3 changed files with 415 additions and 23 deletions
@ -1,31 +1,417 @@ |
|||
apiVersion: operators.coreos.com/v1alpha1 |
|||
kind: Subscription |
|||
kind: ImageStream |
|||
apiVersion: image.openshift.io/v1 |
|||
metadata: |
|||
name: postgresql13-for-sso76-openshift-rhel8 |
|||
creationTimestamp: null |
|||
annotations: |
|||
argocd.argoproj.io/sync-wave: "10" |
|||
name: rhsso-operator |
|||
openshift.io/display-name: PostgreSQL |
|||
namespace: {{ .Values.projectName | quote }} |
|||
spec: |
|||
channel: stable |
|||
name: rhsso-operator |
|||
source: redhat-operators |
|||
sourceNamespace: openshift-marketplace |
|||
lookupPolicy: |
|||
local: false |
|||
tags: |
|||
- name: 13-el8 |
|||
annotations: |
|||
description: Provides a PostgreSQL 13 database on RHEL 8. For more information |
|||
about using this database image, including OpenShift considerations, see |
|||
https://github.com/sclorg/postgresql-container/blob/master/README.md. |
|||
iconClass: icon-postgresql |
|||
openshift.io/display-name: PostgreSQL 13 (RHEL 8) |
|||
openshift.io/provider-display-name: Red Hat, Inc. |
|||
tags: database,postgresql |
|||
version: '13' |
|||
from: |
|||
kind: DockerImage |
|||
name: registry.redhat.io/rhel8/postgresql-13:latest |
|||
generation: null |
|||
importPolicy: {} |
|||
referencePolicy: |
|||
type: Local |
|||
--- |
|||
kind: ImageStream |
|||
apiVersion: image.openshift.io/v1 |
|||
metadata: |
|||
name: sso76-openshift-rhel8 |
|||
annotations: |
|||
description: Red Hat Single Sign-On 7.6 on OpenJDK |
|||
openshift.io/display-name: Red Hat Single Sign-On 7.6 on OpenJDK |
|||
openshift.io/provider-display-name: Red Hat, Inc. |
|||
version: 7.6.0.GA |
|||
namespace: {{ .Values.projectName | quote }} |
|||
labels: |
|||
rhsso: 7.6.0.GA |
|||
spec: |
|||
tags: |
|||
- name: latest |
|||
from: |
|||
kind: ImageStreamTag |
|||
name: '7.6' |
|||
- name: '7.6' |
|||
annotations: |
|||
description: Red Hat Single Sign-On 7.6 on OpenJDK image |
|||
iconClass: icon-sso |
|||
tags: sso,keycloak,redhat,hidden |
|||
supports: sso:7.6 |
|||
version: '1.0' |
|||
openshift.io/display-name: Red Hat Single Sign-On 7.6 on OpenJDK |
|||
referencePolicy: |
|||
type: Local |
|||
from: |
|||
kind: DockerImage |
|||
name: registry.redhat.io/rh-sso-7/sso76-openshift-rhel8:7.6 |
|||
--- |
|||
apiVersion: keycloak.org/v1alpha1 |
|||
kind: Keycloak |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
annotations: |
|||
argocd.argoproj.io/sync-wave: "10" |
|||
description: The web server's https port. |
|||
service.alpha.openshift.io/dependencies: '[{"name": "sso-postgresql", "kind": |
|||
"Service"}]' |
|||
service.alpha.openshift.io/serving-cert-secret-name: sso-x509-https-secret |
|||
labels: |
|||
application: sso |
|||
rhsso: 7.6.0.GA |
|||
template: sso76-x509-postgresql-persistent |
|||
name: sso |
|||
spec: |
|||
ports: |
|||
- port: 8443 |
|||
targetPort: 8443 |
|||
selector: |
|||
deploymentConfig: sso |
|||
--- |
|||
apiVersion: image.openshift.io/v1 |
|||
kind: ImageStream |
|||
metadata: |
|||
labels: |
|||
app: sso |
|||
namespace: {{ .Values.projectName | quote }} |
|||
application: sso-postgresql-ssl |
|||
rhsso: 7.6.0.GA |
|||
template: sso76-x509-postgresql-persistent |
|||
name: sso-postgresql-ssl |
|||
--- |
|||
apiVersion: build.openshift.io/v1 |
|||
kind: BuildConfig |
|||
metadata: |
|||
annotations: |
|||
description: Build config to extend the vanilla PostgreSQL SQL database server |
|||
container image with SSL/TLS support. |
|||
labels: |
|||
application: sso |
|||
rhsso: 7.6.0.GA |
|||
template: sso76-x509-postgresql-persistent |
|||
name: sso-postgresql-enable-ssl |
|||
spec: |
|||
output: |
|||
to: |
|||
kind: ImageStreamTag |
|||
name: sso-postgresql-ssl:latest |
|||
source: |
|||
contextDir: s2i/postgresql/enable-ssl |
|||
git: |
|||
ref: KEYCLOAK-15633 |
|||
uri: https://github.com/iankko/redhat-sso-7-openshift-image |
|||
type: Git |
|||
strategy: |
|||
sourceStrategy: |
|||
env: |
|||
- name: ARTIFACT_DIR |
|||
value: ${ARTIFACT_DIR} |
|||
- name: MAVEN_ARGS_APPEND |
|||
value: "" |
|||
forcePull: true |
|||
from: |
|||
kind: ImageStreamTag |
|||
name: postgresql13-for-sso76-openshift-rhel8:13-el8 |
|||
namespace: openshift |
|||
type: Source |
|||
triggers: |
|||
- imageChange: {} |
|||
type: ImageChange |
|||
- type: ConfigChange |
|||
--- |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
annotations: |
|||
description: The database server's port. |
|||
service.alpha.openshift.io/serving-cert-secret-name: postgresql-ssl-secret |
|||
labels: |
|||
application: sso |
|||
rhsso: 7.6.0.GA |
|||
template: sso76-x509-postgresql-persistent |
|||
name: sso-postgresql |
|||
spec: |
|||
ports: |
|||
- port: 5432 |
|||
targetPort: 5432 |
|||
selector: |
|||
deploymentConfig: sso-postgresql |
|||
--- |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
annotations: |
|||
description: The JGroups ping port for clustering. |
|||
service.alpha.openshift.io/serving-cert-secret-name: sso-x509-jgroups-secret |
|||
labels: |
|||
application: sso |
|||
rhsso: 7.6.0.GA |
|||
template: sso76-x509-postgresql-persistent |
|||
name: sso-ping |
|||
spec: |
|||
clusterIP: None |
|||
ports: |
|||
- name: ping |
|||
port: 8888 |
|||
publishNotReadyAddresses: true |
|||
selector: |
|||
deploymentConfig: sso |
|||
--- |
|||
apiVersion: route.openshift.io/v1 |
|||
id: sso-https |
|||
kind: Route |
|||
metadata: |
|||
annotations: |
|||
description: Route for application's https service. |
|||
labels: |
|||
application: sso |
|||
rhsso: 7.6.0.GA |
|||
template: sso76-x509-postgresql-persistent |
|||
name: sso |
|||
spec: |
|||
externalAccess: |
|||
enabled: true |
|||
host: {{ .Values.sso.hostname | quote }} |
|||
keycloakDeploymentSpec: |
|||
tls: |
|||
termination: reencrypt |
|||
to: |
|||
name: sso |
|||
--- |
|||
apiVersion: apps.openshift.io/v1 |
|||
kind: DeploymentConfig |
|||
metadata: |
|||
labels: |
|||
application: sso |
|||
rhsso: 7.6.0.GA |
|||
template: sso76-x509-postgresql-persistent |
|||
name: sso |
|||
spec: |
|||
replicas: 1 |
|||
selector: |
|||
deploymentConfig: sso |
|||
strategy: |
|||
type: Recreate |
|||
template: |
|||
metadata: |
|||
labels: |
|||
application: sso |
|||
deploymentConfig: sso |
|||
name: sso |
|||
spec: |
|||
containers: |
|||
- env: |
|||
- name: SSO_HOSTNAME |
|||
value: {{ .Values.sso.hostname | quote }} |
|||
- name: DB_SERVICE_PREFIX_MAPPING |
|||
value: sso-postgresql=DB |
|||
- name: DB_JNDI |
|||
value: java:jboss/datasources/KeycloakDS |
|||
- name: DB_USERNAME |
|||
value: sso |
|||
- name: DB_PASSWORD |
|||
valueFrom: |
|||
secretKeyRef: |
|||
name: demo-seed |
|||
key: sso-database-password |
|||
- name: DB_DATABASE |
|||
value: sso |
|||
- name: TX_DATABASE_PREFIX_MAPPING |
|||
value: sso-postgresql=DB |
|||
- name: DB_MIN_POOL_SIZE |
|||
value: "" |
|||
- name: DB_MAX_POOL_SIZE |
|||
value: "" |
|||
- name: DB_TX_ISOLATION |
|||
value: "" |
|||
- name: JGROUPS_PING_PROTOCOL |
|||
value: openshift.DNS_PING |
|||
- name: OPENSHIFT_DNS_PING_SERVICE_NAME |
|||
value: sso-ping |
|||
- name: OPENSHIFT_DNS_PING_SERVICE_PORT |
|||
value: "8888" |
|||
- name: X509_CA_BUNDLE |
|||
value: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt /var/run/secrets/kubernetes.io/serviceaccount/ca.crt |
|||
- name: JGROUPS_CLUSTER_PASSWORD |
|||
value: djqqleTNBaVqjl3nsA5Ku3LNCGYSAiB5 |
|||
- name: SSO_ADMIN_USERNAME |
|||
value: admin |
|||
- name: SSO_ADMIN_PASSWORD |
|||
valueFrom: |
|||
secretKeyRef: |
|||
name: demo-seed |
|||
key: sso-admin-password |
|||
- name: SSO_REALM |
|||
value: "" |
|||
- name: SSO_SERVICE_USERNAME |
|||
value: "" |
|||
- name: SSO_SERVICE_PASSWORD |
|||
value: "" |
|||
image: sso |
|||
imagePullPolicy: Always |
|||
postgresDeploymentSpec: |
|||
livenessProbe: |
|||
exec: |
|||
command: |
|||
- /bin/bash |
|||
- -c |
|||
- /opt/eap/bin/livenessProbe.sh |
|||
initialDelaySeconds: 60 |
|||
name: sso |
|||
ports: |
|||
- containerPort: 8778 |
|||
name: jolokia |
|||
protocol: TCP |
|||
- containerPort: 8080 |
|||
name: http |
|||
protocol: TCP |
|||
- containerPort: 8443 |
|||
name: https |
|||
protocol: TCP |
|||
- containerPort: 8888 |
|||
name: ping |
|||
protocol: TCP |
|||
readinessProbe: |
|||
exec: |
|||
command: |
|||
- /bin/bash |
|||
- -c |
|||
- /opt/eap/bin/readinessProbe.sh |
|||
resources: |
|||
limits: |
|||
memory: 1Gi |
|||
volumeMounts: |
|||
- mountPath: /etc/x509/https |
|||
name: sso-x509-https-volume |
|||
readOnly: true |
|||
- mountPath: /etc/x509/jgroups |
|||
name: sso-x509-jgroups-volume |
|||
readOnly: true |
|||
terminationGracePeriodSeconds: 75 |
|||
volumes: |
|||
- name: sso-x509-https-volume |
|||
secret: |
|||
secretName: sso-x509-https-secret |
|||
- name: sso-x509-jgroups-volume |
|||
secret: |
|||
secretName: sso-x509-jgroups-secret |
|||
triggers: |
|||
- imageChangeParams: |
|||
automatic: true |
|||
containerNames: |
|||
- sso |
|||
from: |
|||
kind: ImageStreamTag |
|||
name: sso76-openshift-rhel8:7.6 |
|||
namespace: openshift |
|||
type: ImageChange |
|||
- type: ConfigChange |
|||
--- |
|||
apiVersion: apps.openshift.io/v1 |
|||
kind: DeploymentConfig |
|||
metadata: |
|||
labels: |
|||
application: sso |
|||
rhsso: 7.6.0.GA |
|||
template: sso76-x509-postgresql-persistent |
|||
name: sso-postgresql |
|||
spec: |
|||
replicas: 1 |
|||
selector: |
|||
deploymentConfig: sso-postgresql |
|||
strategy: |
|||
type: Recreate |
|||
template: |
|||
metadata: |
|||
labels: |
|||
application: sso |
|||
deploymentConfig: sso-postgresql |
|||
name: sso-postgresql |
|||
spec: |
|||
containers: |
|||
- env: |
|||
- name: POSTGRESQL_USER |
|||
value: sso |
|||
- name: POSTGRESQL_PASSWORD |
|||
valueFrom: |
|||
secretKeyRef: |
|||
name: demo-seed |
|||
key: sso-database-password |
|||
- name: POSTGRESQL_DATABASE |
|||
value: sso |
|||
- name: POSTGRESQL_MAX_CONNECTIONS |
|||
value: "" |
|||
- name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS |
|||
value: "" |
|||
- name: POSTGRESQL_SHARED_BUFFERS |
|||
value: "" |
|||
image: postgresql |
|||
imagePullPolicy: Always |
|||
instances: 1 |
|||
livenessProbe: |
|||
failureThreshold: 3 |
|||
initialDelaySeconds: 90 |
|||
'successThreshold:': 1 |
|||
tcpSocket: |
|||
port: 5432 |
|||
timeoutSeconds: 10 |
|||
name: sso-postgresql |
|||
ports: |
|||
- containerPort: 5432 |
|||
protocol: TCP |
|||
readinessProbe: |
|||
exec: |
|||
command: |
|||
- /bin/sh |
|||
- -i |
|||
- -c |
|||
- PGSSLMODE=require psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE |
|||
-c 'SELECT 1' |
|||
failureThreshold: 3 |
|||
initialDelaySeconds: 90 |
|||
'successThreshold:': 1 |
|||
timeoutSeconds: 10 |
|||
volumeMounts: |
|||
- mountPath: /var/lib/pgsql/data |
|||
name: sso-postgresql-pvol |
|||
- mountPath: /etc/pki/postgresql |
|||
name: postgresql-ssl-volume |
|||
readOnly: true |
|||
terminationGracePeriodSeconds: 60 |
|||
volumes: |
|||
- name: sso-postgresql-pvol |
|||
persistentVolumeClaim: |
|||
claimName: sso-postgresql-claim |
|||
- name: postgresql-ssl-volume |
|||
secret: |
|||
secretName: postgresql-ssl-secret |
|||
triggers: |
|||
- imageChangeParams: |
|||
automatic: true |
|||
containerNames: |
|||
- sso-postgresql |
|||
from: |
|||
kind: ImageStreamTag |
|||
name: sso-postgresql-ssl:latest |
|||
type: ImageChange |
|||
- type: ConfigChange |
|||
--- |
|||
apiVersion: v1 |
|||
kind: PersistentVolumeClaim |
|||
metadata: |
|||
labels: |
|||
application: sso |
|||
rhsso: 7.6.0.GA |
|||
template: sso76-x509-postgresql-persistent |
|||
name: sso-postgresql-claim |
|||
spec: |
|||
accessModes: |
|||
- ReadWriteOnce |
|||
resources: |
|||
requests: |
|||
storage: 1Gi |
|||
|
|||
Loading…
Reference in new issue