schema_version: 1

name: "redhat-sso-7/sso71-openshift"
description: "Red Hat Single Sign-On 7.1 OpenShift container image"
version: "1.4"
from: "redhat-sso-7/sso71:latest"
labels:
    - name: "com.redhat.component"
      value: "redhat-sso-7-sso71-openshift-container"
    - name: "io.k8s.description"
      value: "Platform for running Red Hat SSO"
    - name: "io.k8s.display-name"
      value: "Red Hat SSO 7.1"
    - name: "io.openshift.expose-services"
      value: "8080:http"
    - name: "io.openshift.tags"
      value: "sso,sso7,keycloak"
    - name: "io.openshift.s2i.scripts-url"
      value: "image:///usr/local/s2i"
envs:
    - name: "STI_BUILDER"
      value: "jee"
    - name: "JBOSS_MODULES_SYSTEM_PKGS"
      value: "org.jboss.logmanager,jdk.nashorn.api"
    - name: "DEFAULT_ADMIN_USERNAME"
      value: "eapadmin"
    - name: "JAVA_OPTS_APPEND"
      example: "-Dfoo=bar"
      description: "Server startup options."
    - name: "MQ_SIMPLE_DEFAULT_PHYSICAL_DESTINATION"
      example: "false"
      description: "For backwards compatability, set to true to use 'MyQueue' and 'MyTopic' as physical destination name defaults instead of 'queue/MyQueue' and 'topic/MyTopic'."
    - name: "SSO_ADMIN_USERNAME"
      example: "admin"
      description: "Username of the administrator account for the 'master' realm of the SSO server. Required. If no value is specified, it is auto generated and displayed as an OpenShift Instructional message when the template is instantiated."
    - name: "SSO_ADMIN_PASSWORD"
      example: "hardtoguess"
      description: "Password of the administrator account for the 'master' realm of the SSO server. Required. If no value is specified, it is auto generated and displayed as an OpenShift Instructional message when the template is instantiated."
    - name: "SSO_REALM"
      example: "demo"
      description: "SSO Realm created if this ENV is provided"
    - name: "SSO_SERVICE_USERNAME"
      example: "username"
      description: "SSO Server service username with rights to create Client configurations in SSO_REALM. This user is created if this ENV is provided"
    - name: "SSO_SERVICE_PASSWORD"
      example: "password"
      description: "Password for SSO_SERVICE_USERNAME"
    - name: "SSO_TRUSTSTORE"
      example: "truststore.jks"
      description: "The name of the truststore file within the secret"
    - name: "SSO_TRUSTSTORE_DIR"
      example: "/etc/sso-secret-volume"
      description: "Truststore directory"
    - name: "SSO_TRUSTSTORE_PASSWORD"
      example: "mykeystorepass"
      description: "The password for the truststore and certificate"
    - name: "SSO_TRUSTSTORE_SECRET"
      example: "truststore-secret"
      description: "The name of the secret containing the truststore file. Used for volume secretName"
    - name: SCRIPT_DEBUG
      description: If set to true, ensurses that the bash scripts are executed with the -x option, printing the commands and their arguments as they are executed.
      example: "true"
    - name: JAVA_MAX_MEM_RATIO
      description: This is used to calculate a default maximal heap memory based on a containers restriction. If used in a Docker container without any memory constraints for the container then this option has no effect. If there is a memory constraint then `-Xmx` is set to a ratio of the container available memory as set here. The default is `50` which means 50% of the available memory is used as an upper boundary. You can skip this mechanism by setting this value to `0` in which case no `-Xmx` option
            is added.
      example: "50"
    - name: JAVA_INITIAL_MEM_RATIO
      description: This is used to calculate a default initial heap memory based the maximumal heap memory.  The default is `100` which means 100% of the maximal heap is used for the initial heap size.  You can skip this mechanism by setting this value to `0` in which case no `-Xms` option is added.
      example: "100"
    - name: JAVA_MAX_INITIAL_MEM
      description: The maximum size of the initial heap memory, if the calculated default initial heap is larger then it will be capped at this value.  The default is 4096 MB.
      example: "4096"
    - name: JAVA_CORE_LIMIT
      description: Core limit as described in https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt.  Used to configure the number of GC threads and parallelism for ForkJoinPool.  Defaults to container core limit.
      example: "2"
    - name: JAVA_DIAGNOSTICS
      description: Set this to get some diagnostics information to standard output when things are happening. **Disabled by default.**
      example: "true"
    - name: GC_MIN_HEAP_FREE_RATIO
      description: Minimum percentage of heap free after GC to avoid expansion.
      example: "20"
    - name: GC_MAX_HEAP_FREE_RATIO
      description: Maximum percentage of heap free after GC to avoid shrinking.
      example: "40"
    - name: GC_TIME_RATIO
      description: Specifies the ratio of the time spent outside the garbage collection (for example, the time spent for application execution) to the time spent in the garbage collection.
      example: "4"
    - name: GC_ADAPTIVE_SIZE_POLICY_WEIGHT
      description: The weighting given to the current GC time versus previous GC times.
      example: "90"
    - name: GC_MAX_METASPACE_SIZE
      description: The maximum metaspace size.
      example: "100"
    - name: "CONTAINER_HEAP_PERCENT"
      example: 0.5
      description: Deprecated.  See JAVA_MAX_MEM_RATIO.
    - name: "INITIAL_HEAP_PERCENT"
      example: 0.5
      description: Deprecated.  See JAVA_INITIAL_MEM_RATIO.
    - name: "PROBE_DISABLE_BOOT_ERRORS_CHECK"
      example: "true"
      description: Disable the boot errors check in the probes.
ports:
    - value: 8443
modules:
      repositories:
          - name: cct_module
            git:
                  url: https://github.com/jboss-openshift/cct_module.git
                  ref: master
      install:
          - name: dynamic-resources
          - name: s2i-common
          - name: java-alternatives
          - name: os-eap7-openshift
          - name: os-eap-s2i
          - name: os-java-jolokia
          - name: jolokia
          - name: os-eap7-openshift
          - name: os-eap7-modules
          - name: os-eap7-ping
          - name: os-java-run
          - name: os-eap-launch
          - name: os-eap7-launch
          - name: os-eap-logging
          - name: os-eap-probes
          - name: jboss-maven
          - name: os-eap-db-drivers
          - name: os-java-hawkular
          - name: os-eap70-hawkular
          - name: os-eap-hawkular
          - name: os-eap-deployment-scanner
          - name: os-eap-extensions
          - name: os-sso71
          - name: openshift-layer
          - name: openshift-passwd
          - name: keycloak-layer
          - name: os-logging
packages:
      repositories:
          - jboss-os
          - jboss-rhscl
      install:
          - rh-mongodb32-mongo-java-driver
          - postgresql-jdbc
          - mysql-connector-java
          - hostname
          - python-requests
          - python-enum34
          - PyYAML
artifacts:
    - path: javax.json-1.0.4.jar
      md5: 569870f975deeeb6691fcb9bc02a9555
    - path: jboss-logmanager-ext-1.0.0.Alpha2-redhat-1.jar
      md5: 7c743e35463db5f55f415dd666d705c5
    - path: oauth-20100527.jar
      md5: 91c7c70579f95b7ddee95b2143a49b41
run:
      user: 185
      cmd:
          - "/opt/eap/bin/openshift-launch.sh"
osbs:
      repository:
            name: containers/redhat-sso-7
            branch: jb-sso-7.1-openshift-rhel-7