summaryrefslogtreecommitdiffstats
path: root/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json')
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json186
1 files changed, 139 insertions, 47 deletions
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json
index 029dcee54..1768f7a1b 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0 MySQL applications",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,mysql,java,database,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
"name": "sso70-mysql"
},
"labels": {
"template": "sso70-mysql",
- "xpaas" : "1.3.0"
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -46,6 +46,12 @@
"required": true
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -58,15 +64,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -110,13 +122,6 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
"description": "Database user name",
"name": "DB_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -131,21 +136,9 @@
"required": true
},
{
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -155,13 +148,13 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
"value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
"value": "",
"required": false
@@ -178,6 +171,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -326,7 +367,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -348,8 +389,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -365,8 +406,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -400,6 +457,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -452,32 +514,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
- },
- {
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -502,6 +556,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -518,6 +604,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 15:53:14 +0000