apiVersion: v1 kind: List items: - apiVersion: v1 kind: ConfigMap metadata: name: ba-resources namespace: operator-lifecycle-manager data: clusterServiceVersions: | - apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: name: businessautomation-operator.1.0.1 namespace: placeholder annotations: categories: "Integration & Delivery" certified: "false" description: Business Automation Operator can deploy RHPAM/RHDM environments in the form of KieApp objects. containerImage: registry.redhat.io/rhpam-7-tech-preview/rhpam73-operator:1.1 createdAt: 2019-01-25T20:48:22Z support: Red Hat, Inc. tectonic-visibility: ocs alm-examples: >- [{"apiVersion":"app.kiegroup.org/v1","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}] labels: operator-businessautomation: "true" spec: displayName: Business Automation description: Business Automation Operator can deploy RHPAM/RHDM environments in the form of KieApp objects. keywords: - kieapp - pam - decision - kie - cloud - bpm - process - automation - operator version: 1.0.1 maturity: beta maintainers: - name: Red Hat, Inc. email: bsig-cloud@redhat.com provider: name: Red Hat, Inc. links: - name: Product Page url: https://access.redhat.com/products/red-hat-process-automation-manager - name: Documentation url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.3/#category-deploying-red-hat-process-automation-manager-on-openshift icon: - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxMDAgMTAwIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2Q3MWUwMH0uY2xzLTJ7ZmlsbDojYzIxYTAwfS5jbHMtM3tmaWxsOiNmZmZ9LmNscy00e2ZpbGw6I2VhZWFlYX0uY2xzLTV7ZmlsbDojYjdiN2I3fS5jbHMtNntmaWxsOiNjZGNkY2R9PC9zdHlsZT48L2RlZnM+PHRpdGxlPkxvZ288L3RpdGxlPjxnIGlkPSJMYXllcl8xIiBkYXRhLW5hbWU9IkxheWVyIDEiPjxjaXJjbGUgY2xhc3M9ImNscy0xIiBjeD0iNTAiIGN5PSI1MCIgcj0iNTAiIHRyYW5zZm9ybT0icm90YXRlKC00NSA1MCA1MCkiLz48cGF0aCBjbGFzcz0iY2xzLTIiIGQ9Ik04NS4zNiAxNC42NGE1MCA1MCAwIDAgMS03MC43MiA3MC43MnoiLz48cGF0aCBjbGFzcz0iY2xzLTMiIGQ9Ik02NS43NiAzNC4yOEwxNS42IDQzLjE1djEuMTNhLjM0LjM0IDAgMCAwIC4zLjM0YzEuNDcuMTcgNy45MyAyLjExIDggMjMuNDlhLjQ2LjQ2IDAgMCAwIC4zNS40NGwyLjU5LjU3cy0xLjIxLTI1LjU0IDguNzctMjcuMDYgMTEuMiAyNy4yNyAxMS4zMyAzMS4xYS41NC41NCAwIDAgMCAuNDMuNTFsMy41MS43OHMuMDYtMzQuNTQgMTQuOTItMzYuODJ2LTMuMzV6Ii8+PHBhdGggY2xhc3M9ImNscy00IiBkPSJNNjUuMzUgMjcuNTZMMTYuMTggMzguNDJhLjc1Ljc1IDAgMCAwLS41OS43M3Y0bDUwLjE3LTguODd2LTYuNzZhMS42OCAxLjY4IDAgMCAwLS40MS4wNHoiLz48cGF0aCBjbGFzcz0iY2xzLTUiIGQ9Ik0zNS42MSA0Mi4wNWMtNC42MS43LTYuODMgNi41NC03Ljg5IDEyLjYxbDEzLjY1LTEuMzNjMC0uMTcuMDktLjM0LjEzLS41MXMuMTQtLjUzLjIxLS44bC4yLS42OHEuMTItLjQuMjUtLjhsLjItLjYyYy4xMi0uMzYuMjUtLjcxLjM5LTEuMDZsLjEyLS4zMmMtMS42NC00LjE3LTMuOTgtNi45OS03LjI2LTYuNDl6TTgyLjIzIDMxLjE5bC0xNi0zLjYyYTEuOSAxLjkgMCAwIDAtLjQyIDB2Ni43NmwxNy4wNiAyLjgzdi01LjIzYS43Ni43NiAwIDAgMC0uNjQtLjc0ek01My40MyA1My42MmwxOC40MS0xLjEzYzIuMS02LjA1IDUuNTEtMTEuNzUgMTEtMTIuOGwtMTctMi4wOGMtNi42OCAxLjEyLTEwLjM2IDguMjktMTIuNDEgMTYuMDF6Ii8+PHBhdGggY2xhc3M9ImNscy02IiBkPSJNNDEuNzEgNTJsLjEzLS40NS0uMTMuNDZ6TTQxLjkxIDUxLjM0bC0uMDYuMjIuMDctLjIzek0yNy43MiA1NC42NmE2OC4yNiA2OC4yNiAwIDAgMC0uOTMgMTJ2Mi40MkwzOSA2Ni4xYTEuMDYgMS4wNiAwIDAgMCAuODEtMSA1OC43MiA1OC43MiAwIDAgMSAxLjY5LTEyLjI2YzAgLjE2LS4wOS4zMy0uMTMuNDl6TTY1Ljc4IDM0LjI4bC4wMSAzLjM0IDE3LjAzIDIuMDd2LTIuNThsLTE3LjA0LTIuODN6TTUwLjg3IDc0LjQ0TDY4IDY4LjY4YS45Mi45MiAwIDAgMCAuNjMtLjc5IDcyLjQ2IDcyLjQ2IDAgMCAxIDMuMTgtMTUuNGwtMTguMzggMS4xM2E5MC45MSA5MC45MSAwIDAgMC0yLjU2IDIwLjgyek01My40MyA1My42MnoiLz48L2c+PC9zdmc+ mediatype: image/svg+xml labels: alm-owner-businessautomation: businessautomation-operator operated-by: businessautomation-operator.1.0.1 selector: matchLabels: alm-owner-businessautomation: businessautomation-operator operated-by: businessautomation-operator.1.0.1 installModes: - type: OwnNamespace supported: true - type: SingleNamespace supported: true - type: MultiNamespace supported: false - type: AllNamespaces supported: false customresourcedefinitions: owned: - version: v1 kind: KieApp description: An instance of KieApp displayName: KieApp name: kieapps.app.kiegroup.org resources: - kind: DeploymentConfig version: apps.openshift.io/v1 - kind: StatefulSet version: apps/v1 - kind: Secret version: v1 - kind: PersistentVolumeClaim version: v1 - kind: ServiceAccount version: v1 - kind: Role version: authorization.openshift.io/v1 - kind: RoleBinding version: authorization.openshift.io/v1 - kind: Service version: v1 - kind: Route version: route.openshift.io/v1 - kind: BuildConfig version: build.openshift.io/v1 - kind: ImageStream version: image.openshift.io/v1 specDescriptors: - description: Environment deployed. displayName: Environment path: environment x-descriptors: - "urn:alm:descriptor:com.tectonic.ui:label" - description: Product version installed. displayName: Version path: commonConfig.version x-descriptors: - "urn:alm:descriptor:com.tectonic.ui:label" statusDescriptors: - description: Deployments for the KieApp environment. displayName: Deployments path: deployments x-descriptors: - "urn:alm:descriptor:com.tectonic.ui:podStatuses" - description: The address for accessing workbench, if it is deployed. displayName: Workbench URL path: consoleHost x-descriptors: - "urn:alm:descriptor:org.w3:link" install: strategy: deployment spec: permissions: - serviceAccountName: business-automation-operator rules: - apiGroups: - "" - apps - app.kiegroup.org - rbac.authorization.k8s.io - apps.openshift.io - image.openshift.io - build.openshift.io - route.openshift.io resources: - "*" verbs: - "*" - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - get - create deployments: - name: business-automation-operator spec: replicas: 1 strategy: type: Recreate selector: matchLabels: name: business-automation-operator template: metadata: labels: name: business-automation-operator spec: serviceAccountName: business-automation-operator containers: - name: business-automation-operator image: registry.redhat.io/rhpam-7-tech-preview/rhpam73-operator:1.1 ports: - containerPort: 60000 name: metrics command: - kie-cloud-operator imagePullPolicy: Always readinessProbe: exec: command: - stat - /tmp/operator-sdk-ready initialDelaySeconds: 4 periodSeconds: 10 failureThreshold: 1 env: - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME valueFrom: fieldRef: fieldPath: metadata.labels['name'] customResourceDefinitions: | - apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: kieapps.app.kiegroup.org spec: group: app.kiegroup.org names: kind: KieApp listKind: KieAppList plural: kieapps singular: kieapp scope: Namespaced version: v1 validation: openAPIV3Schema: required: - spec properties: spec: type: object required: - environment properties: environment: type: string description: The name of the environment used as a baseline enum: - rhdm-authoring-ha - rhdm-authoring - rhdm-production-immutable - rhdm-trial - rhpam-authoring-ha - rhpam-authoring - rhpam-production-immutable - rhpam-production - rhpam-trial commonConfig: type: object description: Configuration of the RHPAM components properties: applicationName: type: string description: The name of the application deployment. version: type: string description: The version of the application deployment. imageTag: type: string description: The tag to use for the application images. keyStorePassword: type: string description: The password to use for keystore generation. adminPassword: type: string description: The password to use for the adminUser. dbPassword: type: string description: The password to use for databases. amqPassword: type: string description: The password to use for amq user. amqClusterPassword: type: string description: The password to use for amq cluster user. controllerPassword: type: string description: The password to use for the controllerUser. serverPassword: type: string description: The password to use for the executionUser. mavenPassword: type: string description: The password to use for the mavenUser. objects: type: object description: Configuration of the RHPAM components properties: console: type: object description: Configuration of the RHPAM workbench properties: replicas: type: integer format: int32 description: Replicas to set for the DeploymentConfig keystoreSecret: type: string description: Keystore secret name env: type: array items: type: object required: - name oneOf: - required: - value - required: - valueFrom properties: name: type: string description: Name of an environment variable value: type: string description: Value for that environment variable valueFrom: type: object description: Source for the environment variable's value resources: type: object properties: limits: type: object requests: type: object ssoClient: type: object description: Client definitions used for creating the RH-SSO clients in the specified Realm properties: name: type: string description: Client name secret: type: string format: password description: Client secret hostnameHTTP: type: string description: Hostname to set as redirect URL hostnameHTTPS: type: string description: Secure hostname to set as redirect URL servers: type: array description: Configuration of the each individual KIE server minItems: 1 items: type: object description: KIE Server configuration properties: name: type: string description: Server name deployments: type: integer format: int description: Number of Server sets that will be deployed replicas: type: integer format: int32 description: Replicas to set for the DeploymentConfig keystoreSecret: type: string description: Keystore secret name from: type: object description: Image definition to use for all the servers required: - kind - name properties: kind: type: string description: Object kind enum: - ImageStreamTag - DockerImage name: type: string description: Object name namespace: type: string description: Namespace where the object is located build: type: object description: Configuration of build configs for immutable KIE servers required: - kieServerContainerDeployment - gitSource properties: kieServerContainerDeployment: type: string description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.4.0-SNAPSHOT mavenMirrorURL: type: string description: Maven mirror to use for S2I builds artifactDir: type: string description: List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied. gitSource: type: object required: - uri - reference properties: uri: type: string description: Git URI for the s2i source reference: type: string description: Branch to use in the git repository contextDir: type: string description: Context/subdirectory where the code is located, relatively to repo root webhooks: type: array minItems: 1 items: type: object description: WebHook secretes for build configs required: - type - secret properties: type: type: string description: WebHook type, either GitHub or Generic enum: - GitHub - Generic secret: type: string description: Secret value for webhook from: type: object description: Image definition to use for all the servers required: - kind - name properties: kind: type: string description: Object kind. e.g. ImageStreamTag name: type: string description: Object name namespace: type: string description: Namespace where the object is located env: type: array items: type: object required: - name oneOf: - required: - value - required: - valueFrom properties: name: type: string description: Name of an environment variable value: type: string description: Value for that environment variable valueFrom: type: object description: Source for the environment variable's value resources: type: object properties: limits: type: object requests: type: object ssoClient: type: object description: Client definitions used for creating the RH-SSO clients in the specified Realm properties: name: type: string description: Client name secret: type: string format: password description: Client secret hostnameHTTP: type: string description: Hostname to set as redirect URL hostnameHTTPS: type: string description: Secure hostname to set as redirect URL database: type: object required: - type properties: type: type: string description: Database type to use enum: - mysql - postgresql - external - h2 size: type: string description: Size of the PersistentVolumeClaim to create. For example, 100Gi externalConfig: type: object description: External Database configuration required: - driver - dialect - jndiName - username - password oneOf: - required: - name - host - required: - jdbcURL properties: driver: type: string description: Driver name to use. For example, mysql dialect: type: string description: Hibernate dialect class to use. For example, org.hibernate.dialect.MySQL57Dialect name: type: string description: Database Name. For example, rhpam host: type: string description: Database Host. For example, mydb.example.com port: type: string description: Database Port. For example, 3306 jdbcURL: type: string description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam nonXA: type: string description: Sets the datasources type. It can be XA or NONXA. For non XA set it to true. Default value is false. jndiName: type: string description: Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS username: type: string description: External database username password: type: string description: External database password minPoolSize: type: string description: Sets xa-pool/min-pool-size for the configured datasource. maxPoolSize: type: string description: Sets xa-pool/max-pool-size for the configured datasource. connectionChecker: type: string description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides a SQLException isValidConnection(Connection e) method to validate if a connection is valid. exceptionChecker: type: string description: An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides a boolean isExceptionFatal(SQLException e) method to validate if an exception should be broadcast to all javax.resource.spi.ConnectionEventListener as a connectionErrorOccurred. backgroundValidation: type: string description: Sets the sql validation method to background-validation, if set to false the validate-on-match method will be used. backgroundValidationMillis: type: string description: Defines the interval for the background-validation check for the jdbc connections. smartRouter: type: object description: Configuration of the RHPAM smart router properties: replicas: type: integer format: int32 description: Replicas to set for the DeploymentConfig keystoreSecret: type: string description: Keystore secret name env: type: array items: type: object required: - name oneOf: - required: - value - required: - valueFrom properties: name: type: string description: Name of an environment variable value: type: string description: Value for that environment variable valueFrom: type: object description: Source for the environment variable's value resources: type: object properties: limits: type: object requests: type: object imageRegistry: type: object description: If required imagestreams are missing in both the 'openshift' and local namespaces, the operator will create said imagestreams locally using the registry specified here. properties: registry: type: string description: Image registry's base 'url:port'. e.g. registry.example.com:5000. Defaults to 'registry.redhat.io'. insecure: type: boolean description: A flag used to indicate the specified registry is insecure. Defaults to 'false'. auth: type: object description: Authentication integration configuration properties: sso: type: object description: RH-SSO integration configuration required: - url - realm properties: url: type: string description: RH-SSO URL realm: type: string description: RH-SSO Realm name adminUser: type: string description: RH-SSO Realm Admin Username used to create the Client if it doesn't exist adminPassword: type: string format: password description: RH-SSO Realm Admin Password used to create the Client disableSSLCertValidation: type: boolean description: RH-SSO Disable SSL Certificate Validation principalAttribute: type: string description: RH-SSO Principal Attribute to use as username ldap: type: object description: LDAP integration configuration required: - url properties: url: type: string description: LDAP Endpoint to connect for authentication bindDN: type: string description: Bind DN used for authentication bindCredential: type: string format: password description: LDAP Credentials used for authentication jaasSecurityDomain: type: string description: The JMX ObjectName of the JaasSecurityDomain used to decrypt the password. baseCtxDN: type: string description: LDAP Base DN of the top-level context to begin the user search. baseFilter: type: string description: DAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}). searchScope: type: string enum: - SUBTREE_SCOPE - OBJECT_SCOPE - ONELEVEL_SCOPE description: The search scope to use. searchTimeLimit: type: integer format: int32 description: The timeout in milliseconds for user or role searches. distinguishedNameAttribute: type: string description: The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used. parseUsername: type: boolean description: A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString. usernameBeginString: type: string description: Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true. usernameEndString: type: string description: Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameBeginString and only taken into account if parseUsername is set to true. roleAttributeID: type: string description: Name of the attribute containing the user roles. rolesCtxDN: type: string description: The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is. roleFilter: type: string description: A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}). roleRecursion: type: integer format: int16 description: The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0. defaultRole: type: string description: A role included for all authenticated users roleNameAttributeID: type: string description: Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute. parseRoleNameFromDN: type: boolean description: A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries. roleAttributeIsDN: type: boolean description: Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true. referralUserAttributeIDToCheck: type: string description: If you are not using referrals, you can ignore this option. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree. roleMapper: type: object description: RoleMapper configuration required: - rolesProperties properties: rolesProperties: type: string description: When present, the RoleMapping Login Module will be configured to use the provided file. This property defines the fully-qualified file path and name of a properties file or resource which maps roles to replacement roles. The format is original_role=role1,role2,role3 replaceRole: type: boolean description: Whether to add to the current roles, or replace the current roles with the mapped ones. Replaces if set to true. packages: > - #! package-manifest: deploy/catalog_resources/redhat/1.0.1/businessautomation-operator.1.0.1.clusterserviceversion.yaml packageName: businessautomation-operator channels: - name: beta currentCSV: businessautomation-operator.1.0.1 - apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ba-resources namespace: operator-lifecycle-manager spec: configMap: ba-resources displayName: Business Automation Operators publisher: Red Hat sourceType: internal status: configMapReference: name: ba-resources namespace: operator-lifecycle-manager