--- kind: Template apiVersion: v1 metadata: annotations: description: Application template for Red Hat Decision Manager 7.0 applications with persistent storage. iconClass: icon-jboss tags: rhdm,jboss,xpaas version: 1.4.0 openshift.io/display-name: Red Hat Decision Manager 7.0 applications (Persistent with https) name: rhdm70-full-persistent labels: template: rhdm70-full-persistent xpaas: 1.4.0 message: New persistent Decision Central and Decision Server applications have been created in your project. The user name/password for accessing the Decision Central interface is ${KIE_ADMIN_USER}/${KIE_ADMIN_PWD}. The user name/password for calls to the Decision Server is ${KIE_SERVER_USER}/${KIE_SERVER_PWD}. Please be sure to create the "decisioncentral-service-account" and "kieserver-service-account" service accounts and the secrets named "${DECISION_CENTRAL_HTTPS_SECRET}" and "${KIE_SERVER_HTTPS_SECRET}" containing the ${DECISION_CENTRAL_HTTPS_KEYSTORE} and ${KIE_SERVER_HTTPS_KEYSTORE}files used for serving secure content. Only stateless API calls to the Decision Server are supported. parameters: - displayName: Application Name description: The name for the application. name: APPLICATION_NAME value: myapp required: true - displayName: EAP Admin User description: EAP administrator user name. Use this user account if you need use JBoss EAP command line management. You can use rsh to access the command line on the pods. name: ADMIN_USERNAME value: eapadmin required: false - displayName: EAP Admin Password description: EAP administrator password. name: ADMIN_PASSWORD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: false - displayName: KIE Admin User description: KIE administrator user name. Use this user account to log on to Decision Central. name: KIE_ADMIN_USER value: adminUser required: false - displayName: KIE Admin Password description: KIE administrator password. name: KIE_ADMIN_PWD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: false - displayName: KIE Server Controller User description: KIE server controller user name. The Decision Server uses this user account to log on to Decision Central. (Sets the org.kie.server.controller.user system property). name: KIE_SERVER_CONTROLLER_USER value: controllerUser required: false - displayName: KIE Server Controller Password description: KIE server controller password (sets the org.kie.server.controller.pwd system property). name: KIE_SERVER_CONTROLLER_PWD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: false - displayName: KIE Server User description: KIE execution server user name. Use this user account for API calls to the Decision Server. (Sets the org.kie.server.user system property). name: KIE_SERVER_USER value: executionUser required: false - displayName: KIE Server Password description: KIE execution server password (sets the org.kie.server.pwd system property). name: KIE_SERVER_PWD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: false - displayName: KIE Server ID description: Decision server identifier. Determines the template ID in Decision Central or controller. If this parameter is left blank, it is set using the $HOSTNAME environment variable or a random value. (Sets the org.kie.server.id system property). name: KIE_SERVER_ID value: '' required: false - displayName: KIE Server Bypass Auth User description: KIE execution server bypass auth user. If this parameter is set to true, the Decision Server accepts API calls without user account authorization. (Sets the org.kie.server.bypass.auth.user system property). name: KIE_SERVER_BYPASS_AUTH_USER value: 'false' required: false - displayName: KIE MBeans description: KIE execution server MBeans enabled/disabled. These MBeans provide monitoring information. (Sets the kie.mbeans and kie.scanner.mbeans system properties). name: KIE_MBEANS value: enabled required: false - displayName: Drools Server Filter Classes description: KIE execution server class filtering. When this parameter is set to true, the Decision Server extension accepts custom classes annotated by the XmlRootElement or Remotable annotations only. Setting to true is preferable for performance, but some custom decision services might require false. (Sets the org.drools.server.filter.classes system property). name: DROOLS_SERVER_FILTER_CLASSES value: 'true' required: false - displayName: Decision Central Custom http Route Hostname description: 'Custom hostname for http service route. Leave blank for default hostname, example: -rhdmcentr-.' name: DECISION_CENTRAL_HOSTNAME_HTTP value: '' required: false - displayName: Decision Central Custom https Route Hostname description: 'Custom hostname for https service route. Leave blank for default hostname, example: secure--rhdmcentr-.' name: DECISION_CENTRAL_HOSTNAME_HTTPS value: '' required: false - displayName: Decision Server Custom http Route Hostname description: 'Custom hostname for http service route. Leave blank for default hostname, example: -kieserver-.' name: EXECUTION_SERVER_HOSTNAME_HTTP value: '' required: false - displayName: Decision Server Custom https Route Hostname description: 'Custom hostname for https service route. Leave blank for default hostname, example: secure--kieserver-.' name: EXECUTION_SERVER_HOSTNAME_HTTPS value: '' required: false - displayName: Decision Central Server Keystore Secret Name description: The name of the secret containing the keystore file for Decision Central. name: DECISION_CENTRAL_HTTPS_SECRET value: decisioncentral-app-secret required: false - displayName: Decision Central Server Keystore Filename description: The name of the keystore file within the secret. name: DECISION_CENTRAL_HTTPS_KEYSTORE value: keystore.jks required: false - displayName: Decision Central Server Certificate Name description: The name associated with the server certificate. name: DECISION_CENTRAL_HTTPS_NAME value: jboss required: false - displayName: Decision Central Server Keystore Password description: The password for the keystore and certificate. name: DECISION_CENTRAL_HTTPS_PASSWORD value: mykeystorepass required: false - displayName: KIE Server Keystore Secret Name description: The name of the secret containing the keystore file for Decision Server. name: KIE_SERVER_HTTPS_SECRET value: kieserver-app-secret required: false - displayName: KIE Server Keystore Filename description: The name of the keystore file within the secret. name: KIE_SERVER_HTTPS_KEYSTORE value: keystore.jks required: false - displayName: KIE Server Certificate Name description: The name associated with the server certificate. name: KIE_SERVER_HTTPS_NAME value: jboss required: false - displayName: KIE Server Keystore Password description: The password for the keystore and certificate. name: KIE_SERVER_HTTPS_PASSWORD value: mykeystorepass required: false - displayName: ImageStream Namespace description: Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. Modify this setting only if you have installed the ImageStreams in a different namespace/project. name: IMAGE_STREAM_NAMESPACE value: openshift required: true - displayName: ImageStream Tag description: A named pointer to an image in an image stream. Default is "1.1". name: IMAGE_STREAM_TAG value: "1.1" required: false - displayName: Maven repository URL description: Fully qualified URL to a Maven repository or service. name: MAVEN_REPO_URL example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/ required: false - displayName: Maven repository username description: Username to access the Maven repository, if required. name: MAVEN_REPO_USERNAME required: false - displayName: Maven repository password description: Password to access the Maven repository, if required. name: MAVEN_REPO_PASSWORD required: false - displayName: Username for the Maven service hosted by Decision Central description: Username to access the Maven service hosted by Decision Central inside EAP. name: DECISION_CENTRAL_MAVEN_USERNAME required: true value: mavenUser - displayName: Password for the Maven service hosted by Decision Central description: Password to access the Maven service hosted by Decision Central inside EAP. name: DECISION_CENTRAL_MAVEN_PASSWORD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: true - displayName: Decision Central Volume Capacity description: Size of the persistent storage for Decision Central's runtime data. name: DECISION_CENTRAL_VOLUME_CAPACITY value: 1Gi required: true - displayName: Decision Central Container Memory Limit description: Decision Central Container memory limit name: DECISION_CENTRAL_MEMORY_LIMIT value: 2Gi required: false - displayName: Execution Server Container Memory Limit description: Execution Server Container memory limit name: EXCECUTION_SERVER_MEMORY_LIMIT value: 1Gi required: false objects: - kind: Service apiVersion: v1 spec: ports: - port: 8080 targetPort: 8080 selector: deploymentConfig: "${APPLICATION_NAME}-rhdmcentr" metadata: name: "${APPLICATION_NAME}-rhdmcentr" labels: application: "${APPLICATION_NAME}" annotations: description: The Decision Central web server's http port. - kind: Service apiVersion: v1 spec: ports: - port: 8443 targetPort: 8443 selector: deploymentConfig: "${APPLICATION_NAME}-rhdmcentr" metadata: name: secure-${APPLICATION_NAME}-rhdmcentr labels: application: "${APPLICATION_NAME}" annotations: description: The Decision Central web server's https port. - kind: Service apiVersion: v1 spec: ports: - port: 8001 targetPort: 8001 selector: deploymentConfig: "${APPLICATION_NAME}-rhdmcentr" metadata: name: ${APPLICATION_NAME}-rhdmcentr-git-ssh labels: application: "${APPLICATION_NAME}" annotations: description: The Decision Central Git SSH port - kind: Service apiVersion: v1 spec: ports: - port: 8080 targetPort: 8080 selector: deploymentConfig: "${APPLICATION_NAME}-kieserver" metadata: name: "${APPLICATION_NAME}-kieserver" labels: application: "${APPLICATION_NAME}" annotations: description: The KIE server web server's http port. - kind: Service apiVersion: v1 spec: ports: - port: 8443 targetPort: 8443 selector: deploymentConfig: "${APPLICATION_NAME}-kieserver" metadata: name: secure-${APPLICATION_NAME}-kieserver labels: application: "${APPLICATION_NAME}" annotations: description: The KIE server web server's https port. - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-rhdmcentr-http" metadata: name: "${APPLICATION_NAME}-rhdmcentr" labels: application: "${APPLICATION_NAME}" annotations: description: Route for Decision Central's http service. haproxy.router.openshift.io/timeout: 60s spec: host: "${DECISION_CENTRAL_HOSTNAME_HTTP}" to: name: "${APPLICATION_NAME}-rhdmcentr" - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-rhdmcentr-https" metadata: name: secure-${APPLICATION_NAME}-rhdmcentr labels: application: "${APPLICATION_NAME}" annotations: description: Route for Decision Central's https service. haproxy.router.openshift.io/timeout: 60s spec: host: "${DECISION_CENTRAL_HOSTNAME_HTTPS}" to: name: secure-${APPLICATION_NAME}-rhdmcentr tls: termination: passthrough - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-kieserver-http" metadata: name: "${APPLICATION_NAME}-kieserver" labels: application: "${APPLICATION_NAME}" annotations: description: Route for KIE server's http service. spec: host: "${EXECUTION_SERVER_HOSTNAME_HTTP}" to: name: "${APPLICATION_NAME}-kieserver" - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-kieserver-https" metadata: name: secure-${APPLICATION_NAME}-kieserver labels: application: "${APPLICATION_NAME}" annotations: description: Route for KIE server's https service. spec: host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}" to: name: secure-${APPLICATION_NAME}-kieserver tls: termination: passthrough - kind: DeploymentConfig apiVersion: v1 metadata: name: "${APPLICATION_NAME}-rhdmcentr" labels: application: "${APPLICATION_NAME}" spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "${APPLICATION_NAME}-rhdmcentr" from: kind: ImageStreamTag namespace: "${IMAGE_STREAM_NAMESPACE}" name: "rhdm70-decisioncentral-openshift:${IMAGE_STREAM_TAG}" - type: ConfigChange replicas: 1 selector: deploymentConfig: "${APPLICATION_NAME}-rhdmcentr" template: metadata: name: "${APPLICATION_NAME}-rhdmcentr" labels: deploymentConfig: "${APPLICATION_NAME}-rhdmcentr" application: "${APPLICATION_NAME}" spec: terminationGracePeriodSeconds: 60 containers: - name: "${APPLICATION_NAME}-rhdmcentr" image: rhdm70-decisioncentral-openshift imagePullPolicy: Always resources: limits: memory: "${DECISION_CENTRAL_MEMORY_LIMIT}" volumeMounts: - name: decisioncentral-keystore-volume mountPath: "/etc/decisioncentral-secret-volume" readOnly: true - name: "${APPLICATION_NAME}-rhdmcentr-pvol" mountPath: "/opt/eap/standalone/data/bpmsuite" livenessProbe: exec: command: - "/bin/bash" - "-c" - "/opt/eap/bin/livenessProbe.sh" readinessProbe: exec: command: - "/bin/bash" - "-c" - "/opt/eap/bin/readinessProbe.sh" ports: - name: jolokia containerPort: 8778 protocol: TCP - name: http containerPort: 8080 protocol: TCP - name: https containerPort: 8443 protocol: TCP - name: git-ssh containerPort: 8001 protocol: TCP env: - name: KIE_ADMIN_PWD value: "${KIE_ADMIN_PWD}" - name: KIE_ADMIN_USER value: "${KIE_ADMIN_USER}" - name: KIE_MBEANS value: "${KIE_MBEANS}" - name: KIE_SERVER_CONTROLLER_PWD value: "${KIE_SERVER_CONTROLLER_PWD}" - name: KIE_SERVER_CONTROLLER_USER value: "${KIE_SERVER_CONTROLLER_USER}" - name: KIE_SERVER_PWD value: "${KIE_SERVER_PWD}" - name: KIE_SERVER_USER value: "${KIE_SERVER_USER}" - name: MAVEN_REPO_URL value: "${MAVEN_REPO_URL}" - name: MAVEN_REPO_USERNAME value: "${MAVEN_REPO_USERNAME}" - name: MAVEN_REPO_PASSWORD value: "${MAVEN_REPO_PASSWORD}" - name: KIE_MAVEN_USER value: "${DECISION_CENTRAL_MAVEN_USERNAME}" - name: KIE_MAVEN_PWD value: "${DECISION_CENTRAL_MAVEN_PASSWORD}" - name: HTTPS_KEYSTORE_DIR value: "/etc/decisioncentral-secret-volume" - name: HTTPS_KEYSTORE value: "${DECISION_CENTRAL_HTTPS_KEYSTORE}" - name: HTTPS_NAME value: "${DECISION_CENTRAL_HTTPS_NAME}" - name: HTTPS_PASSWORD value: "${DECISION_CENTRAL_HTTPS_PASSWORD}" - name: ADMIN_USERNAME value: "${ADMIN_USERNAME}" - name: ADMIN_PASSWORD value: "${ADMIN_PASSWORD}" - name: PROBE_IMPL value: probe.eap.jolokia.EapProbe - name: PROBE_DISABLE_BOOT_ERRORS_CHECK value: 'true' volumes: - name: decisioncentral-keystore-volume secret: secretName: "${DECISION_CENTRAL_HTTPS_SECRET}" - name: "${APPLICATION_NAME}-rhdmcentr-pvol" persistentVolumeClaim: claimName: "${APPLICATION_NAME}-rhdmcentr-claim" - kind: DeploymentConfig apiVersion: v1 metadata: name: "${APPLICATION_NAME}-kieserver" labels: application: "${APPLICATION_NAME}" spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "${APPLICATION_NAME}-kieserver" from: kind: ImageStreamTag namespace: "${IMAGE_STREAM_NAMESPACE}" name: "rhdm70-kieserver-openshift:${IMAGE_STREAM_TAG}" - type: ConfigChange replicas: 1 selector: deploymentConfig: "${APPLICATION_NAME}-kieserver" template: metadata: name: "${APPLICATION_NAME}-kieserver" labels: deploymentConfig: "${APPLICATION_NAME}-kieserver" application: "${APPLICATION_NAME}" spec: terminationGracePeriodSeconds: 60 containers: - name: "${APPLICATION_NAME}-kieserver" image: rhdm70-kieserver-openshift imagePullPolicy: Always resources: limits: memory: "${EXCECUTION_SERVER_MEMORY_LIMIT}" volumeMounts: - name: kieserver-keystore-volume mountPath: "/etc/kieserver-secret-volume" readOnly: true livenessProbe: exec: command: - "/bin/bash" - "-c" - "/opt/eap/bin/livenessProbe.sh" readinessProbe: exec: command: - "/bin/bash" - "-c" - "/opt/eap/bin/readinessProbe.sh" ports: - name: jolokia containerPort: 8778 protocol: TCP - name: http containerPort: 8080 protocol: TCP - name: https containerPort: 8443 protocol: TCP env: - name: DROOLS_SERVER_FILTER_CLASSES value: "${DROOLS_SERVER_FILTER_CLASSES}" - name: KIE_ADMIN_PWD value: "${KIE_ADMIN_PWD}" - name: KIE_ADMIN_USER value: "${KIE_ADMIN_USER}" - name: KIE_MBEANS value: "${KIE_MBEANS}" - name: KIE_SERVER_BYPASS_AUTH_USER value: "${KIE_SERVER_BYPASS_AUTH_USER}" - name: KIE_SERVER_CONTROLLER_PWD value: "${KIE_SERVER_CONTROLLER_PWD}" - name: KIE_SERVER_CONTROLLER_SERVICE value: "${APPLICATION_NAME}-rhdmcentr" - name: KIE_SERVER_CONTROLLER_USER value: "${KIE_SERVER_CONTROLLER_USER}" - name: KIE_SERVER_ID value: "${KIE_SERVER_ID}" - name: KIE_SERVER_HOST valueFrom: fieldRef: fieldPath: status.podIP - name: KIE_SERVER_PWD value: "${KIE_SERVER_PWD}" - name: KIE_SERVER_USER value: "${KIE_SERVER_USER}" - name: MAVEN_REPOS value: "RHDMCENTR,EXTERNAL" - name: RHDMCENTR_MAVEN_REPO_SERVICE value: "${APPLICATION_NAME}-rhdmcentr" - name: RHDMCENTR_MAVEN_REPO_PATH value: "/maven2/" - name: RHDMCENTR_MAVEN_REPO_USERNAME value: "${DECISION_CENTRAL_MAVEN_USERNAME}" - name: RHDMCENTR_MAVEN_REPO_PASSWORD value: "${DECISION_CENTRAL_MAVEN_PASSWORD}" - name: EXTERNAL_MAVEN_REPO_URL value: "${MAVEN_REPO_URL}" - name: EXTERNAL_MAVEN_REPO_USERNAME value: "${MAVEN_REPO_USERNAME}" - name: EXTERNAL_MAVEN_REPO_PASSWORD value: "${MAVEN_REPO_PASSWORD}" - name: HTTPS_KEYSTORE_DIR value: "/etc/kieserver-secret-volume" - name: HTTPS_KEYSTORE value: "${KIE_SERVER_HTTPS_KEYSTORE}" - name: HTTPS_NAME value: "${KIE_SERVER_HTTPS_NAME}" - name: HTTPS_PASSWORD value: "${KIE_SERVER_HTTPS_PASSWORD}" volumes: - name: kieserver-keystore-volume secret: secretName: "${KIE_SERVER_HTTPS_SECRET}" - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: "${APPLICATION_NAME}-rhdmcentr-claim" labels: application: "${APPLICATION_NAME}" spec: accessModes: - ReadWriteOnce resources: requests: storage: "${DECISION_CENTRAL_VOLUME_CAPACITY}"