-
Notifications
You must be signed in to change notification settings - Fork 45
/
rhdm714-trial-ephemeral.yaml
790 lines (788 loc) · 35.6 KB
/
rhdm714-trial-ephemeral.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
kind: Template
apiVersion: v1
metadata:
annotations:
iconClass: icon-jboss
tags: rhdm,decision,jboss,trial
version: "7.14"
openshift.io/display-name: Red Hat Process Automation Manager 7.14 ephemeral trial environment for decision
openshift.io/provider-display-name: Red Hat, Inc.
description: Application template for an ephemeral authoring and testing environment for decision, for Red Hat Process Automation Manager 7.14 - Deprecated
template.openshift.io/long-description: This template defines resources needed for an ephemeral authoring and testing environment for Red Hat Process Automation Manager 7.14, including application deployment configuration, secure and insecure http communication. Template for Red Hat OpenShift Container Platform version 3.11. Deprecated since Red Hat Decision Manager version 7.5; consider using the Red Hat Business Automation Operator.
template.openshift.io/documentation-url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.14/html/deploying_a_red_hat_process_automation_manager_7.14_authoring_environment_on_red_hat_openshift_container_platform/
template.openshift.io/support-url: https://access.redhat.com
template.openshift.io/bindable: "false"
name: rhdm714-trial-ephemeral
labels:
template: rhdm714-trial-ephemeral
rhdm: "7.14"
message: |-
A new Decision Process Automation trial environment for decision has been created.
The user name/password for accessing the Decision Central and KIE Server interfaces is
User name: ${KIE_ADMIN_USER}
Password: ${DEFAULT_PASSWORD}
Please remember that this is an ephemeral environment and any work will be LOST with a simple pod restart.
parameters:
- displayName: Application Name
description: The name for the application.
name: APPLICATION_NAME
value: myapp
required: true
- displayName: Default Password
description: Default password used for multiple components for user convenience in this trial environment.
name: DEFAULT_PASSWORD
value: RedHat
required: true
- displayName: KIE Admin User
description: KIE administrator user name.
name: KIE_ADMIN_USER
value: adminUser
required: false
- displayName: KIE Server Bypass Auth User
description: Allows the KIE Server to bypass the authenticated user for task-related operations, for example, queries. (Sets the org.kie.server.bypass.auth.user system property)
name: KIE_SERVER_BYPASS_AUTH_USER
value: 'false'
required: false
- displayName: KIE Server Mode
description: "The KIE Server mode. Valid values are 'DEVELOPMENT' or 'PRODUCTION'. In production mode, you can not deploy SNAPSHOT versions of artifacts on the KIE Server and can not change the version of an artifact in an existing container. (Sets the org.kie.server.mode system property)."
name: KIE_SERVER_MODE
value: "DEVELOPMENT"
required: false
- displayName: KIE MBeans
description: KIE Server mbeans enabled/disabled. (Sets the kie.mbeans and kie.scanner.mbeans system properties)
name: KIE_MBEANS
value: enabled
required: false
- displayName: Drools Server Filter Classes
description: KIE Server class filtering. (Sets the org.drools.server.filter.classes system property)
name: DROOLS_SERVER_FILTER_CLASSES
value: 'true'
required: false
- displayName: KIE Server with Decision only capabilities
description: 'KIE Server capabilities filtering to disable everything that it is not related to decisions (i.e jBPM and case management)'
name: KIE_SERVER_DECISIONS_ONLY
value: 'true'
required: false
- displayName: Prometheus Server Extension Disabled
description: If set to false, the prometheus server extension will be enabled. (Sets the org.kie.prometheus.server.ext.disabled system property)
name: PROMETHEUS_SERVER_EXT_DISABLED
example: 'false'
required: false
- displayName: KIE Server Custom http Route Hostname
description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: insecure-<application-name>-kieserver-<project>.<default-domain-suffix>'
name: KIE_SERVER_HOSTNAME_HTTP
value: ''
required: false
- displayName: KIE Server Access-Control-Allow-Origin response header
description: Sets the Access-Control-Allow-Origin response header value in the KIE Server (useful for CORS support).
name: KIE_SERVER_ACCESS_CONTROL_ALLOW_ORIGIN
value: "*"
required: false
- displayName: KIE Server Access-Control-Allow-Methods response header
description: Sets the Access-Control-Allow-Methods response header value in the KIE Server (useful for CORS support).
name: KIE_SERVER_ACCESS_CONTROL_ALLOW_METHODS
value: "GET, POST, OPTIONS, PUT"
required: false
- displayName: KIE Server Access-Control-Allow-Headers response header
description: Sets the Access-Control-Allow-Headers response header value in the KIE Server (useful for CORS support).
name: KIE_SERVER_ACCESS_CONTROL_ALLOW_HEADERS
value: "Accept, Authorization, Content-Type, X-Requested-With"
required: false
- displayName: KIE Server Access-Control-Allow-Credentials response header
description: Sets the Access-Control-Allow-Credentials response header value in the KIE Server (useful for CORS support).
name: KIE_SERVER_ACCESS_CONTROL_ALLOW_CREDENTIALS
value: "true"
required: false
- displayName: KIE Server Access-Control-Max-Age response header
description: Sets the Access-Control-Max-Age response header value in the KIE Server (useful for CORS support).
name: KIE_SERVER_ACCESS_CONTROL_MAX_AGE
value: "1"
required: false
- displayName: Decision Central Custom http Route Hostname
description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: insecure-<application-name>-rhdmcentr-<project>.<default-domain-suffix>'
name: DECISION_CENTRAL_HOSTNAME_HTTP
value: ''
required: false
## OpenShift Enhancement BEGIN
- displayName: Enable KIE Server global discovery
description: "If set to true, turns on KIE Server global discovery feature (Sets the org.kie.server.controller.openshift.global.discovery.enabled system property)"
name: KIE_SERVER_CONTROLLER_OPENSHIFT_GLOBAL_DISCOVERY_ENABLED
value: "false"
required: false
- displayName: Prefer KIE Server OpenShift Service
description: If OpenShift integration of Business Central is turned on, setting this parameter to true enables connection to KIE Server via an OpenShift internal Service endpoint. (Sets the org.kie.server.controller.openshift.prefer.kieserver.service system property)
name: KIE_SERVER_CONTROLLER_OPENSHIFT_PREFER_KIESERVER_SERVICE
value: "true"
required: false
- displayName: KIE ServerTemplate Cache TTL
description: KIE ServerTemplate Cache TTL in milliseconds. (Sets the org.kie.server.controller.template.cache.ttl system property)
name: KIE_SERVER_CONTROLLER_TEMPLATE_CACHE_TTL
value: "60000"
required: false
## OpenShift Enhancement END
- displayName: ImageStream Namespace
description: Namespace in which the ImageStreams for Red Hat Decision Manager images are installed. These ImageStreams are normally installed in the openshift namespace. You need to modify this parameter only if you installed the ImageStreams in a different namespace/project.
name: IMAGE_STREAM_NAMESPACE
value: openshift
required: true
- displayName: KIE Server ImageStream Name
description: The name of the image stream to use for KIE Server. Default is "rhpam-kieserver-rhel8".
name: KIE_SERVER_IMAGE_STREAM_NAME
value: "rhpam-kieserver-rhel8"
required: true
- displayName: ImageStream Tag
description: A named pointer to an image in an image stream. Default is "7.14.0".
name: IMAGE_STREAM_TAG
value: "7.14.0"
required: true
- displayName: KIE Server Container Deployment
description: 'KIE Server Container deployment configuration with optional alias. Format: containerId=groupId:artifactId:version|c2(alias2)=g2:a2:v2'
name: KIE_SERVER_CONTAINER_DEPLOYMENT
value: ''
required: false
- displayName: Maven repository ID
description: The id to use for the maven repository, if set. Default is generated randomly.
name: MAVEN_REPO_ID
value: repo-custom
required: false
- displayName: Maven repository URL
description: Fully qualified URL to a Maven repository or service.
name: MAVEN_REPO_URL
example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
required: false
- displayName: Maven repository user name
description: User name for accessing the Maven repository, if required.
name: MAVEN_REPO_USERNAME
required: false
- displayName: Maven repository password
description: Password to access the Maven repository, if required.
name: MAVEN_REPO_PASSWORD
required: false
- displayName: Git hooks directory
description: The directory to use for git hooks, if required.
name: GIT_HOOKS_DIR
example: /opt/kie/data/git/hooks
required: false
- displayName: Decision Central Container Memory Limit
description: Decision Central Container memory limit.
name: DECISION_CENTRAL_MEMORY_LIMIT
value: 2Gi
required: false
- displayName: KIE Server Container Memory Limit
description: KIE Server Container memory limit.
name: KIE_SERVER_MEMORY_LIMIT
value: 1Gi
required: false
- displayName: RH-SSO URL
description: RH-SSO URL.
name: SSO_URL
example: https://rh-sso.example.com/auth
required: false
- displayName: RH-SSO Realm name
description: RH-SSO Realm name.
name: SSO_REALM
required: false
- displayName: Decision Central RH-SSO Client name
description: Decision Central RH-SSO Client name.
name: DECISION_CENTRAL_SSO_CLIENT
required: false
- displayName: Decision Central RH-SSO Client Secret
description: Decision Central RH-SSO Client Secret.
name: DECISION_CENTRAL_SSO_SECRET
example: "252793ed-7118-4ca8-8dab-5622fa97d892"
required: false
- displayName: KIE Server RH-SSO Client name
description: KIE Server RH-SSO Client name.
name: KIE_SERVER_SSO_CLIENT
required: false
- displayName: KIE Server RH-SSO Client Secret
description: KIE Server RH-SSO Client Secret.
name: KIE_SERVER_SSO_SECRET
example: "252793ed-7118-4ca8-8dab-5622fa97d892"
required: false
- displayName: RH-SSO Realm admin user name
description: RH-SSO Realm admin user name used to create the Client if it doesn't exist.
name: SSO_USERNAME
required: false
- displayName: RH-SSO Realm Admin Password
description: RH-SSO Realm Admin Password used to create the Client.
name: SSO_PASSWORD
required: false
- displayName: RH-SSO Disable SSL Certificate Validation
description: RH-SSO Disable SSL Certificate Validation.
name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
value: "false"
required: false
- displayName: RH-SSO Principal Attribute
description: RH-SSO Principal Attribute to use as user name.
name: SSO_PRINCIPAL_ATTRIBUTE
value: preferred_username
required: false
- displayName: LDAP Endpoint
description: LDAP endpoint to connect for authentication. For failover, set two or more LDAP endpoints separated by space.
name: AUTH_LDAP_URL
example: "ldap://myldap.example.com:389"
required: false
- displayName: LDAP Flag Login Module
name: AUTH_LDAP_LOGIN_MODULE
description: "LDAP login module flag, adds backward compatibility with the legacy security subsystem on Elytron. 'optional' is the only supported value, if set, it will create a distributed realm on Elytron configuration with LDAP and FileSystem realms with the user added using the KIE_ADMIN_USER."
example: "optional"
required: false
- displayName: LDAP login failover
name: AUTH_LDAP_LOGIN_FAILOVER
description: "Enable failover, if LDAP Url is unreachable, it will fail over to the KieFsRealm."
example: "true"
required: false
- displayName: LDAP Bind DN
description: Bind DN used for authentication.
name: AUTH_LDAP_BIND_DN
example: "uid=admin,ou=users,ou=example,ou=com"
required: false
- displayName: LDAP Bind Credentials
description: LDAP Credentials used for authentication.
name: AUTH_LDAP_BIND_CREDENTIAL
example: "Password"
required: false
- displayName: Allow Empty Passwords
description: Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise. Boolean flag, defaults to false.
name: AUTH_LDAP_ALLOW_EMPTY_PASSWORDS
example: "true"
required: false
- displayName: LDAP Base DN
description: LDAP Base DN of the top-level context to begin the user search.
name: AUTH_LDAP_BASE_CTX_DN
example: "ou=users,ou=example,ou=com"
required: false
- displayName: LDAP Base Search filter
description: |-
Legacy LDAP search filter used to locate the context of the user to authenticate. The input username or userDN
obtained from the login module callback is substituted into the filter anywhere a {0} expression is used.
A common example for the search filter is (uid={0}).
For Elytron based subsystem this property should be configured only with the search filter parameter, without
any search expression. Example (uid={0}) became just uid.
name: AUTH_LDAP_BASE_FILTER
example: "(uid={0})"
required: false
- displayName: LDAP User resursive search
description: Indicates if the user queries are recursive.
name: AUTH_LDAP_RECURSIVE_SEARCH
example: "true"
required: false
- displayName: LDAP Search time limit
description: The timeout in milliseconds for user or role searches.
name: AUTH_LDAP_SEARCH_TIME_LIMIT
example: "10000"
required: false
- displayName: LDAP Role attributeID
description: Name of the attribute containing the user roles.
name: AUTH_LDAP_ROLE_ATTRIBUTE_ID
example: memberOf
required: false
- displayName: LDAP Roles Search DN
description: The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.
name: AUTH_LDAP_ROLES_CTX_DN
example: "ou=groups,ou=example,ou=com"
required: false
- displayName: LDAP Role search filter
description: A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).
name: AUTH_LDAP_ROLE_FILTER
example: "(memberOf={1})"
required: false
- displayName: LDAP Role recursion
description: The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.
name: AUTH_LDAP_ROLE_RECURSION
example: "1"
required: false
- displayName: LDAP Default role
description: A role included for all authenticated users.
name: AUTH_LDAP_DEFAULT_ROLE
example: "user"
required: false
- displayName: LDAP new identity attributes
description: "Provide new identities for LDAP identity mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value'"
name: AUTH_LDAP_NEW_IDENTITY_ATTRIBUTES
example: sn=BlankSurname;cn=BlankCommonName
required: false
- displayName: LDAP follow referrals
description: "If LDAP referrals should be followed. Corresponds to REFERRAL ('java.naming.referral') environment property. Allowed values: 'ignore', 'follow', 'throw'"
name: AUTH_LDAP_REFERRAL_MODE
required: false
- displayName: Role Mapping roles properties file path or one lined roles
description: When present, the RoleMapping will be configured to use the provided properties file or roles. This parameter defines the fully-qualified file path and name of a properties file or a set of roles with the following pattern 'role=role1;another-role=role2'. The format of every entry in the file is original_role=role1,role2,role3
example: role=role1,role3,role4;role7=role,admin
name: AUTH_ROLE_MAPPER_ROLES_PROPERTIES
required: false
- displayName: Role Mapper Keep Mapped
description: When set to 'true' the mapped roles will retain all roles, that have defined mappings. Defaults to false.
name: AUTH_LDAP_MAPPER_KEEP_MAPPED
required: false
- displayName: Role Mapper Keep Non Mapped
description: When set to 'true' the mapped roles will retain all roles, that have no defined mappings. Defaults to false.
name: AUTH_LDAP_MAPPER_KEEP_NON_MAPPED
required: false
objects:
- kind: ServiceAccount
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-rhdmsvc"
labels:
application: "${APPLICATION_NAME}"
- kind: RoleBinding
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-rhdmsvc-edit"
labels:
application: "${APPLICATION_NAME}"
subjects:
- kind: ServiceAccount
name: "${APPLICATION_NAME}-rhdmsvc"
roleRef:
name: edit
- kind: Service
apiVersion: v1
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
metadata:
name: "${APPLICATION_NAME}-rhdmcentr"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhdmcentr"
annotations:
description: All the Decision Central web server's ports.
- kind: Service
apiVersion: v1
spec:
ports:
- port: 8080
targetPort: 8080
selector:
deploymentConfig: "${APPLICATION_NAME}-kieserver"
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 3600
metadata:
name: "${APPLICATION_NAME}-kieserver"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver"
annotations:
description: All the KIE Server web server's ports.
- kind: Route
apiVersion: v1
id: "insecure-${APPLICATION_NAME}-rhdmcentr-http"
metadata:
name: "insecure-${APPLICATION_NAME}-rhdmcentr"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhdmcentr"
annotations:
description: Route for Decision Central's http service.
haproxy.router.openshift.io/timeout: 1h
spec:
host: "${DECISION_CENTRAL_HOSTNAME_HTTP}"
to:
name: "${APPLICATION_NAME}-rhdmcentr"
port:
targetPort: http
- kind: Route
apiVersion: v1
id: "insecure-${APPLICATION_NAME}-kieserver-http"
metadata:
name: "insecure-${APPLICATION_NAME}-kieserver"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver"
annotations:
description: Route for KIE Server's http service.
haproxy.router.openshift.io/balance: source
spec:
host: "${KIE_SERVER_HOSTNAME_HTTP}"
to:
name: "${APPLICATION_NAME}-kieserver"
- kind: DeploymentConfig
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-rhdmcentr"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhdmcentr"
annotations:
template.alpha.openshift.io/wait-for-ready: "true"
spec:
strategy:
type: Recreate
triggers:
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- "${APPLICATION_NAME}-rhdmcentr"
from:
kind: ImageStreamTag
namespace: "${IMAGE_STREAM_NAMESPACE}"
name: "rhpam-businesscentral-rhel8:${IMAGE_STREAM_TAG}"
- type: ConfigChange
replicas: 1
selector:
deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
template:
metadata:
name: "${APPLICATION_NAME}-rhdmcentr"
labels:
deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-rhdmcentr"
spec:
serviceAccountName: "${APPLICATION_NAME}-rhdmsvc"
terminationGracePeriodSeconds: 60
containers:
- name: "${APPLICATION_NAME}-rhdmcentr"
image: rhpam-businesscentral-rhel8
imagePullPolicy: Always
resources:
limits:
memory: "${DECISION_CENTRAL_MEMORY_LIMIT}"
livenessProbe:
httpGet:
path: /rest/healthy
port: 8080
scheme: HTTP
initialDelaySeconds: 180
timeoutSeconds: 2
periodSeconds: 15
failureThreshold: 36
readinessProbe:
httpGet:
path: /rest/ready
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 2
periodSeconds: 5
failureThreshold: 36
ports:
- name: jolokia
containerPort: 8778
protocol: TCP
- name: http
containerPort: 8080
protocol: TCP
env:
- name: KIE_ADMIN_USER
value: "${KIE_ADMIN_USER}"
- name: KIE_ADMIN_PWD
value: "${DEFAULT_PASSWORD}"
- name: KIE_MBEANS
value: "${KIE_MBEANS}"
## OpenShift Enhancement BEGIN
- name: KIE_SERVER_CONTROLLER_OPENSHIFT_ENABLED
value: "true"
- name: KIE_SERVER_CONTROLLER_OPENSHIFT_GLOBAL_DISCOVERY_ENABLED
value: "${KIE_SERVER_CONTROLLER_OPENSHIFT_GLOBAL_DISCOVERY_ENABLED}"
- name: KIE_SERVER_CONTROLLER_OPENSHIFT_PREFER_KIESERVER_SERVICE
value: "${KIE_SERVER_CONTROLLER_OPENSHIFT_PREFER_KIESERVER_SERVICE}"
- name: KIE_SERVER_CONTROLLER_TEMPLATE_CACHE_TTL
value: "${KIE_SERVER_CONTROLLER_TEMPLATE_CACHE_TTL}"
## OpenShift Enhancement END
- name: WORKBENCH_ROUTE_NAME
value: "insecure-${APPLICATION_NAME}-rhdmcentr"
- name: MAVEN_REPO_ID
value: "${MAVEN_REPO_ID}"
- name: MAVEN_REPO_URL
value: "${MAVEN_REPO_URL}"
- name: MAVEN_REPO_USERNAME
value: "${MAVEN_REPO_USERNAME}"
- name: MAVEN_REPO_PASSWORD
value: "${MAVEN_REPO_PASSWORD}"
- name: GIT_HOOKS_DIR
value: "${GIT_HOOKS_DIR}"
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: SSO_URL
value: "${SSO_URL}"
- name: SSO_OPENIDCONNECT_DEPLOYMENTS
value: "ROOT.war"
- name: SSO_REALM
value: "${SSO_REALM}"
- name: SSO_SECRET
value: "${DECISION_CENTRAL_SSO_SECRET}"
- name: SSO_CLIENT
value: "${DECISION_CENTRAL_SSO_CLIENT}"
- name: SSO_USERNAME
value: "${SSO_USERNAME}"
- name: SSO_PASSWORD
value: "${SSO_PASSWORD}"
- name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
- name: SSO_PRINCIPAL_ATTRIBUTE
value: "${SSO_PRINCIPAL_ATTRIBUTE}"
- name: HOSTNAME_HTTP
value: "${DECISION_CENTRAL_HOSTNAME_HTTP}"
- name: AUTH_LDAP_URL
value: "${AUTH_LDAP_URL}"
- name: AUTH_LDAP_LOGIN_MODULE
value: "${AUTH_LDAP_LOGIN_MODULE}"
- name: AUTH_LDAP_LOGIN_FAILOVER
value: "${AUTH_LDAP_LOGIN_FAILOVER}"
- name: AUTH_LDAP_BIND_DN
value: "${AUTH_LDAP_BIND_DN}"
- name: AUTH_LDAP_BIND_CREDENTIAL
value: "${AUTH_LDAP_BIND_CREDENTIAL}"
- name: AUTH_LDAP_ALLOW_EMPTY_PASSWORDS
value: "${AUTH_LDAP_ALLOW_EMPTY_PASSWORDS}"
- name: AUTH_LDAP_BASE_CTX_DN
value: "${AUTH_LDAP_BASE_CTX_DN}"
- name: AUTH_LDAP_BASE_FILTER
value: "${AUTH_LDAP_BASE_FILTER}"
- name: AUTH_LDAP_RECURSIVE_SEARCH
value: "${AUTH_LDAP_RECURSIVE_SEARCH}"
- name: AUTH_LDAP_SEARCH_TIME_LIMIT
value: "${AUTH_LDAP_SEARCH_TIME_LIMIT}"
- name: AUTH_LDAP_ROLE_ATTRIBUTE_ID
value: "${AUTH_LDAP_ROLE_ATTRIBUTE_ID}"
- name: AUTH_LDAP_ROLES_CTX_DN
value: "${AUTH_LDAP_ROLES_CTX_DN}"
- name: AUTH_LDAP_ROLE_FILTER
value: "${AUTH_LDAP_ROLE_FILTER}"
- name: AUTH_LDAP_ROLE_RECURSION
value: "${AUTH_LDAP_ROLE_RECURSION}"
- name: AUTH_LDAP_DEFAULT_ROLE
value: "${AUTH_LDAP_DEFAULT_ROLE}"
- name: AUTH_LDAP_NEW_IDENTITY_ATTRIBUTES
value: "${AUTH_LDAP_NEW_IDENTITY_ATTRIBUTES}"
- name: AUTH_LDAP_REFERRAL_MODE
value: "${AUTH_LDAP_REFERRAL_MODE}"
- name: AUTH_ROLE_MAPPER_ROLES_PROPERTIES
value: "${AUTH_ROLE_MAPPER_ROLES_PROPERTIES}"
- name: AUTH_LDAP_MAPPER_KEEP_MAPPED
value: "${AUTH_LDAP_MAPPER_KEEP_MAPPED}"
- name: AUTH_LDAP_MAPPER_KEEP_NON_MAPPED
value: "${AUTH_LDAP_MAPPER_KEEP_NON_MAPPED}"
- kind: DeploymentConfig
apiVersion: v1
metadata:
name: "${APPLICATION_NAME}-kieserver"
labels:
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver"
services.server.kie.org/kie-server-id: "${APPLICATION_NAME}-kieserver"
annotations:
template.alpha.openshift.io/wait-for-ready: "true"
spec:
revisionHistoryLimit: 10
strategy:
rollingParams:
maxSurge: 100%
maxUnavailable: 0
type: Rolling
triggers:
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- "${APPLICATION_NAME}-kieserver"
from:
kind: ImageStreamTag
namespace: "${IMAGE_STREAM_NAMESPACE}"
name: "${KIE_SERVER_IMAGE_STREAM_NAME}:${IMAGE_STREAM_TAG}"
- type: ConfigChange
replicas: 1
selector:
deploymentConfig: "${APPLICATION_NAME}-kieserver"
template:
metadata:
name: "${APPLICATION_NAME}-kieserver"
labels:
deploymentConfig: "${APPLICATION_NAME}-kieserver"
application: "${APPLICATION_NAME}"
service: "${APPLICATION_NAME}-kieserver"
services.server.kie.org/kie-server-id: "${APPLICATION_NAME}-kieserver"
spec:
serviceAccountName: "${APPLICATION_NAME}-rhdmsvc"
terminationGracePeriodSeconds: 90
containers:
- name: "${APPLICATION_NAME}-kieserver"
image: "${KIE_SERVER_IMAGE_STREAM_NAME}"
imagePullPolicy: Always
lifecycle:
postStart:
exec:
command:
- /bin/sh
- /opt/eap/bin/launch/jboss-kie-kieserver-hooks.sh
preStop:
exec:
command:
- /bin/sh
- /opt/eap/bin/launch/jboss-kie-kieserver-hooks.sh
resources:
limits:
memory: "${KIE_SERVER_MEMORY_LIMIT}"
livenessProbe:
httpGet:
path: /services/rest/server/healthcheck
port: 8080
scheme: HTTP
initialDelaySeconds: 180
timeoutSeconds: 2
periodSeconds: 15
failureThreshold: 3
readinessProbe:
httpGet:
path: /services/rest/server/readycheck
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 2
periodSeconds: 5
failureThreshold: 36
ports:
- name: jolokia
containerPort: 8778
protocol: TCP
- name: http
containerPort: 8080
protocol: TCP
env:
- name: WORKBENCH_SERVICE_NAME
value: "${APPLICATION_NAME}-rhdmcentr"
- name: KIE_ADMIN_USER
value: "${KIE_ADMIN_USER}"
- name: KIE_ADMIN_PWD
value: "${DEFAULT_PASSWORD}"
- name: KIE_SERVER_MODE
value: "${KIE_SERVER_MODE}"
- name: KIE_MBEANS
value: "${KIE_MBEANS}"
- name: DROOLS_SERVER_FILTER_CLASSES
value: "${DROOLS_SERVER_FILTER_CLASSES}"
- name: KIE_SERVER_DECISIONS_ONLY
value: "${KIE_SERVER_DECISIONS_ONLY}"
- name: PROMETHEUS_SERVER_EXT_DISABLED
value: "${PROMETHEUS_SERVER_EXT_DISABLED}"
- name: KIE_SERVER_BYPASS_AUTH_USER
value: "${KIE_SERVER_BYPASS_AUTH_USER}"
- name: KIE_SERVER_ID
valueFrom:
fieldRef:
fieldPath: metadata.labels['services.server.kie.org/kie-server-id']
- name: KIE_SERVER_ROUTE_NAME
value: "insecure-${APPLICATION_NAME}-kieserver"
- name: KIE_SERVER_STARTUP_STRATEGY
value: "OpenShiftStartupStrategy"
- name: KIE_SERVER_CONTAINER_DEPLOYMENT
value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}"
- name: MAVEN_REPOS
value: "RHDMCENTR,EXTERNAL"
- name: RHDMCENTR_MAVEN_REPO_ID
value: "repo-rhdmcentr"
- name: RHDMCENTR_MAVEN_REPO_SERVICE
value: "${APPLICATION_NAME}-rhdmcentr"
- name: RHDMCENTR_MAVEN_REPO_PATH
value: "/maven2/"
- name: RHDMCENTR_MAVEN_REPO_USERNAME
value: "${KIE_ADMIN_USER}"
- name: RHDMCENTR_MAVEN_REPO_PASSWORD
value: "${DEFAULT_PASSWORD}"
- name: EXTERNAL_MAVEN_REPO_ID
value: "${MAVEN_REPO_ID}"
- name: EXTERNAL_MAVEN_REPO_URL
value: "${MAVEN_REPO_URL}"
- name: EXTERNAL_MAVEN_REPO_USERNAME
value: "${MAVEN_REPO_USERNAME}"
- name: EXTERNAL_MAVEN_REPO_PASSWORD
value: "${MAVEN_REPO_PASSWORD}"
- name: SSO_URL
value: "${SSO_URL}"
- name: SSO_OPENIDCONNECT_DEPLOYMENTS
value: "ROOT.war"
- name: SSO_REALM
value: "${SSO_REALM}"
- name: SSO_SECRET
value: "${KIE_SERVER_SSO_SECRET}"
- name: SSO_CLIENT
value: "${KIE_SERVER_SSO_CLIENT}"
- name: SSO_USERNAME
value: "${SSO_USERNAME}"
- name: SSO_PASSWORD
value: "${SSO_PASSWORD}"
- name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
- name: SSO_PRINCIPAL_ATTRIBUTE
value: "${SSO_PRINCIPAL_ATTRIBUTE}"
- name: HOSTNAME_HTTP
value: "${KIE_SERVER_HOSTNAME_HTTP}"
- name: AUTH_LDAP_URL
value: "${AUTH_LDAP_URL}"
- name: AUTH_LDAP_LOGIN_MODULE
value: "${AUTH_LDAP_LOGIN_MODULE}"
- name: AUTH_LDAP_LOGIN_FAILOVER
value: "${AUTH_LDAP_LOGIN_FAILOVER}"
- name: AUTH_LDAP_BIND_DN
value: "${AUTH_LDAP_BIND_DN}"
- name: AUTH_LDAP_BIND_CREDENTIAL
value: "${AUTH_LDAP_BIND_CREDENTIAL}"
- name: AUTH_LDAP_ALLOW_EMPTY_PASSWORDS
value: "${AUTH_LDAP_ALLOW_EMPTY_PASSWORDS}"
- name: AUTH_LDAP_BASE_CTX_DN
value: "${AUTH_LDAP_BASE_CTX_DN}"
- name: AUTH_LDAP_BASE_FILTER
value: "${AUTH_LDAP_BASE_FILTER}"
- name: AUTH_LDAP_RECURSIVE_SEARCH
value: "${AUTH_LDAP_RECURSIVE_SEARCH}"
- name: AUTH_LDAP_SEARCH_TIME_LIMIT
value: "${AUTH_LDAP_SEARCH_TIME_LIMIT}"
- name: AUTH_LDAP_ROLE_ATTRIBUTE_ID
value: "${AUTH_LDAP_ROLE_ATTRIBUTE_ID}"
- name: AUTH_LDAP_ROLES_CTX_DN
value: "${AUTH_LDAP_ROLES_CTX_DN}"
- name: AUTH_LDAP_ROLE_FILTER
value: "${AUTH_LDAP_ROLE_FILTER}"
- name: AUTH_LDAP_ROLE_RECURSION
value: "${AUTH_LDAP_ROLE_RECURSION}"
- name: AUTH_LDAP_DEFAULT_ROLE
value: "${AUTH_LDAP_DEFAULT_ROLE}"
- name: AUTH_LDAP_NEW_IDENTITY_ATTRIBUTES
value: "${AUTH_LDAP_NEW_IDENTITY_ATTRIBUTES}"
- name: AUTH_LDAP_REFERRAL_MODE
value: "${AUTH_LDAP_REFERRAL_MODE}"
- name: AUTH_ROLE_MAPPER_ROLES_PROPERTIES
value: "${AUTH_ROLE_MAPPER_ROLES_PROPERTIES}"
- name: AUTH_ROLE_MAPPER_REPLACE_ROLE
value: "${AUTH_ROLE_MAPPER_REPLACE_ROLE}"
- name: FILTERS
value: "AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE"
- name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_NAME
value: "Access-Control-Allow-Origin"
- name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_VALUE
value: "${KIE_SERVER_ACCESS_CONTROL_ALLOW_ORIGIN}"
- name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_NAME
value: "Access-Control-Allow-Methods"
- name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_VALUE
value: "${KIE_SERVER_ACCESS_CONTROL_ALLOW_METHODS}"
- name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_NAME
value: "Access-Control-Allow-Headers"
- name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_VALUE
value: "${KIE_SERVER_ACCESS_CONTROL_ALLOW_HEADERS}"
- name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_NAME
value: "Access-Control-Allow-Credentials"
- name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_VALUE
value: "${KIE_SERVER_ACCESS_CONTROL_ALLOW_CREDENTIALS}"
- name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_NAME
value: "Access-Control-Max-Age"
- name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_VALUE
value: "${KIE_SERVER_ACCESS_CONTROL_MAX_AGE}"
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace