{ "kind": "Template", "apiVersion": "v1", "metadata": { "annotations": { "iconClass" : "icon-sso", "tags" : "sso,keycloak,jboss", "version": "1.4.11", "openshift.io/display-name": "Red Hat Single Sign-On 7.2 + MySQL (Persistent)", "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "An example RH-SSO 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.2 server based deployment, deployment configuration for MySQL using persistence, and securing RH-SSO communication using re-encrypt TLS.", "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso72-x509-mysql-persistent" }, "labels": { "template": "sso72-x509-mysql-persistent", "xpaas": "1.4.11" }, "message": "A new persistent RH-SSO service (using MySQL) has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. The HTTPS keystore used for serving secure content, the JGroups keystore used for securing JGroups communications, and server truststore used for securing RH-SSO requests were automatically created via OpenShift's service serving x509 certificate secrets.", "parameters": [ { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", "value": "sso", "required": true }, { "displayName": "JGroups Cluster Password", "description": "The password for the JGroups cluster.", "name": "JGROUPS_CLUSTER_PASSWORD", "from": "[a-zA-Z0-9]{32}", "generate": "expression", "required": true }, { "displayName": "Database JNDI Name", "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", "name": "DB_JNDI", "value": "java:jboss/datasources/KeycloakDS", "required": false }, { "displayName": "Database Name", "description": "Database name", "name": "DB_DATABASE", "value": "root", "required": true }, { "displayName": "Datasource Minimum Pool Size", "description": "Sets xa-pool/min-pool-size for the configured datasource.", "name": "DB_MIN_POOL_SIZE", "required": false }, { "displayName": "Datasource Maximum Pool Size", "description": "Sets xa-pool/max-pool-size for the configured datasource.", "name": "DB_MAX_POOL_SIZE", "required": false }, { "displayName": "Datasource Transaction Isolation", "description": "Sets transaction-isolation for the configured datasource.", "name": "DB_TX_ISOLATION", "required": false }, { "displayName": "MySQL Lower Case Table Names", "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES", "required": false }, { "displayName": "MySQL Maximum number of connections", "description": "The maximum permitted number of simultaneous client connections.", "name": "MYSQL_MAX_CONNECTIONS", "required": false }, { "displayName": "MySQL FullText Minimum Word Length", "description": "The minimum length of the word to be included in a FULLTEXT index.", "name": "MYSQL_FT_MIN_WORD_LEN", "required": false }, { "displayName": "MySQL FullText Maximum Word Length", "description": "The maximum length of the word to be included in a FULLTEXT index.", "name": "MYSQL_FT_MAX_WORD_LEN", "required": false }, { "displayName": "MySQL AIO", "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", "name": "MYSQL_AIO", "required": false }, { "displayName": "Database Username", "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", "generate": "expression", "required": true }, { "displayName": "Database Password", "description": "Database user password", "name": "DB_PASSWORD", "from": "[a-zA-Z0-9]{32}", "generate": "expression", "required": true }, { "displayName": "Database Volume Capacity", "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "1Gi", "required": true }, { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true }, { "displayName": "RH-SSO Administrator Username", "description": "RH-SSO Server administrator username", "name": "SSO_ADMIN_USERNAME", "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true }, { "displayName": "RH_SSO Administrator Password", "description": "RH-SSO Server administrator password", "name": "SSO_ADMIN_PASSWORD", "from": "[a-zA-Z0-9]{32}", "generate": "expression", "required": true }, { "displayName": "RH-SSO Realm", "description": "Realm to be created in the RH-SSO server (e.g. demorealm).", "name": "SSO_REALM", "value": "", "required": false }, { "displayName": "RH-SSO Service Username", "description": "The username used to access the RH-SSO service. This is used by clients to create the appliction client(s) within the specified RH-SSO realm.", "name": "SSO_SERVICE_USERNAME", "value": "", "required": false }, { "displayName": "RH-SSO Service Password", "description": "The password for the RH-SSO service user.", "name": "SSO_SERVICE_PASSWORD", "value": "", "required": false }, { "displayName": "MySQL Image Stream Tag", "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", "name": "MYSQL_IMAGE_STREAM_TAG", "value": "5.7", "required": true }, { "displayName": "Container Memory Limit", "description": "Container memory limit.", "name": "MEMORY_LIMIT", "value": "1Gi", "required": false } ], "objects": [ { "kind": "Service", "apiVersion": "v1", "spec": { "ports": [ { "port": 8080, "targetPort": 8080 } ], "selector": { "deploymentConfig": "${APPLICATION_NAME}" } }, "metadata": { "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, "annotations": { "description": "The web server's http port.", "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" } } }, { "kind": "Service", "apiVersion": "v1", "spec": { "ports": [ { "port": 8443, "targetPort": 8443 } ], "selector": { "deploymentConfig": "${APPLICATION_NAME}" } }, "metadata": { "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, "annotations": { "description": "The web server's https port.", "service.alpha.openshift.io/serving-cert-secret-name": "sso-x509-https-secret", "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" } } }, { "kind": "Service", "apiVersion": "v1", "spec": { "ports": [ { "port": 3306, "targetPort": 3306 } ], "selector": { "deploymentConfig": "${APPLICATION_NAME}-mysql" } }, "metadata": { "name": "${APPLICATION_NAME}-mysql", "labels": { "application": "${APPLICATION_NAME}" }, "annotations": { "description": "The database server's port." } } }, { "kind": "Service", "apiVersion": "v1", "spec": { "clusterIP": "None", "ports": [ { "name": "ping", "port": 8888 } ], "selector": { "deploymentConfig": "${APPLICATION_NAME}" } }, "metadata": { "name": "${APPLICATION_NAME}-ping", "labels": { "application": "${APPLICATION_NAME}" }, "annotations": { "service.alpha.kubernetes.io/tolerate-unready-endpoints": "true", "service.alpha.openshift.io/serving-cert-secret-name": "sso-x509-jgroups-secret", "description": "The JGroups ping port for clustering." } } }, { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-http", "metadata": { "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, "annotations": { "description": "Route for application's http service." } }, "spec": { "to": { "name": "${APPLICATION_NAME}" } } }, { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-https", "metadata": { "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, "annotations": { "description": "Route for application's https service." } }, "spec": { "to": { "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination": "reencrypt" } } }, { "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" } }, "spec": { "strategy": { "type": "Recreate" }, "triggers": [ { "type": "ImageChange", "imageChangeParams": { "automatic": true, "containerNames": [ "${APPLICATION_NAME}" ], "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", "name": "redhat-sso72-openshift:1.1" } } }, { "type": "ConfigChange" } ], "replicas": 1, "selector": { "deploymentConfig": "${APPLICATION_NAME}" }, "template": { "metadata": { "name": "${APPLICATION_NAME}", "labels": { "deploymentConfig": "${APPLICATION_NAME}", "application": "${APPLICATION_NAME}" } }, "spec": { "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", "resources": { "limits": { "memory": "${MEMORY_LIMIT}" } }, "volumeMounts": [ { "name": "sso-x509-https-volume", "mountPath": "/etc/x509/https", "readOnly": true }, { "name": "sso-x509-jgroups-volume", "mountPath": "/etc/x509/jgroups", "readOnly": true } ], "livenessProbe": { "exec": { "command": [ "/bin/bash", "-c", "/opt/eap/bin/livenessProbe.sh" ] }, "initialDelaySeconds": 60 }, "readinessProbe": { "exec": { "command": [ "/bin/bash", "-c", "/opt/eap/bin/readinessProbe.sh" ] } }, "ports": [ { "name": "jolokia", "containerPort": 8778, "protocol": "TCP" }, { "name": "http", "containerPort": 8080, "protocol": "TCP" }, { "name": "https", "containerPort": 8443, "protocol": "TCP" }, { "name": "ping", "containerPort": 8888, "protocol": "TCP" } ], "env": [ { "name": "DB_SERVICE_PREFIX_MAPPING", "value": "${APPLICATION_NAME}-mysql=DB" }, { "name": "DB_JNDI", "value": "${DB_JNDI}" }, { "name": "DB_USERNAME", "value": "${DB_USERNAME}" }, { "name": "DB_PASSWORD", "value": "${DB_PASSWORD}" }, { "name": "DB_DATABASE", "value": "${DB_DATABASE}" }, { "name": "TX_DATABASE_PREFIX_MAPPING", "value": "${APPLICATION_NAME}-mysql=DB" }, { "name": "DB_MIN_POOL_SIZE", "value": "${DB_MIN_POOL_SIZE}" }, { "name": "DB_MAX_POOL_SIZE", "value": "${DB_MAX_POOL_SIZE}" }, { "name": "DB_TX_ISOLATION", "value": "${DB_TX_ISOLATION}" }, { "name": "JGROUPS_PING_PROTOCOL", "value": "openshift.DNS_PING" }, { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, { "name": "OPENSHIFT_DNS_PING_SERVICE_PORT", "value": "8888" }, { "name": "X509_CA_BUNDLE", "value": "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt" }, { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { "name": "SSO_ADMIN_USERNAME", "value": "${SSO_ADMIN_USERNAME}" }, { "name": "SSO_ADMIN_PASSWORD", "value": "${SSO_ADMIN_PASSWORD}" }, { "name": "SSO_REALM", "value": "${SSO_REALM}" }, { "name": "SSO_SERVICE_USERNAME", "value": "${SSO_SERVICE_USERNAME}" }, { "name": "SSO_SERVICE_PASSWORD", "value": "${SSO_SERVICE_PASSWORD}" } ] } ], "volumes": [ { "name": "sso-x509-https-volume", "secret": { "secretName": "sso-x509-https-secret" } }, { "name": "sso-x509-jgroups-volume", "secret": { "secretName": "sso-x509-jgroups-secret" } } ] } } } }, { "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { "name": "${APPLICATION_NAME}-mysql", "labels": { "application": "${APPLICATION_NAME}" } }, "spec": { "strategy": { "type": "Recreate" }, "triggers": [ { "type": "ImageChange", "imageChangeParams": { "automatic": true, "containerNames": [ "${APPLICATION_NAME}-mysql" ], "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" } } }, { "type": "ConfigChange" } ], "replicas": 1, "selector": { "deploymentConfig": "${APPLICATION_NAME}-mysql" }, "template": { "metadata": { "name": "${APPLICATION_NAME}-mysql", "labels": { "deploymentConfig": "${APPLICATION_NAME}-mysql", "application": "${APPLICATION_NAME}" } }, "spec": { "terminationGracePeriodSeconds": 60, "containers": [ { "name": "${APPLICATION_NAME}-mysql", "image": "mysql", "imagePullPolicy": "Always", "ports": [ { "containerPort": 3306, "protocol": "TCP" } ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 5, "exec": { "command": [ "/bin/sh", "-i", "-c", "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] } }, "livenessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 30, "tcpSocket": { "port": 3306 } }, "volumeMounts": [ { "mountPath": "/var/lib/mysql/data", "name": "${APPLICATION_NAME}-mysql-pvol" } ], "env": [ { "name": "MYSQL_USER", "value": "${DB_USERNAME}" }, { "name": "MYSQL_PASSWORD", "value": "${DB_PASSWORD}" }, { "name": "MYSQL_DATABASE", "value": "${DB_DATABASE}" }, { "name": "MYSQL_LOWER_CASE_TABLE_NAMES", "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" }, { "name": "MYSQL_MAX_CONNECTIONS", "value": "${MYSQL_MAX_CONNECTIONS}" }, { "name": "MYSQL_FT_MIN_WORD_LEN", "value": "${MYSQL_FT_MIN_WORD_LEN}" }, { "name": "MYSQL_FT_MAX_WORD_LEN", "value": "${MYSQL_FT_MAX_WORD_LEN}" }, { "name": "MYSQL_AIO", "value": "${MYSQL_AIO}" } ] } ], "volumes": [ { "name": "${APPLICATION_NAME}-mysql-pvol", "persistentVolumeClaim": { "claimName": "${APPLICATION_NAME}-mysql-claim" } } ] } } } }, { "apiVersion": "v1", "kind": "PersistentVolumeClaim", "metadata": { "name": "${APPLICATION_NAME}-mysql-claim", "labels": { "application": "${APPLICATION_NAME}" } }, "spec": { "accessModes": [ "ReadWriteOnce" ], "resources": { "requests": { "storage": "${VOLUME_CAPACITY}" } } } } ] }