|
|
@@ -4,19 +4,21 @@ apiVersion: v1
|
|
|
metadata:
|
|
|
annotations:
|
|
|
description: Application template for Red Hat Decision Manager 7.0 applications with persistent storage.
|
|
|
- iconClass: icon-decisionserver
|
|
|
+ iconClass: icon-jboss
|
|
|
tags: rhdm,jboss,xpaas
|
|
|
- version: 1.4.8
|
|
|
+ version: 1.4.0
|
|
|
openshift.io/display-name: Red Hat Decision Manager 7.0 applications (Persistent with https)
|
|
|
name: rhdm70-full-persistent
|
|
|
labels:
|
|
|
template: rhdm70-full-persistent
|
|
|
- xpaas: 1.4.8
|
|
|
-message: A new persistent Decision Manager applications have been created in your project.
|
|
|
- The username/password for accessing the KIE Server / Decision Central interface is ${KIE_ADMIN_USER}/${KIE_ADMIN_PWD}.
|
|
|
+ xpaas: 1.4.0
|
|
|
+message: New persistent Decision Central and Decision Server applications have been created in your project.
|
|
|
+ The user name/password for accessing the Decision Central interface is ${KIE_ADMIN_USER}/${KIE_ADMIN_PWD}.
|
|
|
+ The user name/password for calls to the Decision Server is ${KIE_SERVER_USER}/${KIE_SERVER_PWD}.
|
|
|
Please be sure to create the "decisioncentral-service-account" and "kieserver-service-account" service accounts
|
|
|
and the secrets named "${DECISION_CENTRAL_HTTPS_SECRET}" and "${KIE_SERVER_HTTPS_SECRET}" containing the
|
|
|
${DECISION_CENTRAL_HTTPS_KEYSTORE} and ${KIE_SERVER_HTTPS_KEYSTORE}files used for serving secure content.
|
|
|
+ Only stateless API calls to the Decision Server are supported.
|
|
|
parameters:
|
|
|
- displayName: Application Name
|
|
|
description: The name for the application.
|
|
|
@@ -24,45 +26,48 @@ parameters:
|
|
|
value: myapp
|
|
|
required: true
|
|
|
- displayName: EAP Admin User
|
|
|
- description: EAP administrator username
|
|
|
+ description: EAP administrator user name. Use this user account if you need use JBoss EAP command line management.
|
|
|
+ You can use rsh to access the command line on the pods.
|
|
|
name: ADMIN_USERNAME
|
|
|
value: eapadmin
|
|
|
required: false
|
|
|
- displayName: EAP Admin Password
|
|
|
- description: EAP administrator password
|
|
|
+ description: EAP administrator password.
|
|
|
name: ADMIN_PASSWORD
|
|
|
from: "[a-zA-Z]{6}[0-9]{1}!"
|
|
|
generate: expression
|
|
|
required: false
|
|
|
-- displayName: KIE Admin User
|
|
|
- description: KIE administrator username
|
|
|
+- displayName: KIE Admin User
|
|
|
+ description: KIE administrator user name. Use this user account to log on to Decision Central.
|
|
|
name: KIE_ADMIN_USER
|
|
|
value: adminUser
|
|
|
required: false
|
|
|
- displayName: KIE Admin Password
|
|
|
- description: KIE administrator password
|
|
|
+ description: KIE administrator password.
|
|
|
name: KIE_ADMIN_PWD
|
|
|
from: "[a-zA-Z]{6}[0-9]{1}!"
|
|
|
generate: expression
|
|
|
required: false
|
|
|
- displayName: KIE Server Controller User
|
|
|
- description: KIE server controller username (Sets the org.kie.server.controller.user system property)
|
|
|
+ description: KIE server controller user name. The Decision Server uses this user account to log on to
|
|
|
+ Decision Central. (Sets the org.kie.server.controller.user system property).
|
|
|
name: KIE_SERVER_CONTROLLER_USER
|
|
|
value: controllerUser
|
|
|
required: false
|
|
|
- displayName: KIE Server Controller Password
|
|
|
- description: KIE server controller password (Sets the org.kie.server.controller.pwd system property)
|
|
|
+ description: KIE server controller password (sets the org.kie.server.controller.pwd system property).
|
|
|
name: KIE_SERVER_CONTROLLER_PWD
|
|
|
from: "[a-zA-Z]{6}[0-9]{1}!"
|
|
|
generate: expression
|
|
|
required: false
|
|
|
- displayName: KIE Server User
|
|
|
- description: KIE execution server username (Sets the org.kie.server.user system property)
|
|
|
+ description: KIE execution server user name. Use this user account for API calls to the Decision Server.
|
|
|
+ (Sets the org.kie.server.user system property).
|
|
|
name: KIE_SERVER_USER
|
|
|
value: executionUser
|
|
|
required: false
|
|
|
- displayName: KIE Server Password
|
|
|
- description: KIE execution server password (Sets the org.kie.server.pwd system property)
|
|
|
+ description: KIE execution server password (sets the org.kie.server.pwd system property).
|
|
|
name: KIE_SERVER_PWD
|
|
|
from: "[a-zA-Z]{6}[0-9]{1}!"
|
|
|
generate: expression
|
|
|
@@ -73,112 +78,141 @@ parameters:
|
|
|
value: ''
|
|
|
required: false
|
|
|
- displayName: KIE Server Bypass Auth User
|
|
|
- description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)
|
|
|
+ description: KIE execution server bypass auth user. If this parameter is set to true, the Decision Server accepts
|
|
|
+ API calls without user account authorization. (Sets the org.kie.server.bypass.auth.user system property).
|
|
|
name: KIE_SERVER_BYPASS_AUTH_USER
|
|
|
value: 'false'
|
|
|
required: false
|
|
|
- displayName: KIE MBeans
|
|
|
- description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
|
|
|
+ description: KIE execution server MBeans enabled/disabled. These MBeans provide monitoring information. (Sets the
|
|
|
+ kie.mbeans and kie.scanner.mbeans system properties).
|
|
|
name: KIE_MBEANS
|
|
|
value: enabled
|
|
|
required: false
|
|
|
- displayName: Drools Server Filter Classes
|
|
|
- description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property)
|
|
|
+ description: KIE execution server class filtering. When this parameter is set to true, the Decision Server extension
|
|
|
+ accepts custom classes annotated by the XmlRootElement or Remotable annotations only. Setting to true is preferable
|
|
|
+ for performance, but some custom decision services might require false. (Sets the org.drools.server.filter.classes
|
|
|
+ system property).
|
|
|
name: DROOLS_SERVER_FILTER_CLASSES
|
|
|
value: 'true'
|
|
|
required: false
|
|
|
- displayName: Decision Central Custom http Route Hostname
|
|
|
description: 'Custom hostname for http service route. Leave blank for default hostname,
|
|
|
- e.g.: <application-name>-rhdmcentr-<project>.<default-domain-suffix>'
|
|
|
+ example: <application-name>-rhdmcentr-<project>.<default-domain-suffix>'
|
|
|
name: DECISION_CENTRAL_HOSTNAME_HTTP
|
|
|
value: ''
|
|
|
required: false
|
|
|
- displayName: Decision Central Custom https Route Hostname
|
|
|
- description: 'Custom hostname for https service route. Leave blank for default
|
|
|
- hostname, e.g.: secure-<application-name>-rhdmcentr-<project>.<default-domain-suffix>'
|
|
|
+ description: 'Custom hostname for https service route. Leave blank for default hostname,
|
|
|
+ example: secure-<application-name>-rhdmcentr-<project>.<default-domain-suffix>'
|
|
|
name: DECISION_CENTRAL_HOSTNAME_HTTPS
|
|
|
value: ''
|
|
|
required: false
|
|
|
-- displayName: Execution Server Custom http Route Hostname
|
|
|
+- displayName: Decision Server Custom http Route Hostname
|
|
|
description: 'Custom hostname for http service route. Leave blank for default hostname,
|
|
|
- e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
|
|
|
+ example: <application-name>-kieserver-<project>.<default-domain-suffix>'
|
|
|
name: EXECUTION_SERVER_HOSTNAME_HTTP
|
|
|
value: ''
|
|
|
required: false
|
|
|
-- displayName: Execution Server Custom https Route Hostname
|
|
|
- description: 'Custom hostname for https service route. Leave blank for default
|
|
|
- hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
|
|
|
+- displayName: Decision Server Custom https Route Hostname
|
|
|
+ description: 'Custom hostname for https service route. Leave blank for default hostname,
|
|
|
+ example: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
|
|
|
name: EXECUTION_SERVER_HOSTNAME_HTTPS
|
|
|
value: ''
|
|
|
required: false
|
|
|
- displayName: Decision Central Server Keystore Secret Name
|
|
|
- description: The name of the secret containing the keystore file
|
|
|
+ description: The name of the secret containing the keystore file for Decision Central.
|
|
|
name: DECISION_CENTRAL_HTTPS_SECRET
|
|
|
value: decisioncentral-app-secret
|
|
|
required: false
|
|
|
- displayName: Decision Central Server Keystore Filename
|
|
|
- description: The name of the keystore file within the secret
|
|
|
+ description: The name of the keystore file within the secret.
|
|
|
name: DECISION_CENTRAL_HTTPS_KEYSTORE
|
|
|
value: keystore.jks
|
|
|
required: false
|
|
|
- displayName: Decision Central Server Certificate Name
|
|
|
- description: The name associated with the server certificate
|
|
|
+ description: The name associated with the server certificate.
|
|
|
name: DECISION_CENTRAL_HTTPS_NAME
|
|
|
value: jboss
|
|
|
required: false
|
|
|
- displayName: Decision Central Server Keystore Password
|
|
|
- description: The password for the keystore and certificate
|
|
|
+ description: The password for the keystore and certificate.
|
|
|
name: DECISION_CENTRAL_HTTPS_PASSWORD
|
|
|
value: mykeystorepass
|
|
|
required: false
|
|
|
- displayName: KIE Server Keystore Secret Name
|
|
|
- description: The name of the secret containing the keystore file
|
|
|
+ description: The name of the secret containing the keystore file for Decision Server.
|
|
|
name: KIE_SERVER_HTTPS_SECRET
|
|
|
value: kieserver-app-secret
|
|
|
required: false
|
|
|
- displayName: KIE Server Keystore Filename
|
|
|
- description: The name of the keystore file within the secret
|
|
|
+ description: The name of the keystore file within the secret.
|
|
|
name: KIE_SERVER_HTTPS_KEYSTORE
|
|
|
value: keystore.jks
|
|
|
required: false
|
|
|
- displayName: KIE Server Certificate Name
|
|
|
- description: The name associated with the server certificate
|
|
|
+ description: The name associated with the server certificate.
|
|
|
name: KIE_SERVER_HTTPS_NAME
|
|
|
value: jboss
|
|
|
required: false
|
|
|
- displayName: KIE Server Keystore Password
|
|
|
- description: The password for the keystore and certificate
|
|
|
+ description: The password for the keystore and certificate.
|
|
|
name: KIE_SERVER_HTTPS_PASSWORD
|
|
|
value: mykeystorepass
|
|
|
required: false
|
|
|
- displayName: ImageStream Namespace
|
|
|
description: Namespace in which the ImageStreams for Red Hat Middleware images are
|
|
|
installed. These ImageStreams are normally installed in the openshift namespace.
|
|
|
- You should only need to modify this if you've installed the ImageStreams in a
|
|
|
- different namespace/project.
|
|
|
+ Modify this setting only if you have installed the ImageStreams in a different
|
|
|
+ namespace/project.
|
|
|
name: IMAGE_STREAM_NAMESPACE
|
|
|
value: openshift
|
|
|
required: true
|
|
|
+- displayName: ImageStream Tag
|
|
|
+ description: A named pointer to an image in an image stream. Default is "1.1".
|
|
|
+ name: IMAGE_STREAM_TAG
|
|
|
+ value: "1.1"
|
|
|
+ required: false
|
|
|
- displayName: Maven repository URL
|
|
|
- description: Fully qualified URL to a Maven repository. If unspecified, will fall back to Decision Central service.
|
|
|
+ description: Fully qualified URL to a Maven repository or service.
|
|
|
name: MAVEN_REPO_URL
|
|
|
+ example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
|
|
|
required: false
|
|
|
- displayName: Maven repository username
|
|
|
- description: Username to access the Maven repository. If using Decision Central, will have to match KIE_ADMIN_USER.
|
|
|
- Default is "adminUser".
|
|
|
+ description: Username to access the Maven repository, if required.
|
|
|
name: MAVEN_REPO_USERNAME
|
|
|
- value: adminUser
|
|
|
required: false
|
|
|
- displayName: Maven repository password
|
|
|
- description: Password to access the Maven repository. If using Decision Central, will have to match KIE_ADMIN_PWD.
|
|
|
- No default specified.
|
|
|
+ description: Password to access the Maven repository, if required.
|
|
|
name: MAVEN_REPO_PASSWORD
|
|
|
required: false
|
|
|
+- displayName: Username for the Maven service hosted by Decision Central
|
|
|
+ description: Username to access the Maven service hosted by Decision Central inside EAP.
|
|
|
+ name: DECISION_CENTRAL_MAVEN_USERNAME
|
|
|
+ required: true
|
|
|
+ value: mavenUser
|
|
|
+- displayName: Password for the Maven service hosted by Decision Central
|
|
|
+ description: Password to access the Maven service hosted by Decision Central inside EAP.
|
|
|
+ name: DECISION_CENTRAL_MAVEN_PASSWORD
|
|
|
+ from: "[a-zA-Z]{6}[0-9]{1}!"
|
|
|
+ generate: expression
|
|
|
+ required: true
|
|
|
- displayName: Decision Central Volume Capacity
|
|
|
description: Size of the persistent storage for Decision Central's runtime data.
|
|
|
name: DECISION_CENTRAL_VOLUME_CAPACITY
|
|
|
- value: 512Mi
|
|
|
+ value: 1Gi
|
|
|
required: true
|
|
|
+- displayName: Decision Central Container Memory Limit
|
|
|
+ description: Decision Central Container memory limit
|
|
|
+ name: DECISION_CENTRAL_MEMORY_LIMIT
|
|
|
+ value: 2Gi
|
|
|
+ required: false
|
|
|
+- displayName: Execution Server Container Memory Limit
|
|
|
+ description: Execution Server Container memory limit
|
|
|
+ name: EXCECUTION_SERVER_MEMORY_LIMIT
|
|
|
+ value: 1Gi
|
|
|
+ required: false
|
|
|
objects:
|
|
|
- kind: Service
|
|
|
apiVersion: v1
|
|
|
@@ -212,6 +246,20 @@ objects:
|
|
|
apiVersion: v1
|
|
|
spec:
|
|
|
ports:
|
|
|
+ - port: 8001
|
|
|
+ targetPort: 8001
|
|
|
+ selector:
|
|
|
+ deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
|
|
|
+ metadata:
|
|
|
+ name: ${APPLICATION_NAME}-rhdmcentr-git-ssh
|
|
|
+ labels:
|
|
|
+ application: "${APPLICATION_NAME}"
|
|
|
+ annotations:
|
|
|
+ description: The Decision Central Git SSH port
|
|
|
+- kind: Service
|
|
|
+ apiVersion: v1
|
|
|
+ spec:
|
|
|
+ ports:
|
|
|
- port: 8080
|
|
|
targetPort: 8080
|
|
|
selector:
|
|
|
@@ -245,6 +293,7 @@ objects:
|
|
|
application: "${APPLICATION_NAME}"
|
|
|
annotations:
|
|
|
description: Route for Decision Central's http service.
|
|
|
+ haproxy.router.openshift.io/timeout: 60s
|
|
|
spec:
|
|
|
host: "${DECISION_CENTRAL_HOSTNAME_HTTP}"
|
|
|
to:
|
|
|
@@ -258,6 +307,7 @@ objects:
|
|
|
application: "${APPLICATION_NAME}"
|
|
|
annotations:
|
|
|
description: Route for Decision Central's https service.
|
|
|
+ haproxy.router.openshift.io/timeout: 60s
|
|
|
spec:
|
|
|
host: "${DECISION_CENTRAL_HOSTNAME_HTTPS}"
|
|
|
to:
|
|
|
@@ -310,7 +360,7 @@ objects:
|
|
|
from:
|
|
|
kind: ImageStreamTag
|
|
|
namespace: "${IMAGE_STREAM_NAMESPACE}"
|
|
|
- name: rhdm70-decisioncentral-openshift:1.0
|
|
|
+ name: "rhdm70-decisioncentral-openshift:${IMAGE_STREAM_TAG}"
|
|
|
- type: ConfigChange
|
|
|
replicas: 1
|
|
|
selector:
|
|
|
@@ -322,12 +372,14 @@ objects:
|
|
|
deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
|
|
|
application: "${APPLICATION_NAME}"
|
|
|
spec:
|
|
|
- serviceAccountName: decisioncentral-service-account
|
|
|
terminationGracePeriodSeconds: 60
|
|
|
containers:
|
|
|
- name: "${APPLICATION_NAME}-rhdmcentr"
|
|
|
image: rhdm70-decisioncentral-openshift
|
|
|
imagePullPolicy: Always
|
|
|
+ resources:
|
|
|
+ limits:
|
|
|
+ memory: "${DECISION_CENTRAL_MEMORY_LIMIT}"
|
|
|
volumeMounts:
|
|
|
- name: decisioncentral-keystore-volume
|
|
|
mountPath: "/etc/decisioncentral-secret-volume"
|
|
|
@@ -356,6 +408,9 @@ objects:
|
|
|
- name: https
|
|
|
containerPort: 8443
|
|
|
protocol: TCP
|
|
|
+ - name: git-ssh
|
|
|
+ containerPort: 8001
|
|
|
+ protocol: TCP
|
|
|
env:
|
|
|
- name: KIE_ADMIN_PWD
|
|
|
value: "${KIE_ADMIN_PWD}"
|
|
|
@@ -371,6 +426,16 @@ objects:
|
|
|
value: "${KIE_SERVER_PWD}"
|
|
|
- name: KIE_SERVER_USER
|
|
|
value: "${KIE_SERVER_USER}"
|
|
|
+ - name: MAVEN_REPO_URL
|
|
|
+ value: "${MAVEN_REPO_URL}"
|
|
|
+ - name: MAVEN_REPO_USERNAME
|
|
|
+ value: "${MAVEN_REPO_USERNAME}"
|
|
|
+ - name: MAVEN_REPO_PASSWORD
|
|
|
+ value: "${MAVEN_REPO_PASSWORD}"
|
|
|
+ - name: KIE_MAVEN_USER
|
|
|
+ value: "${DECISION_CENTRAL_MAVEN_USERNAME}"
|
|
|
+ - name: KIE_MAVEN_PWD
|
|
|
+ value: "${DECISION_CENTRAL_MAVEN_PASSWORD}"
|
|
|
- name: HTTPS_KEYSTORE_DIR
|
|
|
value: "/etc/decisioncentral-secret-volume"
|
|
|
- name: HTTPS_KEYSTORE
|
|
|
@@ -412,7 +477,7 @@ objects:
|
|
|
from:
|
|
|
kind: ImageStreamTag
|
|
|
namespace: "${IMAGE_STREAM_NAMESPACE}"
|
|
|
- name: rhdm70-kieserver-openshift:1.0
|
|
|
+ name: "rhdm70-kieserver-openshift:${IMAGE_STREAM_TAG}"
|
|
|
- type: ConfigChange
|
|
|
replicas: 1
|
|
|
selector:
|
|
|
@@ -424,12 +489,14 @@ objects:
|
|
|
deploymentConfig: "${APPLICATION_NAME}-kieserver"
|
|
|
application: "${APPLICATION_NAME}"
|
|
|
spec:
|
|
|
- serviceAccountName: kieserver-service-account
|
|
|
terminationGracePeriodSeconds: 60
|
|
|
containers:
|
|
|
- name: "${APPLICATION_NAME}-kieserver"
|
|
|
image: rhdm70-kieserver-openshift
|
|
|
imagePullPolicy: Always
|
|
|
+ resources:
|
|
|
+ limits:
|
|
|
+ memory: "${EXCECUTION_SERVER_MEMORY_LIMIT}"
|
|
|
volumeMounts:
|
|
|
- name: kieserver-keystore-volume
|
|
|
mountPath: "/etc/kieserver-secret-volume"
|
|
|
@@ -483,15 +550,21 @@ objects:
|
|
|
value: "${KIE_SERVER_PWD}"
|
|
|
- name: KIE_SERVER_USER
|
|
|
value: "${KIE_SERVER_USER}"
|
|
|
- - name: MAVEN_REPO_URL
|
|
|
- value: "${MAVEN_REPO_URL}"
|
|
|
- - name: MAVEN_REPO_SERVICE
|
|
|
+ - name: MAVEN_REPOS
|
|
|
+ value: "RHDMCENTR,EXTERNAL"
|
|
|
+ - name: RHDMCENTR_MAVEN_REPO_SERVICE
|
|
|
value: "${APPLICATION_NAME}-rhdmcentr"
|
|
|
- - name: MAVEN_REPO_PATH
|
|
|
+ - name: RHDMCENTR_MAVEN_REPO_PATH
|
|
|
value: "/maven2/"
|
|
|
- - name: MAVEN_REPO_USERNAME
|
|
|
+ - name: RHDMCENTR_MAVEN_REPO_USERNAME
|
|
|
+ value: "${DECISION_CENTRAL_MAVEN_USERNAME}"
|
|
|
+ - name: RHDMCENTR_MAVEN_REPO_PASSWORD
|
|
|
+ value: "${DECISION_CENTRAL_MAVEN_PASSWORD}"
|
|
|
+ - name: EXTERNAL_MAVEN_REPO_URL
|
|
|
+ value: "${MAVEN_REPO_URL}"
|
|
|
+ - name: EXTERNAL_MAVEN_REPO_USERNAME
|
|
|
value: "${MAVEN_REPO_USERNAME}"
|
|
|
- - name: MAVEN_REPO_PASSWORD
|
|
|
+ - name: EXTERNAL_MAVEN_REPO_PASSWORD
|
|
|
value: "${MAVEN_REPO_PASSWORD}"
|
|
|
- name: HTTPS_KEYSTORE_DIR
|
|
|
value: "/etc/kieserver-secret-volume"
|
OpenShift Merge Robot