{
"kind": "Template",
"apiVersion": "v1",
"metadata": {
"annotations": {
"iconClass" : "icon-sso",
"tags" : "sso,keycloak,jboss,hidden",
"version": "1.4.13",
"openshift.io/display-name": "Red Hat Single Sign-On 7.2 (Ephemeral with passthrough TLS)",
"openshift.io/provider-display-name": "Red Hat, Inc.",
"description": "An example RH-SSO 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.",
"template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.2 server based deployment, securing RH-SSO communication using passthrough TLS.",
"template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/",
"template.openshift.io/support-url": "https://access.redhat.com"
},
"name": "sso72-https-postgresql-external"
},
"labels": {
"template": "sso72-https-postgresql-external",
"xpaas": "1.4.13"
},
"message": "A new RH-SSO service has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. Please be sure to create the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing RH-SSO requests.",
"parameters": [
{
"displayName": "Application Name",
"description": "The name for the application.",
"name": "APPLICATION_NAME",
"value": "sso",
"required": true
},
{
"displayName": "Custom http Route Hostname",
"description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>",
"name": "HOSTNAME_HTTP",
"value": "",
"required": false
},
{
"displayName": "Custom https Route Hostname",
"description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>",
"name": "HOSTNAME_HTTPS",
"value": "",
"required": false
},
{
"displayName": "Git Repository URL",
"description": "Git source URI for application",
"name": "SOURCE_REPOSITORY_URL",
"value": "https://github.com/travisrogers05/rhsso-with-ext-postgresql-db",
"required": true
},
{
"displayName": "Git Reference",
"description": "Git branch/tag reference",
"name": "SOURCE_REPOSITORY_REF",
"value": "master",
"required": false
},
{
"displayName": "Context Directory",
"description": "Path within Git project to build; empty for root project directory.",
"name": "CONTEXT_DIR",
"value": "",
"required": false
},
{
"displayName": "Server Keystore Secret Name",
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
"required": false
},
{
"displayName": "Server Keystore Filename",
"description": "The name of the keystore file within the secret",
"name": "HTTPS_KEYSTORE",
"value": "keystore.jks",
"required": false
},
{
"displayName": "Server Keystore Type",
"description": "The type of the keystore file (JKS or JCEKS)",
"name": "HTTPS_KEYSTORE_TYPE",
"value": "",
"required": false
},
{
"displayName": "Server Certificate Name",
"description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
"value": "",
"required": false
},
{
"displayName": "Server Keystore Password",
"description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
"value": "",
"required": false
},
{
"displayName": "Datasource Minimum Pool Size",
"description": "Sets xa-pool/min-pool-size for the configured datasource.",
"name": "DB_MIN_POOL_SIZE",
"required": false
},
{
"displayName": "Datasource Maximum Pool Size",
"description": "Sets xa-pool/max-pool-size for the configured datasource.",
"name": "DB_MAX_POOL_SIZE",
"required": false
},
{
"displayName": "Datasource Transaction Isolation",
"description": "Sets transaction-isolation for the configured datasource.",
"name": "DB_TX_ISOLATION",
"required": false
},
{
"displayName": "JGroups Secret Name",
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
"value": "sso-app-secret",
"required": false
},
{
"displayName": "JGroups Keystore Filename",
"description": "The name of the keystore file within the secret",
"name": "JGROUPS_ENCRYPT_KEYSTORE",
"value": "jgroups.jceks",
"required": false
},
{
"displayName": "JGroups Certificate Name",
"description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
"value": "",
"required": false
},
{
"displayName": "JGroups Keystore Password",
"description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
"value": "",
"required": false
},
{
"displayName": "JGroups Cluster Password",
"description": "JGroups cluster password",
"name": "JGROUPS_CLUSTER_PASSWORD",
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
},
{
"displayName": "Database JNDI Name",
"description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql",
"name": "DB_JNDI",
"value": "java:jboss/datasources/KeycloakDS",
"required": false
},
{
"displayName": "Database Name",
"description": "Database name",
"name": "DB_DATABASE",
"value": "root",
"required": true
},
{
"displayName": "Datasource Minimum Pool Size",
"description": "Sets xa-pool/min-pool-size for the configured datasource.",
"name": "DB_MIN_POOL_SIZE",
"required": false
},
{
"displayName": "Datasource Maximum Pool Size",
"description": "Sets xa-pool/max-pool-size for the configured datasource.",
"name": "DB_MAX_POOL_SIZE",
"required": false
},
{
"displayName": "Datasource Transaction Isolation",
"description": "Sets transaction-isolation for the configured datasource.",
"name": "DB_TX_ISOLATION",
"required": false
},
{
"displayName": "PostgreSQL Maximum number of connections",
"description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.",
"name": "POSTGRESQL_MAX_CONNECTIONS",
"required": false
},
{
"displayName": "PostgreSQL Shared Buffers",
"description": "Configures how much memory is dedicated to PostgreSQL for caching data.",
"name": "POSTGRESQL_SHARED_BUFFERS",
"required": false
},
{
"displayName": "Database Username",
"description": "Database user name",
"name": "DB_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
"generate": "expression",
"required": true
},
{
"displayName": "Database Password",
"description": "Database user password",
"name": "DB_PASSWORD",
"from": "[a-zA-Z0-9]{32}",
"generate": "expression",
"required": true
},
{
"displayName": "ImageStream Namespace",
"description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
},
{
"displayName": "RH-SSO Administrator Username",
"description": "RH-SSO Server administrator username",
"name": "SSO_ADMIN_USERNAME",
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
},
{
"displayName": "RH-SSO Administrator Password",
"description": "RH-SSO Server administrator password",
"name": "SSO_ADMIN_PASSWORD",
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
},
{
"displayName": "RH-SSO Realm",
"description": "Realm to be created in the RH-SSO server (e.g. demorealm).",
"name": "SSO_REALM",
"value": "",
"required": false
},
{
"displayName": "RH-SSO Service Username",
"description": "The username used to access the RH-SSO service. This is used by clients to create the appliction client(s) within the specified RH-SSO realm.",
"name": "SSO_SERVICE_USERNAME",
"value": "",
"required": false
},
{
"displayName": "RH-SSO Service Password",
"description": "The password for the RH-SSO service user.",
"name": "SSO_SERVICE_PASSWORD",
"value": "",
"required": false
},
{
"displayName": "Postgresql service host",
"description": "The host for the postgresql service.",
"name": "SSO_POSTGRESQL_SERVICE_HOST",
"value": "",
"required": false
},
{
"displayName": "Postgresql service port",
"description": "The port for the postgresql service.",
"name": "SSO_POSTGRESQL_SERVICE_PORT",
"value": "5432",
"required": false
},
{
"displayName": "RH-SSO Trust Store",
"description": "The name of the truststore file within the secret (e.g. truststore.jks)",
"name": "SSO_TRUSTSTORE",
"value": "",
"required": false
},
{
"displayName": "RH-SSO Trust Store Password",
"description": "The password for the truststore and certificate (e.g. mykeystorepass)",
"name": "SSO_TRUSTSTORE_PASSWORD",
"value": "",
"required": false
},
{
"displayName": "RH-SSO Trust Store Secret",
"description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
"name": "SSO_TRUSTSTORE_SECRET",
"value": "sso-app-secret",
"required": false
},
{
"displayName": "Container Memory Limit",
"description": "Container memory limit.",
"name": "MEMORY_LIMIT",
"value": "1Gi",
"required": false
}
],
"objects": [
{
"kind": "Service",
"apiVersion": "v1",
"spec": {
"ports": [
{
"port": 8080,
"targetPort": 8080
}
],
"selector": {
"deploymentConfig": "${APPLICATION_NAME}"
}
},
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
},
"annotations": {
"description": "The web server's http port."
}
}
},
{
"kind": "Service",
"apiVersion": "v1",
"spec": {
"ports": [
{
"port": 8443,
"targetPort": 8443
}
],
"selector": {
"deploymentConfig": "${APPLICATION_NAME}"
}
},
"metadata": {
"name": "secure-${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
},
"annotations": {
"description": "The web server's https port."
}
}
},
{
"kind": "Service",
"apiVersion": "v1",
"spec": {
"clusterIP": "None",
"ports": [
{
"name": "ping",
"port": 8888
}
],
"selector": {
"deploymentConfig": "${APPLICATION_NAME}"
}
},
"metadata": {
"name": "${APPLICATION_NAME}-ping",
"labels": {
"application": "${APPLICATION_NAME}"
},
"annotations": {
"service.alpha.kubernetes.io/tolerate-unready-endpoints": "true",
"description": "The JGroups ping port for clustering."
}
}
},
{
"kind": "Route",
"apiVersion": "v1",
"id": "${APPLICATION_NAME}-http",
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
},
"annotations": {
"description": "Route for application's http service."
}
},
"spec": {
"host": "${HOSTNAME_HTTP}",
"to": {
"name": "${APPLICATION_NAME}"
}
}
},
{
"kind": "Route",
"apiVersion": "v1",
"id": "${APPLICATION_NAME}-https",
"metadata": {
"name": "secure-${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
},
"annotations": {
"description": "Route for application's https service."
}
},
"spec": {
"host": "${HOSTNAME_HTTPS}",
"to": {
"name": "secure-${APPLICATION_NAME}"
},
"tls": {
"termination": "passthrough"
}
}
},
{
"kind": "ImageStream",
"apiVersion": "v1",
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
}
}
},
{
"kind": "BuildConfig",
"apiVersion": "v1",
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
}
},
"spec": {
"source": {
"type": "Git",
"git": {
"uri": "${SOURCE_REPOSITORY_URL}",
"ref": "${SOURCE_REPOSITORY_REF}"
},
"contextDir": "${CONTEXT_DIR}"
},
"strategy": {
"type": "Source",
"sourceStrategy": {
"forcePull": true,
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
"name": "redhat-sso72-openshift:1.1"
}
}
},
"output": {
"to": {
"kind": "ImageStreamTag",
"name": "${APPLICATION_NAME}:latest"
}
},
"triggers": [
{
"type": "GitHub",
"github": {
"secret": "${GITHUB_WEBHOOK_SECRET}"
}
},
{
"type": "Generic",
"generic": {
"secret": "${GENERIC_WEBHOOK_SECRET}"
}
},
{
"type": "ImageChange",
"imageChange": {}
},
{
"type": "ConfigChange"
}
]
}
},
{
"kind": "DeploymentConfig",
"apiVersion": "v1",
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"application": "${APPLICATION_NAME}"
}
},
"spec": {
"strategy": {
"type": "Recreate"
},
"triggers": [
{
"type": "ImageChange",
"imageChangeParams": {
"automatic": true,
"containerNames": [
"${APPLICATION_NAME}"
],
"from": {
"kind": "ImageStreamTag",
"name": "${APPLICATION_NAME}:latest"
}
}
},
{
"type": "ConfigChange"
}
],
"replicas": 1,
"selector": {
"deploymentConfig": "${APPLICATION_NAME}"
},
"template": {
"metadata": {
"name": "${APPLICATION_NAME}",
"labels": {
"deploymentConfig": "${APPLICATION_NAME}",
"application": "${APPLICATION_NAME}"
}
},
"spec": {
"terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
"image": "${APPLICATION_NAME}",
"imagePullPolicy": "Always",
"resources": {
"limits": {
"memory": "${MEMORY_LIMIT}"
}
},
"volumeMounts": [
{
"name": "eap-keystore-volume",
"mountPath": "/etc/eap-secret-volume",
"readOnly": true
},
{
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
},
{
"name": "sso-truststore-volume",
"mountPath": "/etc/sso-secret-volume",
"readOnly": true
}
],
"livenessProbe": {
"exec": {
"command": [
"/bin/bash",
"-c",
"/opt/eap/bin/livenessProbe.sh"
]
},
"initialDelaySeconds": 60
},
"readinessProbe": {
"exec": {
"command": [
"/bin/bash",
"-c",
"/opt/eap/bin/readinessProbe.sh"
]
}
},
"ports": [
{
"name": "jolokia",
"containerPort": 8778,
"protocol": "TCP"
},
{
"name": "http",
"containerPort": 8080,
"protocol": "TCP"
},
{
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
},
{
"name": "ping",
"containerPort": 8888,
"protocol": "TCP"
}
],
"env": [
{
"name": "DB_SERVICE_PREFIX_MAPPING",
"value": "SSO_POSTGRESQL=SSODB"
},
{
"name": "DB_JNDI",
"value": "${DB_JNDI}"
},
{
"name": "SSODB_USERNAME",
"value": "${DB_USERNAME}"
},
{
"name": "SSODB_PASSWORD",
"value": "${DB_PASSWORD}"
},
{
"name": "SSODB_DATABASE",
"value": "${DB_DATABASE}"
},
{
"name": "TX_DATABASE_PREFIX_MAPPING",
"value": "SSO_POSTGRESQL=SSODB"
},
{
"name": "DB_MIN_POOL_SIZE",
"value": "${DB_MIN_POOL_SIZE}"
},
{
"name": "DB_MAX_POOL_SIZE",
"value": "${DB_MAX_POOL_SIZE}"
},
{
"name": "DB_TX_ISOLATION",
"value": "${DB_TX_ISOLATION}"
},
{
"name": "ENV_FILES",
"value": "/opt/eap/standalone/configuration/*.env"
},
{
"name": "DB_MIN_POOL_SIZE",
"value": "${DB_MIN_POOL_SIZE}"
},
{
"name": "DB_MAX_POOL_SIZE",
"value": "${DB_MAX_POOL_SIZE}"
},
{
"name": "DB_TX_ISOLATION",
"value": "${DB_TX_ISOLATION}"
},
{
"name": "JGROUPS_PING_PROTOCOL",
"value": "openshift.DNS_PING"
},
{
"name": "OPENSHIFT_DNS_PING_SERVICE_NAME",
"value": "${APPLICATION_NAME}-ping"
},
{
"name": "OPENSHIFT_DNS_PING_SERVICE_PORT",
"value": "8888"
},
{
"name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
"name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
"name": "HTTPS_KEYSTORE_TYPE",
"value": "${HTTPS_KEYSTORE_TYPE}"
},
{
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
{
"name": "HTTPS_PASSWORD",
"value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
"value": "${JGROUPS_ENCRYPT_SECRET}"
},
{
"name": "JGROUPS_ENCRYPT_KEYSTORE_DIR",
"value": "/etc/jgroups-encrypt-secret-volume"
},
{
"name": "JGROUPS_ENCRYPT_KEYSTORE",
"value": "${JGROUPS_ENCRYPT_KEYSTORE}"
},
{
"name": "JGROUPS_ENCRYPT_NAME",
"value": "${JGROUPS_ENCRYPT_NAME}"
},
{
"name": "JGROUPS_ENCRYPT_PASSWORD",
"value": "${JGROUPS_ENCRYPT_PASSWORD}"
},
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
"name": "SSO_ADMIN_USERNAME",
"value": "${SSO_ADMIN_USERNAME}"
},
{
"name": "SSO_ADMIN_PASSWORD",
"value": "${SSO_ADMIN_PASSWORD}"
},
{
"name": "SSO_REALM",
"value": "${SSO_REALM}"
},
{
"name": "SSO_SERVICE_USERNAME",
"value": "${SSO_SERVICE_USERNAME}"
},
{
"name": "SSO_SERVICE_PASSWORD",
"value": "${SSO_SERVICE_PASSWORD}"
},
{
"name": "SSO_POSTGRESQL_SERVICE_HOST",
"value": "${SSO_POSTGRESQL_SERVICE_HOST}"
},
{
"name": "SSO_POSTGRESQL_SERVICE_PORT",
"value": "${SSO_POSTGRESQL_SERVICE_PORT}"
},
{
"name": "SSO_TRUSTSTORE",
"value": "${SSO_TRUSTSTORE}"
},
{
"name": "SSO_TRUSTSTORE_DIR",
"value": "/etc/sso-secret-volume"
},
{
"name": "SSO_TRUSTSTORE_PASSWORD",
"value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
],
"volumes": [
{
"name": "eap-keystore-volume",
"secret": {
"secretName": "${HTTPS_SECRET}"
}
},
{
"name": "eap-jgroups-keystore-volume",
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
},
{
"name": "sso-truststore-volume",
"secret": {
"secretName": "${SSO_TRUSTSTORE_SECRET}"
}
}
]
}
}
}
}
]
}