nicolas
/
demo-apimgmt
mirror of https://github.com/nmasse-itix/demo-apimgmt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Demo of the Red Hat API Management solution
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12 Commits
2 Branches
0 Tags
63 KiB
Tree: 0809a736e5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0809a736e5'
${ noResults }
demo-apimgmt/infrastructure/templates/sso.yaml

425 lines
11 KiB
Raw Blame History

kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
name: postgresql13-for-sso76-openshift-rhel8
creationTimestamp: null
annotations:
openshift.io/display-name: PostgreSQL
namespace: {{ .Values.projectName | quote }}
spec:
lookupPolicy:
local: false
tags:
- name: 13-el8
annotations:
description: Provides a PostgreSQL 13 database on RHEL 8. For more information
about using this database image, including OpenShift considerations, see
https://github.com/sclorg/postgresql-container/blob/master/README.md.
iconClass: icon-postgresql
openshift.io/display-name: PostgreSQL 13 (RHEL 8)
openshift.io/provider-display-name: Red Hat, Inc.
tags: database,postgresql
version: '13'
from:
kind: DockerImage
name: registry.redhat.io/rhel8/postgresql-13:latest
generation: null
importPolicy: {}
referencePolicy:
type: Local
---
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
name: sso76-openshift-rhel8
annotations:
description: Red Hat Single Sign-On 7.6 on OpenJDK
openshift.io/display-name: Red Hat Single Sign-On 7.6 on OpenJDK
openshift.io/provider-display-name: Red Hat, Inc.
version: 7.6.0.GA
namespace: {{ .Values.projectName | quote }}
labels:
rhsso: 7.6.0.GA
spec:
tags:
- name: latest
from:
kind: ImageStreamTag
name: '7.6'
- name: '7.6'
annotations:
description: Red Hat Single Sign-On 7.6 on OpenJDK image
iconClass: icon-sso
tags: sso,keycloak,redhat,hidden
supports: sso:7.6
version: '1.0'
openshift.io/display-name: Red Hat Single Sign-On 7.6 on OpenJDK
referencePolicy:
type: Local
from:
kind: DockerImage
name: registry.redhat.io/rh-sso-7/sso76-openshift-rhel8:7.6
---
apiVersion: v1
kind: Service
metadata:
annotations:
description: The web server's https port.
service.alpha.openshift.io/dependencies: '[{"name": "sso-postgresql", "kind":
"Service"}]'
service.alpha.openshift.io/serving-cert-secret-name: sso-x509-https-secret
labels:
application: sso
rhsso: 7.6.0.GA
template: sso76-x509-postgresql-persistent
name: sso
namespace: {{ .Values.projectName | quote }}
spec:
ports:
- port: 8443
targetPort: 8443
selector:
deploymentConfig: sso
---
apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
application: sso-postgresql-ssl
rhsso: 7.6.0.GA
template: sso76-x509-postgresql-persistent
name: sso-postgresql-ssl
namespace: {{ .Values.projectName | quote }}
---
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
annotations:
description: Build config to extend the vanilla PostgreSQL SQL database server
container image with SSL/TLS support.
labels:
application: sso
rhsso: 7.6.0.GA
template: sso76-x509-postgresql-persistent
name: sso-postgresql-enable-ssl
namespace: {{ .Values.projectName | quote }}
spec:
output:
to:
kind: ImageStreamTag
name: sso-postgresql-ssl:latest
source:
contextDir: s2i/postgresql/enable-ssl
git:
ref: KEYCLOAK-15633
uri: https://github.com/iankko/redhat-sso-7-openshift-image
type: Git
strategy:
sourceStrategy:
env:
- name: ARTIFACT_DIR
value: ${ARTIFACT_DIR}
- name: MAVEN_ARGS_APPEND
value: ""
forcePull: true
from:
kind: ImageStreamTag
name: postgresql13-for-sso76-openshift-rhel8:13-el8
namespace: openshift
type: Source
triggers:
- imageChange: {}
type: ImageChange
- type: ConfigChange
---
apiVersion: v1
kind: Service
metadata:
annotations:
description: The database server's port.
service.alpha.openshift.io/serving-cert-secret-name: postgresql-ssl-secret
labels:
application: sso
rhsso: 7.6.0.GA
template: sso76-x509-postgresql-persistent
name: sso-postgresql
namespace: {{ .Values.projectName | quote }}
spec:
ports:
- port: 5432
targetPort: 5432
selector:
deploymentConfig: sso-postgresql
---
apiVersion: v1
kind: Service
metadata:
annotations:
description: The JGroups ping port for clustering.
service.alpha.openshift.io/serving-cert-secret-name: sso-x509-jgroups-secret
labels:
application: sso
rhsso: 7.6.0.GA
template: sso76-x509-postgresql-persistent
name: sso-ping
namespace: {{ .Values.projectName | quote }}
spec:
clusterIP: None
ports:
- name: ping
port: 8888
publishNotReadyAddresses: true
selector:
deploymentConfig: sso
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
annotations:
description: Route for application's https service.
labels:
application: sso
rhsso: 7.6.0.GA
template: sso76-x509-postgresql-persistent
name: sso
namespace: {{ .Values.projectName | quote }}
spec:
host: {{ .Values.sso.hostname | quote }}
tls:
termination: reencrypt
to:
name: sso
---
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
labels:
application: sso
rhsso: 7.6.0.GA
template: sso76-x509-postgresql-persistent
name: sso
namespace: {{ .Values.projectName | quote }}
spec:
replicas: 1
selector:
deploymentConfig: sso
strategy:
type: Recreate
template:
metadata:
labels:
application: sso
deploymentConfig: sso
name: sso
spec:
containers:
- env:
- name: SSO_HOSTNAME
value: {{ .Values.sso.hostname | quote }}
- name: DB_SERVICE_PREFIX_MAPPING
value: sso-postgresql=DB
- name: DB_JNDI
value: java:jboss/datasources/KeycloakDS
- name: DB_USERNAME
value: sso
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: demo-seed
key: sso-database-password
- name: DB_DATABASE
value: sso
- name: TX_DATABASE_PREFIX_MAPPING
value: sso-postgresql=DB
- name: DB_MIN_POOL_SIZE
value: ""
- name: DB_MAX_POOL_SIZE
value: ""
- name: DB_TX_ISOLATION
value: ""
- name: JGROUPS_PING_PROTOCOL
value: openshift.DNS_PING
- name: OPENSHIFT_DNS_PING_SERVICE_NAME
value: sso-ping
- name: OPENSHIFT_DNS_PING_SERVICE_PORT
value: "8888"
- name: X509_CA_BUNDLE
value: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- name: JGROUPS_CLUSTER_PASSWORD
value: djqqleTNBaVqjl3nsA5Ku3LNCGYSAiB5
- name: SSO_ADMIN_USERNAME
value: admin
- name: SSO_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: demo-seed
key: sso-admin-password
- name: SSO_REALM
value: ""
- name: SSO_SERVICE_USERNAME
value: ""
- name: SSO_SERVICE_PASSWORD
value: ""
image: sso
imagePullPolicy: Always
livenessProbe:
exec:
command:
- /bin/bash
- -c
- /opt/eap/bin/livenessProbe.sh
initialDelaySeconds: 60
name: sso
ports:
- containerPort: 8778
name: jolokia
protocol: TCP
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 8443
name: https
protocol: TCP
- containerPort: 8888
name: ping
protocol: TCP
readinessProbe:
exec:
command:
- /bin/bash
- -c
- /opt/eap/bin/readinessProbe.sh
resources:
limits:
memory: 1Gi
volumeMounts:
- mountPath: /etc/x509/https
name: sso-x509-https-volume
readOnly: true
- mountPath: /etc/x509/jgroups
name: sso-x509-jgroups-volume
readOnly: true
terminationGracePeriodSeconds: 75
volumes:
- name: sso-x509-https-volume
secret:
secretName: sso-x509-https-secret
- name: sso-x509-jgroups-volume
secret:
secretName: sso-x509-jgroups-secret
triggers:
- imageChangeParams:
automatic: true
containerNames:
- sso
from:
kind: ImageStreamTag
name: sso76-openshift-rhel8:7.6
namespace: openshift
type: ImageChange
- type: ConfigChange
---
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
labels:
application: sso
rhsso: 7.6.0.GA
template: sso76-x509-postgresql-persistent
name: sso-postgresql
namespace: {{ .Values.projectName | quote }}
spec:
replicas: 1
selector:
deploymentConfig: sso-postgresql
strategy:
type: Recreate
template:
metadata:
labels:
application: sso
deploymentConfig: sso-postgresql
name: sso-postgresql
spec:
containers:
- env:
- name: POSTGRESQL_USER
value: sso
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: demo-seed
key: sso-database-password
- name: POSTGRESQL_DATABASE
value: sso
- name: POSTGRESQL_MAX_CONNECTIONS
value: ""
- name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS
value: ""
- name: POSTGRESQL_SHARED_BUFFERS
value: ""
image: postgresql
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 90
successThreshold: 1
tcpSocket:
port: 5432
timeoutSeconds: 10
name: sso-postgresql
ports:
- containerPort: 5432
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- PGSSLMODE=require psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE
-c 'SELECT 1'
failureThreshold: 3
initialDelaySeconds: 90
successThreshold: 1
timeoutSeconds: 10
volumeMounts:
- mountPath: /var/lib/pgsql/data
name: sso-postgresql-pvol
- mountPath: /etc/pki/postgresql
name: postgresql-ssl-volume
readOnly: true
terminationGracePeriodSeconds: 60
volumes:
- name: sso-postgresql-pvol
persistentVolumeClaim:
claimName: sso-postgresql-claim
- name: postgresql-ssl-volume
secret:
secretName: postgresql-ssl-secret
triggers:
- imageChangeParams:
automatic: true
containerNames:
- sso-postgresql
from:
kind: ImageStreamTag
name: sso-postgresql-ssl:latest
type: ImageChange
- type: ConfigChange
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
application: sso
rhsso: 7.6.0.GA
template: sso76-x509-postgresql-persistent
name: sso-postgresql-claim
namespace: {{ .Values.projectName | quote }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi