| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696 |
- {
- "kind": "Template",
- "apiVersion": "v1",
- "metadata": {
- "annotations": {
- "description": "Application template for SSO 7.0 PostgreSQL applications",
- "iconClass" : "icon-jboss",
- "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas",
- "version" : "1.3.2"
- },
- "name": "sso70-postgresql"
- },
- "labels": {
- "template": "sso70-postgresql",
- "xpaas" : "1.3.2"
- },
- "parameters": [
- {
- "description": "The name for the application.",
- "name": "APPLICATION_NAME",
- "value": "sso",
- "required": true
- },
- {
- "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>",
- "name": "HOSTNAME_HTTP",
- "value": "",
- "required": false
- },
- {
- "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>",
- "name": "HOSTNAME_HTTPS",
- "value": "",
- "required": false
- },
- {
- "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql",
- "name": "DB_JNDI",
- "value": "java:jboss/datasources/KeycloakDS",
- "required": false
- },
- {
- "description": "Database name",
- "name": "DB_DATABASE",
- "value": "root",
- "required": true
- },
- {
- "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
- "name": "SERVICE_ACCOUNT_NAME",
- "value": "sso-service-account",
- "required": true
- },
- {
- "description": "The name of the secret containing the keystore file",
- "name": "HTTPS_SECRET",
- "value": "sso-app-secret",
- "required": false
- },
- {
- "description": "The name of the keystore file within the secret",
- "name": "HTTPS_KEYSTORE",
- "value": "keystore.jks",
- "required": false
- },
- {
- "description": "The type of the keystore file (JKS or JCEKS)",
- "name": "HTTPS_KEYSTORE_TYPE",
- "value": "",
- "required": false
- },
- {
- "description": "The name associated with the server certificate (e.g. jboss)",
- "name": "HTTPS_NAME",
- "value": "",
- "required": false
- },
- {
- "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
- "name": "HTTPS_PASSWORD",
- "value": "",
- "required": false
- },
- {
- "description": "Sets xa-pool/min-pool-size for the configured datasource.",
- "name": "DB_MIN_POOL_SIZE",
- "required": false
- },
- {
- "description": "Sets xa-pool/max-pool-size for the configured datasource.",
- "name": "DB_MAX_POOL_SIZE",
- "required": false
- },
- {
- "description": "Sets transaction-isolation for the configured datasource.",
- "name": "DB_TX_ISOLATION",
- "required": false
- },
- {
- "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.",
- "name": "POSTGRESQL_MAX_CONNECTIONS",
- "required": false
- },
- {
- "description": "Configures how much memory is dedicated to PostgreSQL for caching data.",
- "name": "POSTGRESQL_SHARED_BUFFERS",
- "required": false
- },
- {
- "description": "Database user name",
- "name": "DB_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
- },
- {
- "description": "Database user password",
- "name": "DB_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
- "description": "The name of the secret containing the keystore file",
- "name": "JGROUPS_ENCRYPT_SECRET",
- "value": "sso-app-secret",
- "required": false
- },
- {
- "description": "The name of the keystore file within the secret",
- "name": "JGROUPS_ENCRYPT_KEYSTORE",
- "value": "jgroups.jceks",
- "required": false
- },
- {
- "description": "The name associated with the server certificate (e.g. secret-key)",
- "name": "JGROUPS_ENCRYPT_NAME",
- "value": "",
- "required": false
- },
- {
- "description": "The password for the keystore and certificate (e.g. password)",
- "name": "JGROUPS_ENCRYPT_PASSWORD",
- "value": "",
- "required": false
- },
- {
- "description": "JGroups cluster password",
- "name": "JGROUPS_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
- "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
- "name": "IMAGE_STREAM_NAMESPACE",
- "value": "openshift",
- "required": true
- },
- {
- "description": "SSO Server admin username",
- "name": "SSO_ADMIN_USERNAME",
- "value": "admin",
- "required": false
- },
- {
- "description": "SSO Server admin password",
- "name": "SSO_ADMIN_PASSWORD",
- "value": "admin",
- "required": false
- },
- {
- "description": "Realm to be created in the SSO server (e.g. demo).",
- "name": "SSO_REALM",
- "value": "",
- "required": false
- },
- {
- "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
- "name": "SSO_SERVICE_USERNAME",
- "value": "",
- "required": false
- },
- {
- "description": "The password for the SSO service user.",
- "name": "SSO_SERVICE_PASSWORD",
- "value": "",
- "required": false
- },
- {
- "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
- "name": "SSO_TRUSTSTORE",
- "value": "",
- "required": false
- },
- {
- "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
- "name": "SSO_TRUSTSTORE_PASSWORD",
- "value": "",
- "required": false
- },
- {
- "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
- "name": "SSO_TRUSTSTORE_SECRET",
- "value": "sso-app-secret",
- "required": false
- }
- ],
- "objects": [
- {
- "kind": "Service",
- "apiVersion": "v1",
- "spec": {
- "ports": [
- {
- "port": 8080,
- "targetPort": 8080
- }
- ],
- "selector": {
- "deploymentConfig": "${APPLICATION_NAME}"
- }
- },
- "metadata": {
- "name": "${APPLICATION_NAME}",
- "labels": {
- "application": "${APPLICATION_NAME}",
- "component": "server"
- },
- "annotations": {
- "description": "The web server's http port."
- }
- }
- },
- {
- "kind": "Service",
- "apiVersion": "v1",
- "spec": {
- "ports": [
- {
- "port": 8443,
- "targetPort": 8443
- }
- ],
- "selector": {
- "deploymentConfig": "${APPLICATION_NAME}"
- }
- },
- "metadata": {
- "name": "secure-${APPLICATION_NAME}",
- "labels": {
- "application": "${APPLICATION_NAME}",
- "component": "server"
- },
- "annotations": {
- "description": "The web server's https port."
- }
- }
- },
- {
- "kind": "Service",
- "apiVersion": "v1",
- "spec": {
- "ports": [
- {
- "port": 5432,
- "targetPort": 5432
- }
- ],
- "selector": {
- "deploymentConfig": "${APPLICATION_NAME}-postgresql"
- }
- },
- "metadata": {
- "name": "${APPLICATION_NAME}-postgresql",
- "labels": {
- "application": "${APPLICATION_NAME}",
- "component": "database"
- },
- "annotations": {
- "description": "The database server's port."
- }
- }
- },
- {
- "kind": "Route",
- "apiVersion": "v1",
- "id": "${APPLICATION_NAME}-http",
- "metadata": {
- "name": "${APPLICATION_NAME}",
- "labels": {
- "application": "${APPLICATION_NAME}",
- "component": "server"
- },
- "annotations": {
- "description": "Route for application's http service."
- }
- },
- "spec": {
- "host": "${HOSTNAME_HTTP}",
- "to": {
- "name": "${APPLICATION_NAME}"
- }
- }
- },
- {
- "kind": "Route",
- "apiVersion": "v1",
- "id": "${APPLICATION_NAME}-https",
- "metadata": {
- "name": "secure-${APPLICATION_NAME}",
- "labels": {
- "application": "${APPLICATION_NAME}",
- "component": "server"
- },
- "annotations": {
- "description": "Route for application's https service."
- }
- },
- "spec": {
- "host": "${HOSTNAME_HTTPS}",
- "to": {
- "name": "secure-${APPLICATION_NAME}"
- },
- "tls": {
- "termination": "passthrough"
- }
- }
- },
- {
- "kind": "DeploymentConfig",
- "apiVersion": "v1",
- "metadata": {
- "name": "${APPLICATION_NAME}",
- "labels": {
- "application": "${APPLICATION_NAME}",
- "component": "server"
- }
- },
- "spec": {
- "strategy": {
- "type": "Recreate"
- },
- "triggers": [
- {
- "type": "ImageChange",
- "imageChangeParams": {
- "automatic": true,
- "containerNames": [
- "${APPLICATION_NAME}"
- ],
- "from": {
- "kind": "ImageStreamTag",
- "namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3"
- }
- }
- },
- {
- "type": "ConfigChange"
- }
- ],
- "replicas": 1,
- "selector": {
- "deploymentConfig": "${APPLICATION_NAME}"
- },
- "template": {
- "metadata": {
- "name": "${APPLICATION_NAME}",
- "labels": {
- "deploymentConfig": "${APPLICATION_NAME}",
- "application": "${APPLICATION_NAME}",
- "component": "server"
- }
- },
- "spec": {
- "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
- "terminationGracePeriodSeconds": 75,
- "containers": [
- {
- "name": "${APPLICATION_NAME}",
- "image": "${APPLICATION_NAME}",
- "imagePullPolicy": "Always",
- "volumeMounts": [
- {
- "name": "eap-keystore-volume",
- "mountPath": "/etc/eap-secret-volume",
- "readOnly": true
- },
- {
- "name": "eap-jgroups-keystore-volume",
- "mountPath": "/etc/jgroups-encrypt-secret-volume",
- "readOnly": true
- },
- {
- "name": "sso-truststore-volume",
- "mountPath": "/etc/sso-secret-volume",
- "readOnly": true
- }
- ],
- "lifecycle": {
- "preStop": {
- "exec": {
- "command": [
- "/opt/eap/bin/jboss-cli.sh",
- "-c",
- ":shutdown(timeout=60)"
- ]
- }
- }
- },
- "livenessProbe": {
- "exec": {
- "command": [
- "/bin/bash",
- "-c",
- "/opt/eap/bin/livenessProbe.sh"
- ]
- }
- },
- "readinessProbe": {
- "exec": {
- "command": [
- "/bin/bash",
- "-c",
- "/opt/eap/bin/readinessProbe.sh"
- ]
- }
- },
- "ports": [
- {
- "name": "jolokia",
- "containerPort": 8778,
- "protocol": "TCP"
- },
- {
- "name": "http",
- "containerPort": 8080,
- "protocol": "TCP"
- },
- {
- "name": "https",
- "containerPort": 8443,
- "protocol": "TCP"
- },
- {
- "name": "ping",
- "containerPort": 8888,
- "protocol": "TCP"
- }
- ],
- "env": [
- {
- "name": "DB_SERVICE_PREFIX_MAPPING",
- "value": "${APPLICATION_NAME}-postgresql=DB"
- },
- {
- "name": "DB_JNDI",
- "value": "${DB_JNDI}"
- },
- {
- "name": "DB_USERNAME",
- "value": "${DB_USERNAME}"
- },
- {
- "name": "DB_PASSWORD",
- "value": "${DB_PASSWORD}"
- },
- {
- "name": "DB_DATABASE",
- "value": "${DB_DATABASE}"
- },
- {
- "name": "TX_DATABASE_PREFIX_MAPPING",
- "value": "${APPLICATION_NAME}-postgresql=DB"
- },
- {
- "name": "DB_MIN_POOL_SIZE",
- "value": "${DB_MIN_POOL_SIZE}"
- },
- {
- "name": "DB_MAX_POOL_SIZE",
- "value": "${DB_MAX_POOL_SIZE}"
- },
- {
- "name": "DB_TX_ISOLATION",
- "value": "${DB_TX_ISOLATION}"
- },
- {
- "name": "OPENSHIFT_KUBE_PING_LABELS",
- "value": "application=${APPLICATION_NAME}"
- },
- {
- "name": "OPENSHIFT_KUBE_PING_NAMESPACE",
- "valueFrom": {
- "fieldRef": {
- "fieldPath": "metadata.namespace"
- }
- }
- },
- {
- "name": "HTTPS_KEYSTORE_DIR",
- "value": "/etc/eap-secret-volume"
- },
- {
- "name": "HTTPS_KEYSTORE",
- "value": "${HTTPS_KEYSTORE}"
- },
- {
- "name": "HTTPS_KEYSTORE_TYPE",
- "value": "${HTTPS_KEYSTORE_TYPE}"
- },
- {
- "name": "HTTPS_NAME",
- "value": "${HTTPS_NAME}"
- },
- {
- "name": "HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "JGROUPS_ENCRYPT_SECRET",
- "value": "${JGROUPS_ENCRYPT_SECRET}"
- },
- {
- "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR",
- "value": "/etc/jgroups-encrypt-secret-volume"
- },
- {
- "name": "JGROUPS_ENCRYPT_KEYSTORE",
- "value": "${JGROUPS_ENCRYPT_KEYSTORE}"
- },
- {
- "name": "JGROUPS_ENCRYPT_NAME",
- "value": "${JGROUPS_ENCRYPT_NAME}"
- },
- {
- "name": "JGROUPS_ENCRYPT_PASSWORD",
- "value": "${JGROUPS_ENCRYPT_PASSWORD}"
- },
- {
- "name": "JGROUPS_CLUSTER_PASSWORD",
- "value": "${JGROUPS_CLUSTER_PASSWORD}"
- },
- {
- "name": "SSO_ADMIN_USERNAME",
- "value": "${SSO_ADMIN_USERNAME}"
- },
- {
- "name": "SSO_ADMIN_PASSWORD",
- "value": "${SSO_ADMIN_PASSWORD}"
- },
- {
- "name": "SSO_REALM",
- "value": "${SSO_REALM}"
- },
- {
- "name": "SSO_SERVICE_USERNAME",
- "value": "${SSO_SERVICE_USERNAME}"
- },
- {
- "name": "SSO_SERVICE_PASSWORD",
- "value": "${SSO_SERVICE_PASSWORD}"
- },
- {
- "name": "SSO_TRUSTSTORE",
- "value": "${SSO_TRUSTSTORE}"
- },
- {
- "name": "SSO_TRUSTSTORE_DIR",
- "value": "/etc/sso-secret-volume"
- },
- {
- "name": "SSO_TRUSTSTORE_PASSWORD",
- "value": "${SSO_TRUSTSTORE_PASSWORD}"
- }
- ]
- }
- ],
- "volumes": [
- {
- "name": "eap-keystore-volume",
- "secret": {
- "secretName": "${HTTPS_SECRET}"
- }
- },
- {
- "name": "eap-jgroups-keystore-volume",
- "secret": {
- "secretName": "${JGROUPS_ENCRYPT_SECRET}"
- }
- },
- {
- "name": "sso-truststore-volume",
- "secret": {
- "secretName": "${SSO_TRUSTSTORE_SECRET}"
- }
- }
- ]
- }
- }
- }
- },
- {
- "kind": "DeploymentConfig",
- "apiVersion": "v1",
- "metadata": {
- "name": "${APPLICATION_NAME}-postgresql",
- "labels": {
- "application": "${APPLICATION_NAME}",
- "component": "database"
- }
- },
- "spec": {
- "strategy": {
- "type": "Recreate"
- },
- "triggers": [
- {
- "type": "ImageChange",
- "imageChangeParams": {
- "automatic": true,
- "containerNames": [
- "${APPLICATION_NAME}-postgresql"
- ],
- "from": {
- "kind": "ImageStreamTag",
- "namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "postgresql:latest"
- }
- }
- },
- {
- "type": "ConfigChange"
- }
- ],
- "replicas": 1,
- "selector": {
- "deploymentConfig": "${APPLICATION_NAME}-postgresql"
- },
- "template": {
- "metadata": {
- "name": "${APPLICATION_NAME}-postgresql",
- "labels": {
- "deploymentConfig": "${APPLICATION_NAME}-postgresql",
- "application": "${APPLICATION_NAME}",
- "component": "database"
- }
- },
- "spec": {
- "terminationGracePeriodSeconds": 60,
- "containers": [
- {
- "name": "${APPLICATION_NAME}-postgresql",
- "image": "postgresql",
- "imagePullPolicy": "Always",
- "ports": [
- {
- "containerPort": 5432,
- "protocol": "TCP"
- }
- ],
- "env": [
- {
- "name": "POSTGRESQL_USER",
- "value": "${DB_USERNAME}"
- },
- {
- "name": "POSTGRESQL_PASSWORD",
- "value": "${DB_PASSWORD}"
- },
- {
- "name": "POSTGRESQL_DATABASE",
- "value": "${DB_DATABASE}"
- },
- {
- "name": "POSTGRESQL_MAX_CONNECTIONS",
- "value": "${POSTGRESQL_MAX_CONNECTIONS}"
- },
- {
- "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
- "value": "${POSTGRESQL_MAX_CONNECTIONS}"
- },
- {
- "name": "POSTGRESQL_SHARED_BUFFERS",
- "value": "${POSTGRESQL_SHARED_BUFFERS}"
- }
- ]
- }
- ]
- }
- }
- }
- }
- ]
- }
|
