apiVersion: v1
kind: Template
labels:
  template: amq-broker-74-ssl
  xpaas: 1.4.16
message: A new messaging service with SSL support has been created in your project. It will handle the protocol(s) "${AMQ_PROTOCOL}". The username/password for accessing the service is ${AMQ_USER}/${AMQ_PASSWORD}. Please be sure to create a secret named "${AMQ_SECRET}" containing the trust store and key store files ("${AMQ_TRUSTSTORE}" and "${AMQ_KEYSTORE}") used for serving secure content. 
metadata:
  annotations:
    description: An example Red Hat AMQ Broker application.  This template supports SSL and requires usage of OpenShift secrets.
    iconClass: icon-amq
    openshift.io/display-name: Red Hat AMQ Broker 7.4 (Ephemeral, with SSL)
    openshift.io/provider-display-name: Red Hat, Inc.
    tags: messaging,amq,xpaas
    template.openshift.io/documentation-url: 'https://access.redhat.com/documentation/en/red-hat-amq/'
    template.openshift.io/long-description: >-
      This template defines resources needed to develop a Red Hat AMQ Broker 7.4 based application, including a deployment configuration, using ephemeral (temporary) storage and secure communication using SSL.
    template.openshift.io/support-url: 'https://access.redhat.com'    
    version: 1.4.16
  name: amq-broker-74-ssl
objects:
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      description: The broker's console and Jolokia port.
    labels:
      application: ${APPLICATION_NAME}
    name: ${AMQ_NAME}-amq-jolokia
  spec:
    ports:
    - port: 8161
      targetPort: 8161
    selector:
      deploymentConfig: ${APPLICATION_NAME}-amq
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      description: The broker's AMQP port.
    labels:
      application: ${APPLICATION_NAME}
    name: ${AMQ_NAME}-amq-amqp
  spec:
    ports:
    - port: 5672
      targetPort: 5672
    selector:
      deploymentConfig: ${APPLICATION_NAME}-amq
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      description: The broker's AMQP SSL port.
    labels:
      application: ${APPLICATION_NAME}
    name: ${AMQ_NAME}-amq-amqp-ssl
  spec:
    ports:
      - port: 5671
        targetPort: 5671
    selector:
      deploymentConfig: ${APPLICATION_NAME}-amq      
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      description: The broker's MQTT port.
    labels:
      application: ${APPLICATION_NAME}
    name: ${AMQ_NAME}-amq-mqtt
  spec:
    ports:
    - port: 1883
      targetPort: 1883
    selector:
      deploymentConfig: ${APPLICATION_NAME}-amq
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      description: The broker's MQTT SSL port.
    labels:
      application: ${APPLICATION_NAME}
    name: ${AMQ_NAME}-amq-mqtt-ssl
  spec:
    ports:
      - port: 8883
        targetPort: 8883
    selector:
      deploymentConfig: ${APPLICATION_NAME}-amq
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      description: The broker's STOMP port.
    labels:
      application: ${APPLICATION_NAME}
    name: ${AMQ_NAME}-amq-stomp
  spec:
    ports:
    - port: 61613
      targetPort: 61613
    selector:
      deploymentConfig: ${APPLICATION_NAME}-amq
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      description: The broker's STOMP SSL port.
    labels:
      application: ${APPLICATION_NAME}
    name: ${AMQ_NAME}-amq-stomp-ssl
  spec:
    ports:
      - port: 61612
        targetPort: 61612
    selector:
      deploymentConfig: ${APPLICATION_NAME}-amq      
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      description: The broker's OpenWire port.
      service.alpha.openshift.io/dependencies: '[{"name": "${AMQ_NAME}-amq-amqp",
        "kind": "Service"},{"name": "${AMQ_NAME}-amq-mqtt", "kind": "Service"},{"name":
        "${AMQ_NAME}-amq-stomp", "kind": "Service"}]'
    labels:
      application: ${APPLICATION_NAME}
    name: ${AMQ_NAME}-amq-tcp
  spec:
    ports:
    - port: 61616
      targetPort: 61616
    selector:
      deploymentConfig: ${APPLICATION_NAME}-amq
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      description: The broker's OpenWire (SSL) port.
      service.alpha.openshift.io/dependencies: '[{"name": "${AMQ_NAME}-amq-tcp", "kind": "Service"},{"name":
        "${AMQ_NAME}-amq-amqp", "kind": "Service"},{"name":
        "${AMQ_NAME}-amq-mqtt", "kind": "Service"},{"name":
        "${AMQ_NAME}-amq-stomp", "kind": "Service"},{"name":
        "${AMQ_NAME}-amq-amqp-ssl", "kind": "Service"},{"name":
        "${AMQ_NAME}-amq-mqtt-ssl", "kind": "Service"},{"name":
        "${AMQ_NAME}-amq-stomp-ssl", "kind": "Service"}]'
    labels:
      application: ${APPLICATION_NAME}
    name: ${AMQ_NAME}-amq-tcp-ssl
  spec:
    ports:
      - port: 61617
        targetPort: 61617
    selector:
      deploymentConfig: ${APPLICATION_NAME}-amq        
- apiVersion: v1
  kind: DeploymentConfig
  metadata:
    labels:
      application: ${APPLICATION_NAME}
    name: ${APPLICATION_NAME}-amq
  spec:
    replicas: 1
    selector:
      deploymentConfig: ${APPLICATION_NAME}-amq
    strategy:
      rollingParams:
        maxSurge: 0
      type: Rolling
    template:
      metadata:
        labels:
          application: ${APPLICATION_NAME}
          deploymentConfig: ${APPLICATION_NAME}-amq
        name: ${APPLICATION_NAME}-amq
      spec:
        containers:
          - env:
            - name: AMQ_USER
              valueFrom:
                secretKeyRef:
                  name: ${AMQ_CREDENTIAL_SECRET}
                  key: ${AMQ_USER}
            - name: AMQ_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: ${AMQ_CREDENTIAL_SECRET}
                  key: password
            - name: AMQ_ROLE
              value: ${AMQ_ROLE}
            - name: AMQ_NAME
              value: ${AMQ_NAME}
            - name: AMQ_TRANSPORTS
              value: ${AMQ_PROTOCOL}
            - name: AMQ_QUEUES
              value: ${AMQ_QUEUES}
            - name: AMQ_ADDRESSES
              value: ${AMQ_ADDRESSES}
            - name: AMQ_KEYSTORE_TRUSTSTORE_DIR
              value: /etc/amq-secret-volume
            - name: AMQ_TRUSTSTORE
              value: ${AMQ_TRUSTSTORE}
            - name: AMQ_TRUSTSTORE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: ${AMQ_CREDENTIAL_SECRET}
                  key: amq_truststore_password
            - name: AMQ_KEYSTORE
              value: ${AMQ_KEYSTORE}
            - name: AMQ_KEYSTORE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: ${AMQ_CREDENTIAL_SECRET}
                  key: amq_keystore_password
            - name: AMQ_SSL_PROVIDER
              value: ${AMQ_SSL_PROVIDER}
            - name: AMQ_GLOBAL_MAX_SIZE
              value: ${AMQ_GLOBAL_MAX_SIZE}
            - name: AMQ_REQUIRE_LOGIN
              value: ${AMQ_REQUIRE_LOGIN}
            - name: AMQ_EXTRA_ARGS
              value: ${AMQ_EXTRA_ARGS}
            - name: AMQ_ANYCAST_PREFIX
              value: ${AMQ_ANYCAST_PREFIX}
            - name: AMQ_MULTICAST_PREFIX
              value: ${AMQ_MULTICAST_PREFIX}
            - name: AMQ_ENABLE_METRICS_PLUGIN
              value: ${AMQ_ENABLE_METRICS_PLUGIN}
            - name: AMQ_JOURNAL_TYPE
              value: ${AMQ_JOURNAL_TYPE}
            image: ${IMAGE}
            imagePullPolicy: Always
            readinessProbe:
              exec:
                command:
                - "/bin/bash"
                - "-c"
                - "/opt/amq/bin/readinessProbe.sh"
            name: ${APPLICATION_NAME}-amq
            ports:
            - containerPort: 8161
              name: console-jolokia
              protocol: TCP
            - containerPort: 5672
              name: amqp
              protocol: TCP
            - containerPort: 5672
              name: amqp-ssl
              protocol: TCP
            - containerPort: 1883
              name: mqtt
              protocol: TCP
            - containerPort: 8883
              name: mqtt-ssl
              protocol: TCP
            - containerPort: 61613
              name: stomp
              protocol: TCP
            - containerPort: 61612
              name: stomp-ssl
              protocol: TCP
            - containerPort: 61616
              name: artemis
              protocol: TCP
            - containerPort: 61617
              name: tcp-ssl
              protocol: TCP
            volumeMounts:
              - mountPath: /etc/amq-secret-volume
                name: broker-secret-volume
                readOnly: true            
        terminationGracePeriodSeconds: 60
        volumes:
        - name: broker-secret-volume
          secret:
            secretName: ${AMQ_SECRET}      
    triggers:
    - type: ConfigChange
- apiVersion: v1
  kind: Route
  metadata:
    labels:
      application: ${APPLICATION_NAME}
    name: console
  spec:
    tls:
      termination: passthrough
    to:
      kind: Service
      name: ${AMQ_NAME}-amq-jolokia
parameters:
- description: The name for the application.
  displayName: Application Name
  name: APPLICATION_NAME
  required: true
  value: broker
- description: 'Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp`, `mqtt` and `hornetq`.'
  displayName: AMQ Protocols
  name: AMQ_PROTOCOL
  value: openwire,amqp,stomp,mqtt,hornetq
- description: Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.
  displayName: Queues
  name: AMQ_QUEUES
- description: Address names, separated by commas. These addresses will be automatically created when the broker starts. If left empty, addresses will be still created dynamically.
  displayName: Addresses
  name: AMQ_ADDRESSES
- description: User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated. It serves as a key by which the real user name is retrieved from kubernetes secret object.
  displayName: AMQ Username
  from: user[a-zA-Z0-9]{3}
  generate: expression
  name: AMQ_USER
- description: Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated. It serves as a key by which the real password is retrieved from kubernetes secret object.
  displayName: AMQ Password
  from: '[a-zA-Z0-9]{8}'
  generate: expression
  name: AMQ_PASSWORD
- description: User role for standard broker user.
  displayName: AMQ Role
  name: AMQ_ROLE
  value: admin
- description: The name of the broker
  displayName: AMQ Name
  name: AMQ_NAME
  value: broker
- description: Name of a secret containing SSL related files
  displayName: Secret Name
  name: AMQ_SECRET
  required: true
  value: amq-app-secret
- description: Name of a secret containing credential data such as usernames and passwords
  displayName: Secret Name
  name: AMQ_CREDENTIAL_SECRET
  required: true
  value: amq-credential-secret
- description: SSL trust store filename
  displayName: Trust Store Filename
  name: AMQ_TRUSTSTORE
  required: true
  value: broker.ts
- description: SSL trust store password. It serves as a key by which the real password is retrieved from kubernetes secret object.
  displayName: Trust Store Password
  name: AMQ_TRUSTSTORE_PASSWORD
  required: true
- description: SSL key store filename
  displayName: AMQ Keystore Filename
  name: AMQ_KEYSTORE
  required: true
  value: broker.ks
- description: Password for accessing SSL keystore. It serves as a key by which the real password is retrieved from kubernetes secret object.
  displayName: AMQ Keystore Password
  name: AMQ_KEYSTORE_PASSWORD
  required: true
- description: SSL provider (JDK or OPENSSL) used in netty ssl acceptor
  displayName: AMQ SSL Provider
  name: AMQ_SSL_PROVIDER
  required: false
- description: "Maximum amount of memory which message data may consume (Default: Undefined, half of the system's memory)."
  displayName: AMQ Global Max Size
  name: AMQ_GLOBAL_MAX_SIZE
  value: 100 gb
- description: "Determines whether or not the broker will allow anonymous access, or require login"
  displayName: AMQ Require Login
  name: AMQ_REQUIRE_LOGIN
- description: Extra arguments for broker creation
  name: AMQ_EXTRA_ARGS
  required: false
- description: Anycast prefix applied to the multiplexed protocol ports 61616 and 61617
  displayName: AMQ Anycast Prefix
  name: AMQ_ANYCAST_PREFIX
  required: false
- description: Multicast prefix applied to the multiplexed protocol ports 61616 and 61617
  displayName: AMQ Multicast Prefix
  name: AMQ_MULTICAST_PREFIX
  required: false
- description: Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.
  displayName: ImageStream Namespace
  name: IMAGE_STREAM_NAMESPACE
  required: true
  value: openshift
- description: Broker Image
  displayName: Image
  name: IMAGE
  required: true
  value: registry.redhat.io/amq7/amq-broker-lts-rhel7:7.4
- description: Whether to enable artemis metrics plugin
  displayName: Enable Metrics Plugin
  name: AMQ_ENABLE_METRICS_PLUGIN
- description: Journal type to use; aio or nio supported
  displayName: AMQ Journal Type
  name: AMQ_JOURNAL_TYPE
  value: nio
  required: false
- description: Journal type to use; aio or nio supported
  displayName: AMQ Journal Type
  name: AMQ_JOURNAL_TYPE
  value: nio
  required: false