schema_version: 1 name: "redhat-sso-7/sso70-openshift" description: "Red Hat Single Sign-On 7.0 OpenShift container image" version: "1.5" from: "redhat-sso-7/sso70:latest" labels: - name: "io.k8s.description" value: "Platform for running Red Hat SSO" - name: "io.k8s.display-name" value: "Red Hat SSO 7.0" - name: "io.openshift.expose-services" value: "8080:http" - name: "io.openshift.tags" value: "sso,sso7,keycloak" - name: "io.openshift.s2i.scripts-url" value: "image:///usr/local/s2i" envs: - name: "STI_BUILDER" value: "jee" - name: "JBOSS_MODULES_SYSTEM_PKGS" value: "org.jboss.logmanager,jdk.nashorn.api" - name: "AB_JOLOKIA_PASSWORD_RANDOM" value: "true" - name: AB_JOLOKIA_AUTH_OPENSHIFT value: "true" - name: AB_JOLOKIA_HTTPS value: "true" - name: "DEFAULT_ADMIN_USERNAME" value: "eapadmin" - name: "OPENSHIFT_KUBE_PING_NAMESPACE" example: "myproject" description: "Clustering project namespace." - name: "OPENSHIFT_KUBE_PING_LABELS" example: "application=sso" description: "Clustering labels selector." - name: "JAVA_OPTS_APPEND" example: "-Dfoo=bar" description: "Server startup options." - name: "MQ_SIMPLE_DEFAULT_PHYSICAL_DESTINATION" example: "false" description: "For backwards compatability, set to true to use 'MyQueue' and 'MyTopic' as physical destination name defaults instead of 'queue/MyQueue' and 'topic/MyTopic'." - name: "SSO_ADMIN_USERNAME" example: "admin" description: "Username of the administrator account for the 'master' realm of the SSO server. Required. If no value is specified, it is auto generated and displayed as an OpenShift Instructional message when the template is instantiated." - name: "SSO_ADMIN_PASSWORD" example: "hardtoguess" description: "Password of the administrator account for the 'master' realm of the SSO server. Required. If no value is specified, it is auto generated and displayed as an OpenShift Instructional message when the template is instantiated." - name: "SSO_REALM" example: "demo" description: "SSO Realm created if this ENV is provided" - name: "SSO_SERVICE_USERNAME" example: "username" description: "SSO Server service username with rights to create Client configurations in SSO_REALM. This user is created if this ENV is provided" - name: "SSO_SERVICE_PASSWORD" example: "password" description: "Password for SSO_SERVICE_USERNAME" - name: "SSO_TRUSTSTORE" example: "truststore.jks" description: "The name of the truststore file within the secret" - name: "SSO_TRUSTSTORE_DIR" example: "/etc/sso-secret-volume" description: "Truststore directory" - name: "SSO_TRUSTSTORE_PASSWORD" example: "mykeystorepass" description: "The password for the truststore and certificate" - name: "SSO_TRUSTSTORE_SECRET" example: "truststore-secret" description: "The name of the secret containing the truststore file. Used for volume secretName" - name: AB_JOLOKIA_OFF description: If set disables activation of Joloka (i.e. echos an empty value). By default, Jolokia is enabled. example: "true" - name: AB_JOLOKIA_CONFIG description: If set uses this file (including path) as Jolokia JVM agent properties (as described in Jolokia's link:https://www.jolokia.org/reference/html/agents.html#agents-jvm[reference manual]). If not set, the `/opt/jolokia/etc/jolokia.properties` will be created using the settings as defined in the manual. Otherwise the rest of the settings in this document are ignored. example: "/opt/jolokia/custom.properties" - name: AB_JOLOKIA_HOST description: Host address to bind to. Defaults to **0.0.0.0**. example: "127.0.0.1" - name: AB_JOLOKIA_PORT description: Port to listen to. Defaults to **8778**. example: "5432" - name: AB_JOLOKIA_USER description: User for basic authentication. Defaults to **jolokia**. example: "myusername" - name: AB_JOLOKIA_PASSWORD description: Password for basic authentication. By default authentication is switched off. example: "mypassword" - name: AB_JOLOKIA_PASSWORD_RANDOM description: Determines if a random AB_JOLOKIA_PASSWORD be generated. Set to **true** to generate random password. Generated value will be written to `/opt/jolokia/etc/jolokia.pw`. example: "true" - name: AB_JOLOKIA_HTTPS description: Switch on secure communication with https. By default self signed server certificates are generated if no `serverCert` configuration is given in **AB_JOLOKIA_OPTS**. example: "true" - name: AB_JOLOKIA_ID description: Agent ID to use (`$HOSTNAME` by default, which is the container id). example: "openjdk-app-1-xqlsj" - name: AB_JOLOKIA_DISCOVERY_ENABLED description: Enable Jolokia discovery. Defaults to **false**. example: "true" - name: AB_JOLOKIA_OPTS description: Additional options to be appended to the agent configuration. They should be given in the format `key=value,key=value,...`. example: "backlog=20" - name: AB_JOLOKIA_AUTH_OPENSHIFT description: Switch on client authentication for OpenShift TLS communication. The value of this parameter can be a relative distinguished name which must be contained in a presented client's certificate. Enabling this parameter will automatically switch Jolokia into https communication mode. The default CA cert is set to `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`. example: "true" - name: SCRIPT_DEBUG description: If set to true, ensurses that the bash scripts are executed with the -x option, printing the commands and their arguments as they are executed. example: "true" - name: JAVA_MAX_MEM_RATIO description: This is used to calculate a default maximal heap memory based on a containers restriction. If used in a Docker container without any memory constraints for the container then this option has no effect. If there is a memory constraint then `-Xmx` is set to a ratio of the container available memory as set here. The default is `50` which means 50% of the available memory is used as an upper boundary. You can skip this mechanism by setting this value to `0` in which case no `-Xmx` option is added. example: "50" - name: JAVA_INITIAL_MEM_RATIO description: This is used to calculate a default initial heap memory based the maximumal heap memory. The default is `100` which means 100% of the maximal heap is used for the initial heap size. You can skip this mechanism by setting this value to `0` in which case no `-Xms` option is added. example: "100" - name: JAVA_MAX_INITIAL_MEM description: The maximum size of the initial heap memory, if the calculated default initial heap is larger then it will be capped at this value. The default is 4096 MB. example: "4096" - name: JAVA_CORE_LIMIT description: Core limit as described in https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt. Used to configure the number of GC threads and parallelism for ForkJoinPool. Defaults to container core limit. example: "2" - name: JAVA_DIAGNOSTICS description: Set this to get some diagnostics information to standard output when things are happening. **Disabled by default.** example: "true" - name: GC_MIN_HEAP_FREE_RATIO description: Minimum percentage of heap free after GC to avoid expansion. example: "20" - name: GC_MAX_HEAP_FREE_RATIO description: Maximum percentage of heap free after GC to avoid shrinking. example: "40" - name: GC_TIME_RATIO description: Specifies the ratio of the time spent outside the garbage collection (for example, the time spent for application execution) to the time spent in the garbage collection. example: "4" - name: GC_ADAPTIVE_SIZE_POLICY_WEIGHT description: The weighting given to the current GC time versus previous GC times. example: "90" - name: GC_MAX_METASPACE_SIZE description: The maximum metaspace size. example: "100" - name: "CONTAINER_HEAP_PERCENT" example: 0.5 description: Deprecated. See JAVA_MAX_MEM_RATIO. - name: "INITIAL_HEAP_PERCENT" example: 0.5 description: Deprecated. See JAVA_INITIAL_MEM_RATIO. - name: "PROBE_DISABLE_BOOT_ERRORS_CHECK" example: "true" description: Disable the boot errors check in the probes. ports: - value: 8443 - value: 8778 modules: repositories: - git: url: https://github.com/jboss-openshift/cct_module.git ref: master install: - name: dynamic-resources - name: s2i-common - name: java-alternatives - name: os-eap7-openshift - name: os-eap-s2i - name: os-java-jolokia - name: jolokia - name: os-eap7-openshift - name: os-eap7-modules - name: os-eap7-ping - name: os-java-run - name: os-eap-launch - name: os-eap7-launch - name: os-eap-logging - name: os-eap-probes - name: jboss-maven - name: os-eap-db-drivers - name: os-sso - name: openshift-layer - name: openshift-passwd packages: repositories: - jboss-os - jboss-rhscl install: - rh-mongodb32-mongo-java-driver - postgresql-jdbc - mysql-connector-java - rh-maven33 - hostname - python-requests - python-enum34 - PyYAML artifacts: - url: https://maven.repository.redhat.com/ga/org/jolokia/jolokia-jvm/1.3.6.redhat-1/jolokia-jvm-1.3.6.redhat-1-agent.jar md5: 75e5b5ba0b804cd9def9f20a70af649f - path: javax.json-1.0.4.jar md5: 569870f975deeeb6691fcb9bc02a9555 - path: jboss-logmanager-ext-1.0.0.Alpha2-redhat-1.jar md5: 7c743e35463db5f55f415dd666d705c5 - path: openshift-ping-common-1.1.5.Final-redhat-1.jar md5: e27cdcf626ab1366c8d7d18ebd399ec4 - path: openshift-ping-dns-1.1.5.Final-redhat-1.jar md5: ecab0d5ad969cb001e778305485b4640 - path: openshift-ping-kube-1.1.5.Final-redhat-1.jar md5: 2f74acc3efc68e3781b7004f5a683fdc - path: oauth-20100527.jar md5: 91c7c70579f95b7ddee95b2143a49b41 run: user: 185 cmd: - "/opt/eap/bin/openshift-launch.sh" osbs: repository: name: redhat-sso-7-docker branch: ce-1.5-openshift-sso-7.0-jdk-8-rhel-7