--- kind: Template apiVersion: v1 metadata: annotations: description: Application template for system integration testing, for Red Hat Process Automation Manager 7.0 iconClass: icon-jboss tags: rhpam,jboss,xpaas version: 1.4.0 openshift.io/display-name: Red Hat Process Automation Manager 7.0 SIT environment name: rhpam70-sit labels: template: rhpam70-sit xpaas: 1.4.0 message: A new environment has been set up for Red Hat Process Automation Manager 7. The username/password for accessing Business Central Monitoring is ${KIE_ADMIN_USER}/${KIE_ADMIN_PWD}. Both sets of KIE servers are configured with the username/password of ${KIE_SERVER_USER}/${KIE_SERVER_PWD}. parameters: - displayName: Application Name description: The name for the application. name: APPLICATION_NAME value: myapp required: true - displayName: Maven repository URL description: Fully qualified URL to a Maven repository or service. name: MAVEN_REPO_URL example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/ required: true - displayName: Maven repository username description: Username to access the Maven repository. name: MAVEN_REPO_USERNAME required: true - displayName: Maven repository password description: Password to access the Maven repository. name: MAVEN_REPO_PASSWORD required: true - displayName: EAP Admin User description: EAP administrator username name: ADMIN_USERNAME value: eapadmin required: false - displayName: EAP Admin Password description: EAP administrator password name: ADMIN_PASSWORD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: false - displayName: KIE Admin User description: KIE administrator username name: KIE_ADMIN_USER value: adminUser required: false - displayName: KIE Admin Password description: KIE administrator password name: KIE_ADMIN_PWD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: false - displayName: KIE Server User description: KIE execution server username (Sets the org.kie.server.user system property) name: KIE_SERVER_USER value: executionUser required: false - displayName: KIE Server Password description: KIE execution server password (Sets the org.kie.server.pwd system property) name: KIE_SERVER_PWD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: false - displayName: ImageStream Namespace description: Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project. name: IMAGE_STREAM_NAMESPACE value: openshift required: true - displayName: ImageStream Tag description: A named pointer to an image in an image stream. Default is "1.0". name: IMAGE_STREAM_TAG value: "1.0" required: false - displayName: Smart Router Custom http Route Hostname description: Custom hostname for http service route. Leave blank for default hostname, e.g. -smartrouter-.' name: SMART_ROUTER_HOSTNAME_HTTP value: '' required: false - displayName: Smart Router ID description: Router ID used when connecting to the controller (router property org.kie.server.router.id) name: KIE_SERVER_ROUTER_ID value: kie-server-router - displayName: Smart Router listening port description: Port in which the smart router server listens (router property org.kie.server.router.port) name: KIE_SERVER_ROUTER_PORT example: "9000" required: false - displayName: Smart Router protocol description: KIE server router protocol (Used to build the org.kie.server.router.url.external property) name: KIE_SERVER_ROUTER_PROTOCOL example: "http" required: false - displayName: Smart Router external URL description: Public URL where the router can be found. Format http://: (router property org.kie.server.router.url.external) name: KIE_SERVER_ROUTER_URL_EXTERNAL - displayName: Smart Router name description: Router name used when connecting to the controller (router property org.kie.server.router.name) name: KIE_SERVER_ROUTER_NAME value: KIE Server Router - displayName: KIE Server Controller User description: KIE server controller username (Sets the org.kie.server.controller.user system property) name: KIE_SERVER_CONTROLLER_USER value: controllerUser required: false - displayName: KIE Server Controller Password description: KIE server controller password (Sets the org.kie.server.controller.pwd system property) name: KIE_SERVER_CONTROLLER_PWD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: false - displayName: KIE Server Persistence DS description: KIE execution server persistence datasource (Sets the org.kie.server.persistence.ds system property) name: KIE_SERVER_PERSISTENCE_DS value: java:/jboss/datasources/rhpam required: false ## PostgreSQL database parameters BEGIN - displayName: PostgreSQL ImageStream Tag description: The PostgreSQL image version, which is intended to correspond to the PostgreSQL version. Default is "9.6". name: POSTGRESQL_IMAGE_STREAM_TAG value: "9.6" required: false - displayName: KIE Server PostgreSQL Database User description: KIE execution server PostgreSQL database username name: KIE_SERVER_POSTGRESQL_USER value: rhpam required: false - displayName: KIE Server PostgreSQL Database Password description: KIE execution server PostgreSQL database password name: KIE_SERVER_POSTGRESQL_PWD from: "[a-zA-Z]{6}[0-9]{1}!" generate: expression required: false - displayName: KIE Server PostgreSQL Database Name description: KIE execution server PostgreSQL database name name: KIE_SERVER_POSTGRESQL_DB value: rhpam7 required: false - displayName: PostgreSQL Database max prepared connections description: Allows the PostgreSQL to handle XA transactions. name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS value: '100' required: true - displayName: Database Volume Capacity description: Size of persistent storage for database volume. name: DB_VOLUME_CAPACITY value: 1Gi required: true ## PostgreSQL database parameters END - displayName: Drools Server Filter Classes description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property) name: DROOLS_SERVER_FILTER_CLASSES value: 'true' required: false - displayName: KIE MBeans description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties) name: KIE_MBEANS value: enabled required: false - displayName: Business Central Monitoring Custom http Route Hostname description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: -rhpamcentrmon-.' name: BUSINESS_CENTRAL_HOSTNAME_HTTP value: '' required: false - displayName: Business Central Monitoring Custom https Route Hostname description: 'Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--rhpamcentrmon-.' name: BUSINESS_CENTRAL_HOSTNAME_HTTPS value: '' required: false - displayName: Execution Server 1 Custom http Route Hostname description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: -kieserver-.' name: EXECUTION_SERVER1_HOSTNAME_HTTP value: '' required: false - displayName: Execution Server 1 Custom https Route Hostname description: 'Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--kieserver-.' name: EXECUTION_SERVER1_HOSTNAME_HTTPS value: '' required: false - displayName: Execution Server 2 Custom http Route Hostname description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: -kieserver-.' name: EXECUTION_SERVER2_HOSTNAME_HTTP value: '' required: false - displayName: Execution Server 2 Custom https Route Hostname description: 'Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--kieserver-.' name: EXECUTION_SERVER2_HOSTNAME_HTTPS value: '' required: false - displayName: Business Central Monitoring Server Keystore Secret Name description: The name of the secret containing the keystore file name: BUSINESS_CENTRAL_HTTPS_SECRET example: businesscentral-app-secret required: true - displayName: Business Central Monitoring Server Keystore Filename description: The name of the keystore file within the secret name: BUSINESS_CENTRAL_HTTPS_KEYSTORE value: keystore.jks required: false - displayName: Business Central Monitoring Server Certificate Name description: The name associated with the server certificate name: BUSINESS_CENTRAL_HTTPS_NAME value: jboss required: false - displayName: Business Central Monitoring Server Keystore Password description: The password for the keystore and certificate name: BUSINESS_CENTRAL_HTTPS_PASSWORD value: mykeystorepass required: false - displayName: KIE Server Keystore Secret Name description: The name of the secret containing the keystore file name: KIE_SERVER_HTTPS_SECRET example: kieserver-app-secret required: true - displayName: KIE Server Keystore Filename description: The name of the keystore file within the secret name: KIE_SERVER_HTTPS_KEYSTORE value: keystore.jks required: false - displayName: KIE Server Certificate Name description: The name associated with the server certificate name: KIE_SERVER_HTTPS_NAME value: jboss required: false - displayName: KIE Server Keystore Password description: The password for the keystore and certificate name: KIE_SERVER_HTTPS_PASSWORD value: mykeystorepass required: false - displayName: KIE Server Bypass Auth User description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property) name: KIE_SERVER_BYPASS_AUTH_USER value: 'false' required: false - displayName: "Timer service data store refresh interval (in milliseconds)" description: "Sets refresh-interval for the EJB timer service database-data-store." name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL value: '30000' required: false - displayName: Business Central Monitoring Container Memory Limit description: Business Central Monitoring Container memory limit name: BUSINESS_CENTRAL_MEMORY_LIMIT value: 2Gi required: false - displayName: Execution Server Container Memory Limit description: Execution Server Container memory limit name: EXECUTION_SERVER_MEMORY_LIMIT value: 1Gi required: false - displayName: Smart Router Container Memory Limit description: Smart Router Container memory limit name: SMART_ROUTER_MEMORY_LIMIT value: 512Mi required: false - displayName: RH-SSO URL description: RH-SSO URL name: SSO_URL example: https://rh-sso.example.com/auth required: false - displayName: RH-SSO Realm name description: RH-SSO Realm name name: SSO_REALM required: false - displayName: Business Central Monitoring RH-SSO Client name description: Business Central Monitoring RH-SSO Client name name: BUSINESS_CENTRAL_SSO_CLIENT required: false - displayName: Business Central Monitoring RH-SSO Client Secret description: Business Central Monitoring RH-SSO Client Secret name: BUSINESS_CENTRAL_SSO_SECRET example: "252793ed-7118-4ca8-8dab-5622fa97d892" required: false - displayName: KIE Server 1 RH-SSO Client name description: KIE Server 1 RH-SSO Client name name: KIE_SERVER1_SSO_CLIENT required: false - displayName: KIE Server 1 RH-SSO Client Secret description: KIE Server 1 RH-SSO Client Secret name: KIE_SERVER1_SSO_SECRET example: "252793ed-7118-4ca8-8dab-5622fa97d892" required: false - displayName: KIE Server 2 RH-SSO Client name description: KIE Server 2 RH-SSO Client name name: KIE_SERVER2_SSO_CLIENT required: false - displayName: KIE Server 2 RH-SSO Client Secret description: KIE Server 2 RH-SSO Client Secret name: KIE_SERVER2_SSO_SECRET example: "252793ed-7118-4ca8-8dab-5622fa97d892" required: false - displayName: RH-SSO Realm Admin Username description: RH-SSO Realm Admin Username used to create the Client if it doesn't exist name: SSO_USERNAME required: false - displayName: RH-SSO Realm Admin Password description: RH-SSO Realm Admin Password used to create the Client name: SSO_PASSWORD required: false - displayName: RH-SSO Disable SSL Certificate Validation description: RH-SSO Disable SSL Certificate Validation name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION value: "false" required: false objects: - kind: Service apiVersion: v1 spec: ports: - name: http port: 8080 targetPort: 8080 - name: https port: 8443 targetPort: 8443 selector: deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon" metadata: name: "${APPLICATION_NAME}-rhpamcentrmon" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-rhpamcentrmon" annotations: description: All the Business Central Monitoring web server's ports. - kind: Service apiVersion: v1 spec: clusterIP: "None" ports: - name: "ping" port: 8888 selector: deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon" metadata: name: "${APPLICATION_NAME}-rhpamcentrmon-ping" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-rhpamcentrmon" annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" description: "The JGroups ping port for clustering." - kind: Service apiVersion: v1 spec: ports: - port: 9000 targetPort: 9000 selector: deploymentConfig: "${APPLICATION_NAME}-smartrouter" metadata: name: "${APPLICATION_NAME}-smartrouter" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-smartrouter" annotations: description: The smart router server http port. ## KIE server services 1 BEGIN - kind: Service apiVersion: v1 spec: ports: - name: http port: 8080 targetPort: 8080 - name: https port: 8443 targetPort: 8443 selector: deploymentConfig: "${APPLICATION_NAME}-kieserver-1" metadata: name: "${APPLICATION_NAME}-kieserver-1" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-1" annotations: description: All the KIE server web server's ports. (First execution server) - kind: Service apiVersion: v1 spec: clusterIP: "None" ports: - name: "ping" port: 8888 selector: deploymentConfig: "${APPLICATION_NAME}-kieserver-1" metadata: name: "${APPLICATION_NAME}-kieserver-1-ping" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-1" annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" description: "The JGroups ping port for clustering." ## KIE server services 1 END ## KIE server services 2 BEGIN - kind: Service apiVersion: v1 spec: ports: - name: http port: 8080 targetPort: 8080 - name: https port: 8443 targetPort: 8443 selector: deploymentConfig: "${APPLICATION_NAME}-kieserver-2" metadata: name: "${APPLICATION_NAME}-kieserver-2" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-2" annotations: description: All the KIE server web server's ports. (Second execution server) - kind: Service apiVersion: v1 spec: clusterIP: "None" ports: - name: "ping" port: 8888 selector: deploymentConfig: "${APPLICATION_NAME}-kieserver-2" metadata: name: "${APPLICATION_NAME}-kieserver-2-ping" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-2" annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" description: "The JGroups ping port for clustering." ## KIE server services 2 BEGIN ## PostgreSQL service 1 BEGIN - apiVersion: v1 kind: Service metadata: annotations: description: The first database server's port. labels: application: ${APPLICATION_NAME} service: "${APPLICATION_NAME}-postgresql-1" name: ${APPLICATION_NAME}-postgresql-1 spec: ports: - port: 5432 targetPort: 5432 selector: deploymentConfig: ${APPLICATION_NAME}-postgresql-1 ## PostgreSQL service 1 END ## PostgreSQL service 2 BEGIN - apiVersion: v1 kind: Service metadata: annotations: description: The second database server's port. labels: application: ${APPLICATION_NAME} service: "${APPLICATION_NAME}-postgresql-2" name: ${APPLICATION_NAME}-postgresql-2 spec: ports: - port: 5432 targetPort: 5432 selector: deploymentConfig: ${APPLICATION_NAME}-postgresql-2 ## PostgreSQL service 2 END - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-rhpamcentrmon-http" metadata: name: "${APPLICATION_NAME}-rhpamcentrmon" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-rhpamcentrmon" annotations: description: Route for Business Central Monitoring's http service. haproxy.router.openshift.io/timeout: 60s spec: host: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}" to: name: "${APPLICATION_NAME}-rhpamcentrmon" port: targetPort: http - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-rhpamcentrmon-https" metadata: name: "secure-${APPLICATION_NAME}-rhpamcentrmon" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-rhpamcentrmon" annotations: description: Route for Business Central Monitoring's https service. haproxy.router.openshift.io/timeout: 60s spec: host: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}" to: name: "${APPLICATION_NAME}-rhpamcentrmon" port: targetPort: https tls: termination: passthrough ## KIE server routes 1 BEGIN - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-kieserver-1-http" metadata: name: "${APPLICATION_NAME}-kieserver-1" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-1" annotations: description: Route for First KIE server's http service. spec: host: "${EXECUTION_SERVER1_HOSTNAME_HTTP}" to: name: "${APPLICATION_NAME}-kieserver-1" port: targetPort: http - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-kieserver-1-https" metadata: name: "secure-${APPLICATION_NAME}-kieserver-1" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-1" annotations: description: Route for First KIE server's https service. spec: host: "${EXECUTION_SERVER1_HOSTNAME_HTTPS}" to: name: "${APPLICATION_NAME}-kieserver-1" port: targetPort: https tls: termination: passthrough ## KIE server routes 1 END ## KIE server routes 2 BEGIN - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-kieserver-2-http" metadata: name: "${APPLICATION_NAME}-kieserver-2" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-2" annotations: description: Route for Second KIE server's http service. spec: host: "${EXECUTION_SERVER2_HOSTNAME_HTTP}" to: name: "${APPLICATION_NAME}-kieserver-2" port: targetPort: http - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-kieserver-2-https" metadata: name: "secure-${APPLICATION_NAME}-kieserver-2" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-2" annotations: description: Route for Second KIE server's https service. spec: host: "${EXECUTION_SERVER2_HOSTNAME_HTTPS}" to: name: "${APPLICATION_NAME}-kieserver-2" port: targetPort: https tls: termination: passthrough - kind: Route apiVersion: v1 id: "${APPLICATION_NAME}-smartrouter-http" metadata: name: "${APPLICATION_NAME}-smartrouter" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-smartrouter" annotations: description: Route for Smart Router's http service. spec: host: "${SMART_ROUTER_HOSTNAME_HTTP}" to: name: "${APPLICATION_NAME}-smartrouter" ## KIE server routes 2 BEGIN - kind: DeploymentConfig apiVersion: v1 metadata: name: "${APPLICATION_NAME}-rhpamcentrmon" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-rhpamcentrmon" spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "${APPLICATION_NAME}-rhpamcentrmon" from: kind: ImageStreamTag namespace: "${IMAGE_STREAM_NAMESPACE}" name: "rhpam70-businesscentral-monitoring-openshift:${IMAGE_STREAM_TAG}" - type: ConfigChange replicas: 1 selector: deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon" template: metadata: name: "${APPLICATION_NAME}-rhpamcentrmon" labels: deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon" application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-rhpamcentrmon" spec: terminationGracePeriodSeconds: 60 containers: - name: "${APPLICATION_NAME}-rhpamcentrmon" image: rhpam70-businesscentral-monitoring-openshift imagePullPolicy: Always resources: limits: memory: "${BUSINESS_CENTRAL_MEMORY_LIMIT}" volumeMounts: - name: businesscentral-keystore-volume mountPath: "/etc/businesscentral-secret-volume" readOnly: true - name: "${APPLICATION_NAME}-rhpamcentr-pvol" mountPath: "/opt/eap/standalone/data/bpmsuite" livenessProbe: exec: command: - "/bin/bash" - "-c" - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp" initialDelaySeconds: 180 timeoutSeconds: 2 periodSeconds: 15 readinessProbe: exec: command: - "/bin/bash" - "-c" - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp" initialDelaySeconds: 60 timeoutSeconds: 2 periodSeconds: 30 failureThreshold: 6 ports: - name: jolokia containerPort: 8778 protocol: TCP - name: http containerPort: 8080 protocol: TCP - name: https containerPort: 8443 protocol: TCP - name: ping containerPort: 8888 protocol: TCP env: - name: KIE_ADMIN_PWD value: "${KIE_ADMIN_PWD}" - name: KIE_ADMIN_USER value: "${KIE_ADMIN_USER}" - name: KIE_SERVER_PWD value: "${KIE_SERVER_PWD}" - name: KIE_SERVER_USER value: "${KIE_SERVER_USER}" - name: MAVEN_REPO_URL value: "${MAVEN_REPO_URL}" - name: MAVEN_REPO_USERNAME value: "${MAVEN_REPO_USERNAME}" - name: MAVEN_REPO_PASSWORD value: "${MAVEN_REPO_PASSWORD}" - name: ADMIN_USERNAME value: "${ADMIN_USERNAME}" - name: ADMIN_PASSWORD value: "${ADMIN_PASSWORD}" - name: KIE_SERVER_CONTROLLER_PWD value: ${KIE_SERVER_CONTROLLER_PWD} - name: KIE_SERVER_CONTROLLER_USER value: ${KIE_SERVER_CONTROLLER_USER} - name: PROBE_IMPL value: probe.eap.jolokia.EapProbe - name: PROBE_DISABLE_BOOT_ERRORS_CHECK value: 'true' - name: HTTPS_KEYSTORE_DIR value: "/etc/businesscentral-secret-volume" - name: HTTPS_KEYSTORE value: "${BUSINESS_CENTRAL_HTTPS_KEYSTORE}" - name: HTTPS_NAME value: "${BUSINESS_CENTRAL_HTTPS_NAME}" - name: HTTPS_PASSWORD value: "${BUSINESS_CENTRAL_HTTPS_PASSWORD}" - name: JGROUPS_PING_PROTOCOL value: "openshift.DNS_PING" - name: OPENSHIFT_DNS_PING_SERVICE_NAME value: "${APPLICATION_NAME}-rhpamcentrmon-ping" - name: OPENSHIFT_DNS_PING_SERVICE_PORT value: "8888" - name: SSO_URL value: "${SSO_URL}" - name: SSO_OPENIDCONNECT_DEPLOYMENTS value: "ROOT.war" - name: SSO_REALM value: "${SSO_REALM}" - name: SSO_SECRET value: "${BUSINESS_CENTRAL_SSO_SECRET}" - name: SSO_CLIENT value: "${BUSINESS_CENTRAL_SSO_CLIENT}" - name: SSO_USERNAME value: "${SSO_USERNAME}" - name: SSO_PASSWORD value: "${SSO_PASSWORD}" - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" - name: HOSTNAME_HTTP value: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}" - name: HOSTNAME_HTTPS value: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}" volumes: - name: businesscentral-keystore-volume secret: secretName: "${BUSINESS_CENTRAL_HTTPS_SECRET}" - name: "${APPLICATION_NAME}-rhpamcentr-pvol" persistentVolumeClaim: claimName: "${APPLICATION_NAME}-rhpamcentr-claim" - kind: DeploymentConfig apiVersion: v1 metadata: name: ${APPLICATION_NAME}-smartrouter labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-smartrouter" spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "${APPLICATION_NAME}-smartrouter" from: kind: ImageStreamTag namespace: "${IMAGE_STREAM_NAMESPACE}" name: "rhpam70-smartrouter-openshift:${IMAGE_STREAM_TAG}" - type: ConfigChange replicas: 1 selector: deploymentConfig: "${APPLICATION_NAME}-smartrouter" template: metadata: name: "${APPLICATION_NAME}-smartrouter" labels: application: "${APPLICATION_NAME}" deploymentConfig: "${APPLICATION_NAME}-smartrouter" service: "${APPLICATION_NAME}-smartrouter" spec: terminationGracePeriodSeconds: 60 containers: - name: "${APPLICATION_NAME}-smartrouter" image: rhpam70-smartrouter-openshift imagePullPolicy: Always resources: limits: memory: "${SMART_ROUTER_MEMORY_LIMIT}" ports: - name: http containerPort: 9000 protocol: TCP env: - name: KIE_SERVER_ROUTER_HOST valueFrom: fieldRef: fieldPath: status.podIP - name: KIE_SERVER_ROUTER_PORT value: "${KIE_SERVER_ROUTER_PORT}" - name: KIE_SERVER_ROUTER_URL_EXTERNAL value: "${KIE_SERVER_ROUTER_URL_EXTERNAL}" - name: KIE_SERVER_ROUTER_ID value: "${KIE_SERVER_ROUTER_ID}" - name: KIE_SERVER_ROUTER_NAME value: "${KIE_SERVER_ROUTER_NAME}" - name: KIE_SERVER_ROUTER_PROTOCOL value: "${KIE_SERVER_ROUTER_PROTOCOL}" - name: KIE_SERVER_CONTROLLER_USER value: "${KIE_SERVER_CONTROLLER_USER}" - name: KIE_SERVER_CONTROLLER_PWD value: "${KIE_SERVER_CONTROLLER_PWD}" - name: KIE_SERVER_CONTROLLER_SERVICE value: "${APPLICATION_NAME}-rhpamcentrmon" - name: KIE_SERVER_ROUTER_REPO value: "/opt/rhpam-smartrouter/data" - name: KIE_SERVER_ROUTER_CONFIG_WATCHER_ENABLED value: "true" volumeMounts: - name: "${APPLICATION_NAME}-smartrouter" mountPath: "/opt/rhpam-smartrouter/data" volumes: - name: "${APPLICATION_NAME}-smartrouter" persistentVolumeClaim: claimName: "${APPLICATION_NAME}-smartrouter-claim" ## KIE server deployment config 1 BEGIN - kind: DeploymentConfig apiVersion: v1 metadata: name: "${APPLICATION_NAME}-kieserver-1" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-1" spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "${APPLICATION_NAME}-kieserver-1" from: kind: ImageStreamTag namespace: "${IMAGE_STREAM_NAMESPACE}" name: "rhpam70-kieserver-openshift:${IMAGE_STREAM_TAG}" - type: ConfigChange replicas: 1 selector: deploymentConfig: "${APPLICATION_NAME}-kieserver-1" template: metadata: name: "${APPLICATION_NAME}-kieserver-1" labels: deploymentConfig: "${APPLICATION_NAME}-kieserver-1" application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-1" spec: terminationGracePeriodSeconds: 60 containers: - name: "${APPLICATION_NAME}-kieserver-1" image: rhpam70-kieserver-openshift imagePullPolicy: Always resources: limits: memory: "${EXECUTION_SERVER_MEMORY_LIMIT}" volumeMounts: - name: kieserver-keystore-volume mountPath: "/etc/kieserver-secret-volume" readOnly: true livenessProbe: exec: command: - "/bin/bash" - "-c" - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/healthcheck" initialDelaySeconds: 180 timeoutSeconds: 2 periodSeconds: 15 failureThreshold: 3 readinessProbe: exec: command: - "/bin/bash" - "-c" - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck" initialDelaySeconds: 60 timeoutSeconds: 2 periodSeconds: 30 failureThreshold: 6 ports: - name: jolokia containerPort: 8778 protocol: TCP - name: http containerPort: 8080 protocol: TCP - name: https containerPort: 8443 protocol: TCP - name: ping containerPort: 8888 protocol: TCP env: - name: DROOLS_SERVER_FILTER_CLASSES value: "${DROOLS_SERVER_FILTER_CLASSES}" - name: KIE_ADMIN_USER value: "${KIE_ADMIN_USER}" - name: KIE_ADMIN_PWD value: "${KIE_ADMIN_PWD}" - name: KIE_MBEANS value: "${KIE_MBEANS}" - name: KIE_SERVER_BYPASS_AUTH_USER value: "${KIE_SERVER_BYPASS_AUTH_USER}" - name: KIE_SERVER_CONTROLLER_USER value: "${KIE_SERVER_CONTROLLER_USER}" - name: KIE_SERVER_CONTROLLER_PWD value: "${KIE_SERVER_CONTROLLER_PWD}" - name: KIE_SERVER_CONTROLLER_SERVICE value: "${APPLICATION_NAME}-rhpamcentrmon" - name: KIE_SERVER_ID value: "kie-server-1" - name: KIE_SERVER_HOST valueFrom: fieldRef: fieldPath: status.podIP - name: KIE_SERVER_USER value: "${KIE_SERVER_USER}" - name: KIE_SERVER_PWD value: "${KIE_SERVER_PWD}" - name: KIE_SERVER_CONTAINER_DEPLOYMENT value: "" - name: MAVEN_REPO_URL value: "${MAVEN_REPO_URL}" - name: MAVEN_REPO_USERNAME value: "${MAVEN_REPO_USERNAME}" - name: MAVEN_REPO_PASSWORD value: "${MAVEN_REPO_PASSWORD}" - name: KIE_SERVER_ROUTER_SERVICE value: "${APPLICATION_NAME}-smartrouter" - name: KIE_SERVER_ROUTER_PORT value: "${KIE_SERVER_ROUTER_PORT}" - name: KIE_SERVER_ROUTER_PROTOCOL value: "${KIE_SERVER_ROUTER_PROTOCOL}" - name: KIE_SERVER_PERSISTENCE_DS value: "${KIE_SERVER_PERSISTENCE_DS}" - name: DATASOURCES value: "RHPAM" - name: RHPAM_DATABASE value: "${KIE_SERVER_POSTGRESQL_DB}" - name: RHPAM_JNDI value: "${KIE_SERVER_PERSISTENCE_DS}" - name: RHPAM_JTA value: "true" - name: RHPAM_TX_ISOLATION value: "TRANSACTION_READ_UNCOMMITTED" ## PostgreSQL driver settings 1 BEGIN - name: RHPAM_DRIVER value: "postgresql" - name: RHPAM_USERNAME value: "${KIE_SERVER_POSTGRESQL_USER}" - name: RHPAM_PASSWORD value: "${KIE_SERVER_POSTGRESQL_PWD}" - name: RHPAM_SERVICE_HOST value: "${APPLICATION_NAME}-postgresql-1" - name: RHPAM_SERVICE_PORT value: "5432" - name: TIMER_SERVICE_DATA_STORE value: "${APPLICATION_NAME}-postgresql-1" - name: KIE_SERVER_PERSISTENCE_DIALECT value: "org.hibernate.dialect.PostgreSQLDialect" ## PostgreSQL driver settings 1 END - name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL value: "${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}" - name: HTTPS_KEYSTORE_DIR value: "/etc/kieserver-secret-volume" - name: HTTPS_KEYSTORE value: "${KIE_SERVER_HTTPS_KEYSTORE}" - name: HTTPS_NAME value: "${KIE_SERVER_HTTPS_NAME}" - name: HTTPS_PASSWORD value: "${KIE_SERVER_HTTPS_PASSWORD}" - name: JGROUPS_PING_PROTOCOL value: "openshift.DNS_PING" - name: OPENSHIFT_DNS_PING_SERVICE_NAME value: "${APPLICATION_NAME}-kieserver-1-ping" - name: OPENSHIFT_DNS_PING_SERVICE_PORT value: "8888" - name: SSO_URL value: "${SSO_URL}" - name: SSO_OPENIDCONNECT_DEPLOYMENTS value: "ROOT.war" - name: SSO_REALM value: "${SSO_REALM}" - name: SSO_SECRET value: "${KIE_SERVER1_SSO_SECRET}" - name: SSO_CLIENT value: "${KIE_SERVER1_SSO_CLIENT}" - name: SSO_USERNAME value: "${SSO_USERNAME}" - name: SSO_PASSWORD value: "${SSO_PASSWORD}" - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" - name: HOSTNAME_HTTP value: "${EXECUTION_SERVER1_HOSTNAME_HTTP}" - name: HOSTNAME_HTTPS value: "${EXECUTION_SERVER1_HOSTNAME_HTTPS}" volumes: - name: kieserver-keystore-volume secret: secretName: "${KIE_SERVER_HTTPS_SECRET}" ## KIE server deployment config 1 END ## PostgreSQL deployment config 1 BEGIN - kind: DeploymentConfig apiVersion: v1 metadata: name: "${APPLICATION_NAME}-postgresql-1" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-postgresql-1" spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "${APPLICATION_NAME}-postgresql-1" from: kind: ImageStreamTag namespace: "${IMAGE_STREAM_NAMESPACE}" name: "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" - type: ConfigChange replicas: 1 selector: deploymentConfig: "${APPLICATION_NAME}-postgresql-1" template: metadata: name: "${APPLICATION_NAME}-postgresql-1" labels: deploymentConfig: "${APPLICATION_NAME}-postgresql-1" application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-postgresql-1" spec: terminationGracePeriodSeconds: 60 containers: - name: "${APPLICATION_NAME}-postgresql-1" image: postgresql imagePullPolicy: Always ports: - containerPort: 5432 protocol: TCP volumeMounts: - mountPath: "/var/lib/postgresql/data" name: "${APPLICATION_NAME}-postgresql-pvol" env: - name: POSTGRESQL_USER value: "${KIE_SERVER_POSTGRESQL_USER}" - name: POSTGRESQL_PASSWORD value: "${KIE_SERVER_POSTGRESQL_PWD}" - name: POSTGRESQL_DATABASE value: "${KIE_SERVER_POSTGRESQL_DB}" - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS value: "${POSTGRESQL_MAX_PREPARED_TRANSACTIONS}" volumes: - name: "${APPLICATION_NAME}-postgresql-pvol" persistentVolumeClaim: claimName: "${APPLICATION_NAME}-postgresql-claim-1" ## PostgreSQL deployment config 1 END ## KIE server deployment config 2 BEGIN - kind: DeploymentConfig apiVersion: v1 metadata: name: "${APPLICATION_NAME}-kieserver-2" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-2" spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "${APPLICATION_NAME}-kieserver-2" from: kind: ImageStreamTag namespace: "${IMAGE_STREAM_NAMESPACE}" name: "rhpam70-kieserver-openshift:${IMAGE_STREAM_TAG}" - type: ConfigChange replicas: 1 selector: deploymentConfig: "${APPLICATION_NAME}-kieserver-2" template: metadata: name: "${APPLICATION_NAME}-kieserver-2" labels: deploymentConfig: "${APPLICATION_NAME}-kieserver-2" application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-kieserver-2" spec: terminationGracePeriodSeconds: 60 containers: - name: "${APPLICATION_NAME}-kieserver-2" image: rhpam70-kieserver-openshift imagePullPolicy: Always resources: limits: memory: "${EXECUTION_SERVER_MEMORY_LIMIT}" volumeMounts: - name: kieserver-keystore-volume mountPath: "/etc/kieserver-secret-volume" readOnly: true livenessProbe: exec: command: - "/bin/bash" - "-c" - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/healthcheck" initialDelaySeconds: 180 timeoutSeconds: 2 periodSeconds: 15 failureThreshold: 3 readinessProbe: exec: command: - "/bin/bash" - "-c" - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck" initialDelaySeconds: 60 timeoutSeconds: 2 periodSeconds: 30 failureThreshold: 6 ports: - name: jolokia containerPort: 8778 protocol: TCP - name: http containerPort: 8080 protocol: TCP - name: https containerPort: 8443 protocol: TCP - name: ping containerPort: 8888 protocol: TCP env: - name: DROOLS_SERVER_FILTER_CLASSES value: "${DROOLS_SERVER_FILTER_CLASSES}" - name: KIE_ADMIN_USER value: "${KIE_ADMIN_USER}" - name: KIE_ADMIN_PWD value: "${KIE_ADMIN_PWD}" - name: KIE_MBEANS value: "${KIE_MBEANS}" - name: KIE_SERVER_BYPASS_AUTH_USER value: "${KIE_SERVER_BYPASS_AUTH_USER}" - name: KIE_SERVER_CONTROLLER_USER value: "${KIE_SERVER_CONTROLLER_USER}" - name: KIE_SERVER_CONTROLLER_PWD value: "${KIE_SERVER_CONTROLLER_PWD}" - name: KIE_SERVER_CONTROLLER_SERVICE value: "${APPLICATION_NAME}-rhpamcentrmon" - name: KIE_SERVER_ID value: "kie-server-2" - name: KIE_SERVER_HOST valueFrom: fieldRef: fieldPath: status.podIP - name: KIE_SERVER_USER value: "${KIE_SERVER_USER}" - name: KIE_SERVER_PWD value: "${KIE_SERVER_PWD}" - name: KIE_SERVER_CONTAINER_DEPLOYMENT value: "" - name: MAVEN_REPO_URL value: "${MAVEN_REPO_URL}" - name: MAVEN_REPO_USERNAME value: "${MAVEN_REPO_USERNAME}" - name: MAVEN_REPO_PASSWORD value: "${MAVEN_REPO_PASSWORD}" - name: KIE_SERVER_ROUTER_SERVICE value: "${APPLICATION_NAME}-smartrouter" - name: KIE_SERVER_ROUTER_PORT value: "${KIE_SERVER_ROUTER_PORT}" - name: KIE_SERVER_ROUTER_PROTOCOL value: "${KIE_SERVER_ROUTER_PROTOCOL}" - name: KIE_SERVER_PERSISTENCE_DS value: "${KIE_SERVER_PERSISTENCE_DS}" - name: DATASOURCES value: "RHPAM" - name: RHPAM_DATABASE value: "${KIE_SERVER_POSTGRESQL_DB}" - name: RHPAM_JNDI value: "${KIE_SERVER_PERSISTENCE_DS}" - name: RHPAM_JTA value: "true" - name: RHPAM_TX_ISOLATION value: "TRANSACTION_READ_UNCOMMITTED" ## PostgreSQL driver settings 2 BEGIN - name: RHPAM_DRIVER value: "postgresql" - name: RHPAM_USERNAME value: "${KIE_SERVER_POSTGRESQL_USER}" - name: RHPAM_PASSWORD value: "${KIE_SERVER_POSTGRESQL_PWD}" - name: RHPAM_SERVICE_HOST value: "${APPLICATION_NAME}-postgresql-2" - name: RHPAM_SERVICE_PORT value: "5432" - name: TIMER_SERVICE_DATA_STORE value: "${APPLICATION_NAME}-postgresql-2" - name: KIE_SERVER_PERSISTENCE_DIALECT value: "org.hibernate.dialect.PostgreSQLDialect" ## PostgreSQL driver settings 2 END - name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL value: "${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}" - name: HTTPS_KEYSTORE_DIR value: "/etc/kieserver-secret-volume" - name: HTTPS_KEYSTORE value: "${KIE_SERVER_HTTPS_KEYSTORE}" - name: HTTPS_NAME value: "${KIE_SERVER_HTTPS_NAME}" - name: HTTPS_PASSWORD value: "${KIE_SERVER_HTTPS_PASSWORD}" - name: JGROUPS_PING_PROTOCOL value: "openshift.DNS_PING" - name: OPENSHIFT_DNS_PING_SERVICE_NAME value: "${APPLICATION_NAME}-kieserver-2-ping" - name: OPENSHIFT_DNS_PING_SERVICE_PORT value: "8888" - name: SSO_URL value: "${SSO_URL}" - name: SSO_OPENIDCONNECT_DEPLOYMENTS value: "ROOT.war" - name: SSO_REALM value: "${SSO_REALM}" - name: SSO_SECRET value: "${KIE_SERVER2_SSO_SECRET}" - name: SSO_CLIENT value: "${KIE_SERVER2_SSO_CLIENT}" - name: SSO_USERNAME value: "${SSO_USERNAME}" - name: SSO_PASSWORD value: "${SSO_PASSWORD}" - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" - name: HOSTNAME_HTTP value: "${EXECUTION_SERVER2_HOSTNAME_HTTP}" - name: HOSTNAME_HTTPS value: "${EXECUTION_SERVER2_HOSTNAME_HTTPS}" volumes: - name: kieserver-keystore-volume secret: secretName: "${KIE_SERVER_HTTPS_SECRET}" ## KIE server deployment config 2 END ## PostgreSQL deployment config 2 BEGIN - kind: DeploymentConfig apiVersion: v1 metadata: name: "${APPLICATION_NAME}-postgresql-2" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-postgresql-2" spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "${APPLICATION_NAME}-postgresql-2" from: kind: ImageStreamTag namespace: "${IMAGE_STREAM_NAMESPACE}" name: "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" - type: ConfigChange replicas: 1 selector: deploymentConfig: "${APPLICATION_NAME}-postgresql-2" template: metadata: name: "${APPLICATION_NAME}-postgresql-2" labels: deploymentConfig: "${APPLICATION_NAME}-postgresql-2" application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-postgresql-2" spec: terminationGracePeriodSeconds: 60 containers: - name: "${APPLICATION_NAME}-postgresql-2" image: postgresql imagePullPolicy: Always ports: - containerPort: 5432 protocol: TCP volumeMounts: - mountPath: "/var/lib/postgresql/data" name: "${APPLICATION_NAME}-postgresql-pvol" env: - name: POSTGRESQL_USER value: "${KIE_SERVER_POSTGRESQL_USER}" - name: POSTGRESQL_PASSWORD value: "${KIE_SERVER_POSTGRESQL_PWD}" - name: POSTGRESQL_DATABASE value: "${KIE_SERVER_POSTGRESQL_DB}" - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS value: "${POSTGRESQL_MAX_PREPARED_TRANSACTIONS}" volumes: - name: "${APPLICATION_NAME}-postgresql-pvol" persistentVolumeClaim: claimName: "${APPLICATION_NAME}-postgresql-claim-2" ## PostgreSQL deployment config 2 END ## PostgreSQL persistent volume claim 1 BEGIN - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: "${APPLICATION_NAME}-postgresql-claim-1" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-postgresql-1" spec: accessModes: - ReadWriteOnce resources: requests: storage: "${DB_VOLUME_CAPACITY}" ## PostgreSQL persistent volume claim 1 END ## PostgreSQL persistent volume claim 2 BEGIN - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: "${APPLICATION_NAME}-postgresql-claim-2" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-postgresql-2" spec: accessModes: - ReadWriteOnce resources: requests: storage: "${DB_VOLUME_CAPACITY}" ## PostgreSQL persistent volume claim 2 END - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: "${APPLICATION_NAME}-smartrouter-claim" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-smartrouter" spec: accessModes: - ReadWriteOnce resources: requests: storage: "64Mi" - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: "${APPLICATION_NAME}-rhpamcentr-claim" labels: application: "${APPLICATION_NAME}" service: "${APPLICATION_NAME}-rhpamcentrmon" spec: accessModes: - ReadWriteOnce resources: requests: storage: "64Mi"