kind: ImageStream apiVersion: image.openshift.io/v1 metadata: name: postgresql13-for-sso76-openshift-rhel8 creationTimestamp: null annotations: openshift.io/display-name: PostgreSQL namespace: {{ .Values.projectName | quote }} spec: lookupPolicy: local: false tags: - name: 13-el8 annotations: description: Provides a PostgreSQL 13 database on RHEL 8. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/README.md. iconClass: icon-postgresql openshift.io/display-name: PostgreSQL 13 (RHEL 8) openshift.io/provider-display-name: Red Hat, Inc. tags: database,postgresql version: '13' from: kind: DockerImage name: registry.redhat.io/rhel8/postgresql-13:latest generation: null importPolicy: {} referencePolicy: type: Local --- kind: ImageStream apiVersion: image.openshift.io/v1 metadata: name: sso76-openshift-rhel8 annotations: description: Red Hat Single Sign-On 7.6 on OpenJDK openshift.io/display-name: Red Hat Single Sign-On 7.6 on OpenJDK openshift.io/provider-display-name: Red Hat, Inc. version: 7.6.0.GA namespace: {{ .Values.projectName | quote }} labels: rhsso: 7.6.0.GA spec: tags: - name: latest from: kind: ImageStreamTag name: '7.6' - name: '7.6' annotations: description: Red Hat Single Sign-On 7.6 on OpenJDK image iconClass: icon-sso tags: sso,keycloak,redhat,hidden supports: sso:7.6 version: '1.0' openshift.io/display-name: Red Hat Single Sign-On 7.6 on OpenJDK referencePolicy: type: Local from: kind: DockerImage name: registry.redhat.io/rh-sso-7/sso76-openshift-rhel8:7.6 --- apiVersion: v1 kind: Service metadata: annotations: description: The web server's https port. service.alpha.openshift.io/dependencies: '[{"name": "sso-postgresql", "kind": "Service"}]' service.alpha.openshift.io/serving-cert-secret-name: sso-x509-https-secret labels: application: sso rhsso: 7.6.0.GA template: sso76-x509-postgresql-persistent name: sso namespace: {{ .Values.projectName | quote }} spec: ports: - port: 8443 targetPort: 8443 selector: deploymentConfig: sso --- apiVersion: image.openshift.io/v1 kind: ImageStream metadata: labels: application: sso-postgresql-ssl rhsso: 7.6.0.GA template: sso76-x509-postgresql-persistent name: sso-postgresql-ssl namespace: {{ .Values.projectName | quote }} --- apiVersion: build.openshift.io/v1 kind: BuildConfig metadata: annotations: description: Build config to extend the vanilla PostgreSQL SQL database server container image with SSL/TLS support. labels: application: sso rhsso: 7.6.0.GA template: sso76-x509-postgresql-persistent name: sso-postgresql-enable-ssl namespace: {{ .Values.projectName | quote }} spec: output: to: kind: ImageStreamTag name: sso-postgresql-ssl:latest source: contextDir: s2i/postgresql/enable-ssl git: ref: KEYCLOAK-15633 uri: https://github.com/iankko/redhat-sso-7-openshift-image type: Git strategy: sourceStrategy: env: - name: ARTIFACT_DIR value: ${ARTIFACT_DIR} - name: MAVEN_ARGS_APPEND value: "" forcePull: true from: kind: ImageStreamTag name: postgresql13-for-sso76-openshift-rhel8:13-el8 namespace: openshift type: Source triggers: - imageChange: {} type: ImageChange - type: ConfigChange --- apiVersion: v1 kind: Service metadata: annotations: description: The database server's port. service.alpha.openshift.io/serving-cert-secret-name: postgresql-ssl-secret labels: application: sso rhsso: 7.6.0.GA template: sso76-x509-postgresql-persistent name: sso-postgresql namespace: {{ .Values.projectName | quote }} spec: ports: - port: 5432 targetPort: 5432 selector: deploymentConfig: sso-postgresql --- apiVersion: v1 kind: Service metadata: annotations: description: The JGroups ping port for clustering. service.alpha.openshift.io/serving-cert-secret-name: sso-x509-jgroups-secret labels: application: sso rhsso: 7.6.0.GA template: sso76-x509-postgresql-persistent name: sso-ping namespace: {{ .Values.projectName | quote }} spec: clusterIP: None ports: - name: ping port: 8888 publishNotReadyAddresses: true selector: deploymentConfig: sso --- apiVersion: route.openshift.io/v1 kind: Route metadata: annotations: description: Route for application's https service. labels: application: sso rhsso: 7.6.0.GA template: sso76-x509-postgresql-persistent name: sso namespace: {{ .Values.projectName | quote }} spec: host: {{ .Values.sso.hostname | quote }} tls: termination: reencrypt to: kind: Service name: sso --- apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: labels: application: sso rhsso: 7.6.0.GA template: sso76-x509-postgresql-persistent name: sso namespace: {{ .Values.projectName | quote }} spec: replicas: 1 selector: deploymentConfig: sso strategy: type: Recreate template: metadata: labels: application: sso deploymentConfig: sso name: sso spec: containers: - env: - name: SSO_HOSTNAME value: {{ .Values.sso.hostname | quote }} - name: DB_SERVICE_PREFIX_MAPPING value: sso-postgresql=DB - name: DB_JNDI value: java:jboss/datasources/KeycloakDS - name: DB_USERNAME value: sso - name: DB_PASSWORD valueFrom: secretKeyRef: name: demo-seed key: sso-database-password - name: DB_DATABASE value: sso - name: TX_DATABASE_PREFIX_MAPPING value: sso-postgresql=DB - name: DB_MIN_POOL_SIZE value: "" - name: DB_MAX_POOL_SIZE value: "" - name: DB_TX_ISOLATION value: "" - name: JGROUPS_PING_PROTOCOL value: openshift.DNS_PING - name: OPENSHIFT_DNS_PING_SERVICE_NAME value: sso-ping - name: OPENSHIFT_DNS_PING_SERVICE_PORT value: "8888" - name: X509_CA_BUNDLE value: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - name: JGROUPS_CLUSTER_PASSWORD value: djqqleTNBaVqjl3nsA5Ku3LNCGYSAiB5 - name: SSO_ADMIN_USERNAME value: admin - name: SSO_ADMIN_PASSWORD valueFrom: secretKeyRef: name: demo-seed key: sso-admin-password - name: SSO_REALM value: "" - name: SSO_SERVICE_USERNAME value: "" - name: SSO_SERVICE_PASSWORD value: "" image: sso imagePullPolicy: Always livenessProbe: exec: command: - /bin/bash - -c - /opt/eap/bin/livenessProbe.sh initialDelaySeconds: 60 name: sso ports: - containerPort: 8778 name: jolokia protocol: TCP - containerPort: 8080 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP - containerPort: 8888 name: ping protocol: TCP readinessProbe: exec: command: - /bin/bash - -c - /opt/eap/bin/readinessProbe.sh resources: limits: memory: 1Gi volumeMounts: - mountPath: /etc/x509/https name: sso-x509-https-volume readOnly: true - mountPath: /etc/x509/jgroups name: sso-x509-jgroups-volume readOnly: true terminationGracePeriodSeconds: 75 volumes: - name: sso-x509-https-volume secret: secretName: sso-x509-https-secret - name: sso-x509-jgroups-volume secret: secretName: sso-x509-jgroups-secret triggers: - imageChangeParams: automatic: true containerNames: - sso from: kind: ImageStreamTag name: sso76-openshift-rhel8:7.6 namespace: openshift type: ImageChange - type: ConfigChange --- apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: labels: application: sso rhsso: 7.6.0.GA template: sso76-x509-postgresql-persistent name: sso-postgresql namespace: {{ .Values.projectName | quote }} spec: replicas: 1 selector: deploymentConfig: sso-postgresql strategy: type: Recreate template: metadata: labels: application: sso deploymentConfig: sso-postgresql name: sso-postgresql spec: containers: - env: - name: POSTGRESQL_USER value: sso - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: demo-seed key: sso-database-password - name: POSTGRESQL_DATABASE value: sso - name: POSTGRESQL_MAX_CONNECTIONS value: "" - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS value: "" - name: POSTGRESQL_SHARED_BUFFERS value: "" image: postgresql imagePullPolicy: Always livenessProbe: failureThreshold: 3 initialDelaySeconds: 90 successThreshold: 1 tcpSocket: port: 5432 timeoutSeconds: 10 name: sso-postgresql ports: - containerPort: 5432 protocol: TCP readinessProbe: exec: command: - /bin/sh - -i - -c - PGSSLMODE=require psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1' failureThreshold: 3 initialDelaySeconds: 90 successThreshold: 1 timeoutSeconds: 10 volumeMounts: - mountPath: /var/lib/pgsql/data name: sso-postgresql-pvol - mountPath: /etc/pki/postgresql name: postgresql-ssl-volume readOnly: true terminationGracePeriodSeconds: 60 volumes: - name: sso-postgresql-pvol persistentVolumeClaim: claimName: sso-postgresql-claim - name: postgresql-ssl-volume secret: secretName: postgresql-ssl-secret triggers: - imageChangeParams: automatic: true containerNames: - sso-postgresql from: kind: ImageStreamTag name: sso-postgresql-ssl:latest type: ImageChange - type: ConfigChange --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: application: sso rhsso: 7.6.0.GA template: sso76-x509-postgresql-persistent name: sso-postgresql-claim namespace: {{ .Values.projectName | quote }} spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi