okd/roles/openshift_examples/files/examples/latest/xpaas-templates/rhdm70-full.yaml

---
kind: Template
apiVersion: v1
metadata:
  annotations:
    description: Application template for Red Hat Decision Manager 7.0 applications with persistent storage.
    iconClass: icon-jboss
    tags: rhdm,jboss,xpaas
    version: 1.4.0
    openshift.io/display-name: Red Hat Decision Manager 7.0 applications (Persistent with https)
  name: rhdm70-full-persistent
labels:
  template: rhdm70-full-persistent
  xpaas: 1.4.0
message: New persistent Decision Central and Decision Server applications have been created in your project.
  The user name/password for accessing the Decision Central interface is ${KIE_ADMIN_USER}/${KIE_ADMIN_PWD}.
  The user name/password for calls to the Decision Server is ${KIE_SERVER_USER}/${KIE_SERVER_PWD}.
  Please be sure to create the "decisioncentral-service-account" and "kieserver-service-account" service accounts
  and the secrets named "${DECISION_CENTRAL_HTTPS_SECRET}" and "${KIE_SERVER_HTTPS_SECRET}" containing the
  ${DECISION_CENTRAL_HTTPS_KEYSTORE} and ${KIE_SERVER_HTTPS_KEYSTORE}files used for serving secure content.
  Only stateless API calls to the Decision Server are supported.
parameters:
- displayName: Application Name
  description: The name for the application.
  name: APPLICATION_NAME
  value: myapp
  required: true
- displayName: EAP Admin User
  description: EAP administrator user name. Use this user account if you need use JBoss EAP command line management.
    You can use rsh to access the command line on the pods.
  name: ADMIN_USERNAME
  value: eapadmin
  required: false
- displayName: EAP Admin Password
  description: EAP administrator password.
  name: ADMIN_PASSWORD
  from: "[a-zA-Z]{6}[0-9]{1}!"
  generate: expression
  required: false
- displayName: KIE Admin User 
  description: KIE administrator user name. Use this user account to log on to Decision Central.
  name: KIE_ADMIN_USER
  value: adminUser
  required: false
- displayName: KIE Admin Password
  description: KIE administrator password.
  name: KIE_ADMIN_PWD
  from: "[a-zA-Z]{6}[0-9]{1}!"
  generate: expression
  required: false
- displayName: KIE Server Controller User
  description: KIE server controller user name. The Decision Server uses this user account to log on to 
    Decision Central. (Sets the org.kie.server.controller.user system property).
  name: KIE_SERVER_CONTROLLER_USER
  value: controllerUser
  required: false
- displayName: KIE Server Controller Password
  description: KIE server controller password (sets the org.kie.server.controller.pwd system property).
  name: KIE_SERVER_CONTROLLER_PWD
  from: "[a-zA-Z]{6}[0-9]{1}!"
  generate: expression
  required: false
- displayName: KIE Server User
  description: KIE execution server user name. Use this user account for API calls to the Decision Server. 
    (Sets the org.kie.server.user system property).
  name: KIE_SERVER_USER
  value: executionUser
  required: false
- displayName: KIE Server Password
  description: KIE execution server password (sets the org.kie.server.pwd system property).
  name: KIE_SERVER_PWD
  from: "[a-zA-Z]{6}[0-9]{1}!"
  generate: expression
  required: false
- displayName: KIE Server ID
  description: Decision server identifier. Determines the template ID in Decision Central or controller. If this parameter is left blank, it is set using the $HOSTNAME environment variable or a random value. (Sets the org.kie.server.id system property).
  name: KIE_SERVER_ID
  value: ''
  required: false
- displayName: KIE Server Bypass Auth User
  description: KIE execution server bypass auth user. If this parameter is set to true, the Decision Server accepts
   API calls without user account authorization. (Sets the org.kie.server.bypass.auth.user system property).
  name: KIE_SERVER_BYPASS_AUTH_USER
  value: 'false'
  required: false
- displayName: KIE MBeans
  description: KIE execution server MBeans enabled/disabled. These MBeans provide monitoring information. (Sets the 
    kie.mbeans and kie.scanner.mbeans system properties).
  name: KIE_MBEANS
  value: enabled
  required: false
- displayName: Drools Server Filter Classes
  description: KIE execution server class filtering. When this parameter is set to true, the Decision Server extension 
    accepts custom classes annotated by the XmlRootElement or Remotable annotations only. Setting to true is preferable 
    for performance, but some custom decision services might require false. (Sets the org.drools.server.filter.classes
    system property).
  name: DROOLS_SERVER_FILTER_CLASSES
  value: 'true'
  required: false
- displayName: Decision Central Custom http Route Hostname
  description: 'Custom hostname for http service route.  Leave blank for default hostname,
    example: <application-name>-rhdmcentr-<project>.<default-domain-suffix>'
  name: DECISION_CENTRAL_HOSTNAME_HTTP
  value: ''
  required: false
- displayName: Decision Central Custom https Route Hostname
  description: 'Custom hostname for https service route.  Leave blank for default hostname,
    example: secure-<application-name>-rhdmcentr-<project>.<default-domain-suffix>'
  name: DECISION_CENTRAL_HOSTNAME_HTTPS
  value: ''
  required: false
- displayName: Decision Server Custom http Route Hostname
  description: 'Custom hostname for http service route.  Leave blank for default hostname,
    example: <application-name>-kieserver-<project>.<default-domain-suffix>'
  name: EXECUTION_SERVER_HOSTNAME_HTTP
  value: ''
  required: false
- displayName: Decision Server Custom https Route Hostname
  description: 'Custom hostname for https service route.  Leave blank for default hostname, 
    example: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
  name: EXECUTION_SERVER_HOSTNAME_HTTPS
  value: ''
  required: false
- displayName: Decision Central Server Keystore Secret Name
  description: The name of the secret containing the keystore file for Decision Central.
  name: DECISION_CENTRAL_HTTPS_SECRET
  value: decisioncentral-app-secret
  required: false
- displayName: Decision Central Server Keystore Filename
  description: The name of the keystore file within the secret.
  name: DECISION_CENTRAL_HTTPS_KEYSTORE
  value: keystore.jks
  required: false
- displayName: Decision Central Server Certificate Name
  description: The name associated with the server certificate.
  name: DECISION_CENTRAL_HTTPS_NAME
  value: jboss
  required: false
- displayName: Decision Central Server Keystore Password
  description: The password for the keystore and certificate.
  name: DECISION_CENTRAL_HTTPS_PASSWORD
  value: mykeystorepass
  required: false
- displayName: KIE Server Keystore Secret Name
  description: The name of the secret containing the keystore file for Decision Server.
  name: KIE_SERVER_HTTPS_SECRET
  value: kieserver-app-secret
  required: false
- displayName: KIE Server Keystore Filename
  description: The name of the keystore file within the secret.
  name: KIE_SERVER_HTTPS_KEYSTORE
  value: keystore.jks
  required: false
- displayName: KIE Server Certificate Name
  description: The name associated with the server certificate.
  name: KIE_SERVER_HTTPS_NAME
  value: jboss
  required: false
- displayName: KIE Server Keystore Password
  description: The password for the keystore and certificate.
  name: KIE_SERVER_HTTPS_PASSWORD
  value: mykeystorepass
  required: false
- displayName: ImageStream Namespace
  description: Namespace in which the ImageStreams for Red Hat Middleware images are
    installed. These ImageStreams are normally installed in the openshift namespace.
    Modify this setting only if you have installed the ImageStreams in a different 
    namespace/project.
  name: IMAGE_STREAM_NAMESPACE
  value: openshift
  required: true
- displayName: ImageStream Tag
  description: A named pointer to an image in an image stream. Default is "1.1".
  name: IMAGE_STREAM_TAG
  value: "1.1"
  required: false
- displayName: Maven repository URL
  description: Fully qualified URL to a Maven repository or service.
  name: MAVEN_REPO_URL
  example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
  required: false
- displayName: Maven repository username
  description: Username to access the Maven repository, if required.
  name: MAVEN_REPO_USERNAME
  required: false
- displayName: Maven repository password
  description: Password to access the Maven repository, if required.
  name: MAVEN_REPO_PASSWORD
  required: false
- displayName: Username for the Maven service hosted by Decision Central
  description: Username to access the Maven service hosted by Decision Central inside EAP.
  name: DECISION_CENTRAL_MAVEN_USERNAME
  required: true
  value: mavenUser
- displayName: Password for the Maven service hosted by Decision Central
  description: Password to access the Maven service hosted by Decision Central inside EAP.
  name: DECISION_CENTRAL_MAVEN_PASSWORD
  from: "[a-zA-Z]{6}[0-9]{1}!"
  generate: expression
  required: true
- displayName: Decision Central Volume Capacity
  description: Size of the persistent storage for Decision Central's runtime data.
  name: DECISION_CENTRAL_VOLUME_CAPACITY
  value: 1Gi
  required: true
- displayName: Decision Central Container Memory Limit
  description: Decision Central Container memory limit
  name: DECISION_CENTRAL_MEMORY_LIMIT
  value: 2Gi
  required: false
- displayName: Execution Server Container Memory Limit
  description: Execution Server Container memory limit
  name: EXCECUTION_SERVER_MEMORY_LIMIT
  value: 1Gi
  required: false
objects:
- kind: Service
  apiVersion: v1
  spec:
    ports:
    - port: 8080
      targetPort: 8080
    selector:
      deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
  metadata:
    name: "${APPLICATION_NAME}-rhdmcentr"
    labels:
      application: "${APPLICATION_NAME}"
    annotations:
      description: The Decision Central web server's http port.
- kind: Service
  apiVersion: v1
  spec:
    ports:
    - port: 8443
      targetPort: 8443
    selector:
      deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
  metadata:
    name: secure-${APPLICATION_NAME}-rhdmcentr
    labels:
      application: "${APPLICATION_NAME}"
    annotations:
      description: The Decision Central web server's https port.
- kind: Service
  apiVersion: v1
  spec:
    ports:
    - port: 8001
      targetPort: 8001
    selector:
      deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
  metadata:
    name: ${APPLICATION_NAME}-rhdmcentr-git-ssh
    labels:
      application: "${APPLICATION_NAME}"
    annotations:
      description: The Decision Central Git SSH port
- kind: Service
  apiVersion: v1
  spec:
    ports:
    - port: 8080
      targetPort: 8080
    selector:
      deploymentConfig: "${APPLICATION_NAME}-kieserver"
  metadata:
    name: "${APPLICATION_NAME}-kieserver"
    labels:
      application: "${APPLICATION_NAME}"
    annotations:
      description: The KIE server web server's http port.
- kind: Service
  apiVersion: v1
  spec:
    ports:
    - port: 8443
      targetPort: 8443
    selector:
      deploymentConfig: "${APPLICATION_NAME}-kieserver"
  metadata:
    name: secure-${APPLICATION_NAME}-kieserver
    labels:
      application: "${APPLICATION_NAME}"
    annotations:
      description: The KIE server web server's https port.
- kind: Route
  apiVersion: v1
  id: "${APPLICATION_NAME}-rhdmcentr-http"
  metadata:
    name: "${APPLICATION_NAME}-rhdmcentr"
    labels:
      application: "${APPLICATION_NAME}"
    annotations:
      description: Route for Decision Central's http service.
      haproxy.router.openshift.io/timeout: 60s
  spec:
    host: "${DECISION_CENTRAL_HOSTNAME_HTTP}"
    to:
      name: "${APPLICATION_NAME}-rhdmcentr"
- kind: Route
  apiVersion: v1
  id: "${APPLICATION_NAME}-rhdmcentr-https"
  metadata:
    name: secure-${APPLICATION_NAME}-rhdmcentr
    labels:
      application: "${APPLICATION_NAME}"
    annotations:
      description: Route for Decision Central's https service.
      haproxy.router.openshift.io/timeout: 60s
  spec:
    host: "${DECISION_CENTRAL_HOSTNAME_HTTPS}"
    to:
      name: secure-${APPLICATION_NAME}-rhdmcentr
    tls:
      termination: passthrough
- kind: Route
  apiVersion: v1
  id: "${APPLICATION_NAME}-kieserver-http"
  metadata:
    name: "${APPLICATION_NAME}-kieserver"
    labels:
      application: "${APPLICATION_NAME}"
    annotations:
      description: Route for KIE server's http service.
  spec:
    host: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
    to:
      name: "${APPLICATION_NAME}-kieserver"
- kind: Route
  apiVersion: v1
  id: "${APPLICATION_NAME}-kieserver-https"
  metadata:
    name: secure-${APPLICATION_NAME}-kieserver
    labels:
      application: "${APPLICATION_NAME}"
    annotations:
      description: Route for KIE server's https service.
  spec:
    host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}"
    to:
      name: secure-${APPLICATION_NAME}-kieserver
    tls:
      termination: passthrough
- kind: DeploymentConfig
  apiVersion: v1
  metadata:
    name: "${APPLICATION_NAME}-rhdmcentr"
    labels:
      application: "${APPLICATION_NAME}"
  spec:
    strategy:
      type: Recreate
    triggers:
    - type: ImageChange
      imageChangeParams:
        automatic: true
        containerNames:
        - "${APPLICATION_NAME}-rhdmcentr"
        from:
          kind: ImageStreamTag
          namespace: "${IMAGE_STREAM_NAMESPACE}"
          name: "rhdm70-decisioncentral-openshift:${IMAGE_STREAM_TAG}"
    - type: ConfigChange
    replicas: 1
    selector:
      deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
    template:
      metadata:
        name: "${APPLICATION_NAME}-rhdmcentr"
        labels:
          deploymentConfig: "${APPLICATION_NAME}-rhdmcentr"
          application: "${APPLICATION_NAME}"
      spec:
        terminationGracePeriodSeconds: 60
        containers:
        - name: "${APPLICATION_NAME}-rhdmcentr"
          image: rhdm70-decisioncentral-openshift
          imagePullPolicy: Always
          resources:
            limits:
              memory: "${DECISION_CENTRAL_MEMORY_LIMIT}"
          volumeMounts:
          - name: decisioncentral-keystore-volume
            mountPath: "/etc/decisioncentral-secret-volume"
            readOnly: true
          - name: "${APPLICATION_NAME}-rhdmcentr-pvol"
            mountPath: "/opt/eap/standalone/data/bpmsuite"
          livenessProbe:
            exec:
              command:
              - "/bin/bash"
              - "-c"
              - "/opt/eap/bin/livenessProbe.sh"
          readinessProbe:
            exec:
              command:
              - "/bin/bash"
              - "-c"
              - "/opt/eap/bin/readinessProbe.sh"
          ports:
          - name: jolokia
            containerPort: 8778
            protocol: TCP
          - name: http
            containerPort: 8080
            protocol: TCP
          - name: https
            containerPort: 8443
            protocol: TCP
          - name: git-ssh
            containerPort: 8001
            protocol: TCP
          env:
          - name: KIE_ADMIN_PWD
            value: "${KIE_ADMIN_PWD}"
          - name: KIE_ADMIN_USER
            value: "${KIE_ADMIN_USER}"
          - name: KIE_MBEANS
            value: "${KIE_MBEANS}"
          - name: KIE_SERVER_CONTROLLER_PWD
            value: "${KIE_SERVER_CONTROLLER_PWD}"
          - name: KIE_SERVER_CONTROLLER_USER
            value: "${KIE_SERVER_CONTROLLER_USER}"
          - name: KIE_SERVER_PWD
            value: "${KIE_SERVER_PWD}"
          - name: KIE_SERVER_USER
            value: "${KIE_SERVER_USER}"
          - name: MAVEN_REPO_URL
            value: "${MAVEN_REPO_URL}"
          - name: MAVEN_REPO_USERNAME
            value: "${MAVEN_REPO_USERNAME}"
          - name: MAVEN_REPO_PASSWORD
            value: "${MAVEN_REPO_PASSWORD}"
          - name: KIE_MAVEN_USER
            value: "${DECISION_CENTRAL_MAVEN_USERNAME}"
          - name: KIE_MAVEN_PWD
            value: "${DECISION_CENTRAL_MAVEN_PASSWORD}"
          - name: HTTPS_KEYSTORE_DIR
            value: "/etc/decisioncentral-secret-volume"
          - name: HTTPS_KEYSTORE
            value: "${DECISION_CENTRAL_HTTPS_KEYSTORE}"
          - name: HTTPS_NAME
            value: "${DECISION_CENTRAL_HTTPS_NAME}"
          - name: HTTPS_PASSWORD
            value: "${DECISION_CENTRAL_HTTPS_PASSWORD}"
          - name: ADMIN_USERNAME
            value: "${ADMIN_USERNAME}"
          - name: ADMIN_PASSWORD
            value: "${ADMIN_PASSWORD}"
          - name: PROBE_IMPL
            value: probe.eap.jolokia.EapProbe
          - name: PROBE_DISABLE_BOOT_ERRORS_CHECK
            value: 'true'
        volumes:
        - name: decisioncentral-keystore-volume
          secret:
            secretName: "${DECISION_CENTRAL_HTTPS_SECRET}"
        - name: "${APPLICATION_NAME}-rhdmcentr-pvol"
          persistentVolumeClaim:
            claimName: "${APPLICATION_NAME}-rhdmcentr-claim"
- kind: DeploymentConfig
  apiVersion: v1
  metadata:
    name: "${APPLICATION_NAME}-kieserver"
    labels:
      application: "${APPLICATION_NAME}"
  spec:
    strategy:
      type: Recreate
    triggers:
    - type: ImageChange
      imageChangeParams:
        automatic: true
        containerNames:
        - "${APPLICATION_NAME}-kieserver"
        from:
          kind: ImageStreamTag
          namespace: "${IMAGE_STREAM_NAMESPACE}"
          name: "rhdm70-kieserver-openshift:${IMAGE_STREAM_TAG}"
    - type: ConfigChange
    replicas: 1
    selector:
      deploymentConfig: "${APPLICATION_NAME}-kieserver"
    template:
      metadata:
        name: "${APPLICATION_NAME}-kieserver"
        labels:
          deploymentConfig: "${APPLICATION_NAME}-kieserver"
          application: "${APPLICATION_NAME}"
      spec:
        terminationGracePeriodSeconds: 60
        containers:
        - name: "${APPLICATION_NAME}-kieserver"
          image: rhdm70-kieserver-openshift
          imagePullPolicy: Always
          resources:
            limits:
              memory: "${EXCECUTION_SERVER_MEMORY_LIMIT}"
          volumeMounts:
          - name: kieserver-keystore-volume
            mountPath: "/etc/kieserver-secret-volume"
            readOnly: true
          livenessProbe:
            exec:
              command:
              - "/bin/bash"
              - "-c"
              - "/opt/eap/bin/livenessProbe.sh"
          readinessProbe:
            exec:
              command:
              - "/bin/bash"
              - "-c"
              - "/opt/eap/bin/readinessProbe.sh"
          ports:
          - name: jolokia
            containerPort: 8778
            protocol: TCP
          - name: http
            containerPort: 8080
            protocol: TCP
          - name: https
            containerPort: 8443
            protocol: TCP
          env:
          - name: DROOLS_SERVER_FILTER_CLASSES
            value: "${DROOLS_SERVER_FILTER_CLASSES}"
          - name: KIE_ADMIN_PWD
            value: "${KIE_ADMIN_PWD}"
          - name: KIE_ADMIN_USER
            value: "${KIE_ADMIN_USER}"
          - name: KIE_MBEANS
            value: "${KIE_MBEANS}"
          - name: KIE_SERVER_BYPASS_AUTH_USER
            value: "${KIE_SERVER_BYPASS_AUTH_USER}"
          - name: KIE_SERVER_CONTROLLER_PWD
            value: "${KIE_SERVER_CONTROLLER_PWD}"
          - name: KIE_SERVER_CONTROLLER_SERVICE
            value: "${APPLICATION_NAME}-rhdmcentr"
          - name: KIE_SERVER_CONTROLLER_USER
            value: "${KIE_SERVER_CONTROLLER_USER}"
          - name: KIE_SERVER_ID
            value: "${KIE_SERVER_ID}"
          - name: KIE_SERVER_HOST
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
          - name: KIE_SERVER_PWD
            value: "${KIE_SERVER_PWD}"
          - name: KIE_SERVER_USER
            value: "${KIE_SERVER_USER}"
          - name: MAVEN_REPOS
            value: "RHDMCENTR,EXTERNAL"
          - name: RHDMCENTR_MAVEN_REPO_SERVICE
            value: "${APPLICATION_NAME}-rhdmcentr"
          - name: RHDMCENTR_MAVEN_REPO_PATH
            value: "/maven2/"
          - name: RHDMCENTR_MAVEN_REPO_USERNAME
            value: "${DECISION_CENTRAL_MAVEN_USERNAME}"
          - name: RHDMCENTR_MAVEN_REPO_PASSWORD
            value: "${DECISION_CENTRAL_MAVEN_PASSWORD}"
          - name: EXTERNAL_MAVEN_REPO_URL
            value: "${MAVEN_REPO_URL}"
          - name: EXTERNAL_MAVEN_REPO_USERNAME
            value: "${MAVEN_REPO_USERNAME}"
          - name: EXTERNAL_MAVEN_REPO_PASSWORD
            value: "${MAVEN_REPO_PASSWORD}"
          - name: HTTPS_KEYSTORE_DIR
            value: "/etc/kieserver-secret-volume"
          - name: HTTPS_KEYSTORE
            value: "${KIE_SERVER_HTTPS_KEYSTORE}"
          - name: HTTPS_NAME
            value: "${KIE_SERVER_HTTPS_NAME}"
          - name: HTTPS_PASSWORD
            value: "${KIE_SERVER_HTTPS_PASSWORD}"
        volumes:
        - name: kieserver-keystore-volume
          secret:
            secretName: "${KIE_SERVER_HTTPS_SECRET}"
- apiVersion: v1
  kind: PersistentVolumeClaim
  metadata:
    name: "${APPLICATION_NAME}-rhdmcentr-claim"
    labels:
      application: "${APPLICATION_NAME}"
  spec:
    accessModes:
    - ReadWriteOnce
    resources:
      requests:
        storage: "${DECISION_CENTRAL_VOLUME_CAPACITY}"