistentVolumeClaim |
| | | metadata: |
| | | name: "${APPLICATION_NAME}-postgresql-claim" |
| | | labels: |
| | | application: "${APPLICATION_NAME}" |
| | | service: "${APPLICATION_NAME}-postgresql" |
| | | spec: |
| | | accessModes: |
| | | - ReadWriteOnce |
| | | resources: |
| | | requests: |
| | | storage: "${DB_VOLUME_CAPACITY}" |
| | | ## PostgreSQL persistent volume claim END |