diff --git a/OWNERS b/OWNERS index cc6caba9c..44037e944 100644 --- a/OWNERS +++ b/OWNERS @@ -5,6 +5,7 @@ reviewers: - spolti - vaibhavjainwiz - desmax74 + - davidesalerno approvers: - bmozaffa - tchughesiv diff --git a/README.md b/README.md index 0d95aaf3c..2a8cfb21b 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,10 @@ - go v1.16.x - operator-sdk v0.19.2 +- docker +- [opm](https://github.com/operator-framework/operator-registry/releases) +- [podman](https://podman.io/) +- [cekit](https://cekit.io/) ## Build @@ -16,72 +20,205 @@ make ## Upload to a container registry e.g. - ```bash -docker push quay.io/kiegroup/kie-cloud-operator: +docker tag quay.io/kiegroup/kie-cloud-operator: quay.io//kie-cloud-operator: +docker push quay.io//kie-cloud-operator: ``` -## Deploy to OpenShift 4.5+ using OLM +### Note + +If the quay.io repository where the images were pushed is private, a pull secret will need to be configured, +otherwise all operator related images must be public. + + + +## Deploy to OpenShift 4.7+ using OLM -To install this operator on OpenShift 4 for end-to-end testing, make sure you have access to a quay.io account to create -an application repository. Follow the [authentication](https://github.com/operator-framework/operator-courier/#authentication) -instructions for Operator Courier to obtain an account token. +To install this operator on OpenShift 4 for end-to-end testing, make sure you have access to a quay.io (https://quay.io/) account to create +an application repository. Follow the [authentication](https://github.com/operator-framework/operator-courier/#authentication) +instructions for Operator Courier to obtain an account token. This token is in the form of "basic XXXXXXXXX" and both words are required for the command. -If pushing to another quay repository, replace _kiegroup_ with your username or other namespace. -Also note that the push command does not overwrite an existing repository, -and it needs to be deleted before a new version can be built and uploaded. -Once the bundle has been uploaded, create an [Operator Source](https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md#linking-the-quay-application-repository-to-your-openshift-40-cluster) +Also note that the push command does not overwrite an existing repository, +and it needs to be deleted before a new version can be built and uploaded. +Once the bundle has been uploaded, create an [Operator Source](https://github.com/k8s-operatorhub/community-operators/) to load your operator bundle in OpenShift. -**Create your own index image** -Requires [opm](https://github.com/operator-framework/operator-registry/releases) v1.15.3+ - +**To create the bundle image follow the steps** + +- Create your own bundle +- Push the bundle on the container registry +- Build the index +- Push the index on the container registry +- Disable default catalog sources on Openshift +- Write your Catalog-source +- Create your catalog source on Openshift +- Write your Subscription +- Create your Subscription on Openshift + +**To Restore your cluster from your bundle image changes follow the steps** + +- Cleanup your catalog-source + +### Create your own Bundle + +i.e. 7.12.0-1 version +Remove the following line from deploy/olm-catalog/dev/7.12.0-1/manifest/businessautomation-operator.clusterserviceversion.yaml + +```console +replaces: businessautomation-operator. +``` +Set your registry id, like quay username +with USERNAME as env + +```bash +export USERNAME= +``` + +activate Cekit and run the following command + ```bash -USERNAME=tchughesiv -VERSION=$(go run getversion.go -csv) -IMAGE=quay.io/${USERNAME}/rhpam-operator-bundle -BUNDLE=${IMAGE}:${VERSION} $ make bundle-dev +``` + +the last log line is something like this: +```console +INFO Image built and available under following tags: quay.io//rhpam-operator-bundle:7.12.1, quay.io/${USERNAME}/rhpam-operator-bundle:latest +``` +### Push the bundle on the container registry + +VERSION=$(go run getversion.go) + +USERNAME= + +```bash +$ docker push quay.io/${USERNAME}/rhpam-operator-bundle:${VERSION} +``` + +### Build the index image + +```bash +opm index add --bundles quay.io/${USERNAME}/rhpam-operator-bundle:${VERSION} --tag quay.io/${USERNAME}/rhpam-operator-index:${VERSION} +``` +### Push the index on the container registry + +Log in into your quay.io account: +```bash +podman login quay.io +``` + +Push the index on your quay repository +```bash +podman push quay.io/${USERNAME}/rhpam-operator-index:${VERSION} +``` + +#### Disable default catalog sources on Openshift + +To test your Operator, with bundle and index you need to disable the default source like the operator hub +```bash +oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' +``` +#### Write your Catalog-source -$ docker push ${BUNDLE} -BUNDLE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ${BUNDLE}) -INDEX_VERSION=v4.7 -INDEX_IMAGE=quay.io/${USERNAME}/ba-operator-index:${INDEX_VERSION} -INDEX_FROM=${INDEX_IMAGE}_$(go run getversion.go -csvPrior) -INDEX_TO=${INDEX_IMAGE}_${VERSION} +A catalog source is repository of CSVs, CRDs, and packages that define an application. -$ opm index add -c docker --bundles ${BUNDLE_DIGEST} --from-index ${INDEX_FROM} --tag ${INDEX_TO} +```yaml +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: xxxxxname + namespace: openshift-marketplace +spec: + sourceType: grpc + image: xxxxximage + displayName: My Operator Catalog + publisher: grpc +``` -$ docker push ${INDEX_TO} +Choose a CATALOG_SOURCE_NAME something like "my-operator-manifests" -# only run in dev env -$ oc patch operatorhub.config.openshift.io/cluster -p='{"spec":{"disableAllDefaultSources":true}}' --type=merge -$ oc apply -f - </rhpam-operator-index:7.12.1 + displayName: My Operator Catalog + publisher: grpc +``` + +#### Create catalog source on Openshift + +```bash +oc create -f catalog-source.yaml +``` + +#### Write your Subscription + +A subscription keeps CSVs up to date by tracking a channel in a package. + +```yaml +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: businessautomation-operator + namespace: +spec: + channel: stable + name: businessautomation-operator + source: $CATALOG_SOURCE_NAME + sourceNamespace: openshift-marketplace +``` + +Example of subscription.yaml + +```yaml +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: businessautomation-operator + namespace: my-namespace +spec: + channel: stable + name: businessautomation-operator + source: my-operator-manifests + sourceNamespace: openshift-marketplace +``` + +#### Create your Subscription on Openshift + +You could create the subscription copying the yaml in the the OCP UI or from cli with Openshift Client + +```bash +oc create -f subscription.yaml +``` +On OpenShift go to your project (e.g. my-namespace) to see your subscription and your operator, +this could take a variable time to be visible. + + +#### Cleanup catalog-source + +After your test are completed, to restore the Operator hub and remove your catalog source +delete your catalog source +and run the following command: + +```bash +oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": false}]' ``` -It will take a few minutes for the operator to become visible under the _OperatorHub_ section of the OpenShift console _Catalog_. +It will take a few minutes for the operator to become visible under the _OperatorHub_ section of the OpenShift console _Catalog_. It can be easily found by filtering the provider type to _Custom_. ### Trigger a KieApp deployment -Use the OLM console to subscribe to the `Kie Cloud` Operator Catalog Source within your namespace. Once subscribed, +Use the OLM console to subscribe to the `Kie Cloud` Operator Catalog Source within your namespace. Once subscribed, use the console to `Create KieApp` or create one manually as seen below. ```bash diff --git a/config/7.11.1/dbs/pim/external.yaml b/config/7.11.1/dbs/pim/external.yaml deleted file mode 100644 index 010a9a094..000000000 --- a/config/7.11.1/dbs/pim/external.yaml +++ /dev/null @@ -1,42 +0,0 @@ -## KIE ProcessMigration BEGIN -processMigration: - ## KIE ProcessMigration ConfigMap BEGIN - configMaps: - - metadata: - name: "[[.ApplicationName]]-process-migration" - data: - project-overrides.yml: |- - kieservers: - #[[range $index, $Map := .ProcessMigration.KieServerClients]] - - host: [[.Host]] - username: [[.Username]] - password: [[.Password]] - #[[end]] - thorntail: - datasources: - data-sources: - pimDS: - driver-name: "[[.ProcessMigration.Database.ExternalConfig.Driver]]" - connection-url: "[[.ProcessMigration.Database.ExternalConfig.JdbcURL]]" - user-name: "[[.ProcessMigration.Database.ExternalConfig.Username]]" - password: "[[.ProcessMigration.Database.ExternalConfig.Password]]" - #[[if .ProcessMigration.Database.ExternalConfig.MaxPoolSize]] - max-pool-size: "[[.ProcessMigration.Database.ExternalConfig.MaxPoolSize]]" - #[[end]] - #[[if .ProcessMigration.Database.ExternalConfig.MinPoolSize]] - min-pool-size: "[[.ProcessMigration.Database.ExternalConfig.MinPoolSize]]" - #[[end]] - #[[if .ProcessMigration.Database.ExternalConfig.ConnectionChecker]] - valid-connection-checker-class-name: "[[.ProcessMigration.Database.ExternalConfig.ConnectionChecker]]" - #[[end]] - #[[if .ProcessMigration.Database.ExternalConfig.ExceptionSorter]] - exception-sorter-class-name: "[[.ProcessMigration.Database.ExternalConfig.ExceptionSorter]]" - #[[end]] - #[[if .ProcessMigration.Database.ExternalConfig.BackgroundValidation]] - background-validation: "[[.ProcessMigration.Database.ExternalConfig.BackgroundValidation]]" - #[[end]] - #[[if .ProcessMigration.Database.ExternalConfig.BackgroundValidationMillis]] - background-validation-millis: "[[.ProcessMigration.Database.ExternalConfig.BackgroundValidationMillis]]" - #[[end]] - ## KIE ProcessMigration ConfigMap END -## KIE ProcessMigration END diff --git a/config/7.11.1/dbs/pim/mysql.yaml b/config/7.11.1/dbs/pim/mysql.yaml deleted file mode 100644 index 605757115..000000000 --- a/config/7.11.1/dbs/pim/mysql.yaml +++ /dev/null @@ -1,49 +0,0 @@ -## KIE ProcessMigration BEGIN -processMigration: - ## KIE ProcessMigration Deployment config BEGIN - deploymentConfigs: - - metadata: - name: "[[.ApplicationName]]-process-migration" - spec: - template: - spec: - initContainers: - - command: - [ - "/bin/bash", - "-c", - ">- - replicas=$(oc get dc [[.ApplicationName]]-process-migration-mysql -o=jsonpath='{.status.availableReplicas}'); until '[' $replicas -gt 0 ']'; do echo waiting for [[.ApplicationName]]-process-migration-mysql; replicas=$(oc get dc [[.ApplicationName]]-process-migration-mysql -o=jsonpath='{.status.availableReplicas}'); sleep 2; done;", - ] - image: "[[$.Constants.OseCliImageURL]]" - imagePullPolicy: IfNotPresent - name: "[[.ApplicationName]]-process-migration-mysql-init" - terminationMessagePolicy: FallbackToLogsOnError - containers: - - name: "[[.ApplicationName]]-process-migration" - env: - - name: JBOSS_KIE_EXTRA_CLASSPATH - value: "/opt/rhpam-process-migration/drivers/mariadb-java-client.jar" - ## KIE ProcessMigration Deployment config END - ## KIE ProcessMigration ConfigMap BEGIN - configMaps: - - metadata: - name: "[[.ApplicationName]]-process-migration" - data: - project-overrides.yml: |- - kieservers: - #[[range $index, $Map := .ProcessMigration.KieServerClients]] - - host: [[.Host]] - username: [[.Username]] - password: [[.Password]] - #[[end]] - thorntail: - datasources: - data-sources: - pimDS: - driver-name: mariadb - connection-url: jdbc:mariadb://[[.ApplicationName]]-process-migration-mysql:3306/pimdb?useUnicode=true&useSSL=false&serverTimezone=UTC - user-name: pim - password: "[[$.DBPassword]]" - ## KIE ProcessMigration ConfigMap END -## KIE ProcessMigration END diff --git a/config/7.11.1/dbs/pim/postgresql.yaml b/config/7.11.1/dbs/pim/postgresql.yaml deleted file mode 100644 index dcc8eda51..000000000 --- a/config/7.11.1/dbs/pim/postgresql.yaml +++ /dev/null @@ -1,49 +0,0 @@ -## KIE ProcessMigration BEGIN -processMigration: - ## KIE ProcessMigration Deployment config BEGIN - deploymentConfigs: - - metadata: - name: "[[.ApplicationName]]-process-migration" - spec: - template: - spec: - initContainers: - - command: - [ - "/bin/bash", - "-c", - ">- - replicas=$(oc get dc [[.ApplicationName]]-process-migration-postgresql -o=jsonpath='{.status.availableReplicas}'); until '[' $replicas -gt 0 ']'; do echo waiting for [[.ApplicationName]]-process-migration-postgresql; replicas=$(oc get dc [[.ApplicationName]]-process-migration-postgresql -o=jsonpath='{.status.availableReplicas}'); sleep 2; done;", - ] - image: "[[$.Constants.OseCliImageURL]]" - imagePullPolicy: IfNotPresent - name: "[[.ApplicationName]]-process-migration-postgresql-init" - terminationMessagePolicy: FallbackToLogsOnError - containers: - - name: "[[.ApplicationName]]-process-migration" - env: - - name: JBOSS_KIE_EXTRA_CLASSPATH - value: "/opt/rhpam-process-migration/drivers/postgresql-jdbc.jar" - ## KIE ProcessMigration Deployment config END - ## KIE ProcessMigration ConfigMap BEGIN - configMaps: - - metadata: - name: "[[.ApplicationName]]-process-migration" - data: - project-overrides.yml: |- - kieservers: - #[[range $index, $Map := .ProcessMigration.KieServerClients]] - - host: [[.Host]] - username: [[.Username]] - password: [[.Password]] - #[[end]] - thorntail: - datasources: - data-sources: - pimDS: - driver-name: postgresql - connection-url: jdbc:postgresql://[[.ApplicationName]]-process-migration-postgresql:5432/pimdb - user-name: pim - password: "[[$.DBPassword]]" - ## KIE ProcessMigration ConfigMap END -## KIE ProcessMigration END diff --git a/config/7.11.1/pim/process-migration-trial.yaml b/config/7.11.1/pim/process-migration-trial.yaml deleted file mode 100644 index 2562f6d25..000000000 --- a/config/7.11.1/pim/process-migration-trial.yaml +++ /dev/null @@ -1,17 +0,0 @@ -processMigration: - routes: - - id: "[[.ApplicationName]]-process-migration-http" - metadata: - name: "[[.ApplicationName]]-process-migration-http" - labels: - app: "[[.ApplicationName]]" - application: "[[.ApplicationName]]" - service: "[[.ApplicationName]]-process-migration" - annotations: - description: Route for Process Migration https service. - spec: - to: - kind: Service - name: "[[.ApplicationName]]-process-migration" - port: - targetPort: http diff --git a/config/7.11.1/pim/process-migration.yaml b/config/7.11.1/pim/process-migration.yaml deleted file mode 100644 index 4bfb3f8fc..000000000 --- a/config/7.11.1/pim/process-migration.yaml +++ /dev/null @@ -1,134 +0,0 @@ -## KIE ProcessMigration BEGIN -processMigration: - deploymentConfigs: - - metadata: - name: "[[.ApplicationName]]-process-migration" - labels: - app: "[[$.ApplicationName]]" - application: "[[$.ApplicationName]]" - service: "[[.ApplicationName]]-process-migration" - spec: - replicas: 1 - selector: - deploymentConfig: "[[.ApplicationName]]-process-migration" - strategy: - type: Recreate - triggers: - #[[if not .ProcessMigration.OmitImageStream]] - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - "[[.ApplicationName]]-process-migration" - from: - kind: ImageStreamTag - namespace: openshift - name: "[[.ProcessMigration.Image]]:[[.ProcessMigration.ImageTag]]" - #[[end]] - - type: ConfigChange - template: - metadata: - name: "[[.ApplicationName]]-process-migration" - labels: - app: "[[.ApplicationName]]" - application: "[[.ApplicationName]]" - deploymentConfig: "[[.ApplicationName]]-process-migration" - service: "[[.ApplicationName]]-process-migration" - spec: - serviceAccountName: "[[$.ApplicationName]]-[[$.Constants.Product]]svc" - terminationGracePeriodSeconds: 60 - containers: - - name: "[[.ApplicationName]]-process-migration" - image: "[[.ProcessMigration.ImageURL]]" - imagePullPolicy: Always - resources: - limits: - memory: 512Mi - ports: - - name: http - containerPort: 8080 - protocol: TCP - readinessProbe: - failureThreshold: 36 - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 30 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 180 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 2 - env: - - name: JBOSS_KIE_ADMIN_USER - value: "[[.AdminUser]]" - - name: JBOSS_KIE_ADMIN_PWD - value: "[[.AdminPassword]]" - - name: JBOSS_KIE_EXTRA_CONFIG - value: "/opt/rhpam-process-migration/config/project-overrides.yml" - volumeMounts: - - mountPath: /opt/rhpam-process-migration/config/project-overrides.yml - subPath: project-overrides.yml - name: config - volumes: - - name: config - configMap: - name: "[[.ApplicationName]]-process-migration" - defaultMode: 420 - configMaps: - - metadata: - name: "[[.ApplicationName]]-process-migration" - data: - project-overrides.yml: |- - kieservers: - #[[range $index, $Map := .ProcessMigration.KieServerClients]] - - host: [[.Host]] - username: [[.Username]] - password: [[.Password]] - #[[end]] - services: - - spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - deploymentConfig: "[[.ApplicationName]]-process-migration" - metadata: - name: "[[.ApplicationName]]-process-migration" - labels: - app: "[[$.ApplicationName]]" - application: "[[$.ApplicationName]]" - service: "[[.ApplicationName]]-process-migration" - annotations: - description: Process Migration web server's port. - routes: - - id: "[[.ApplicationName]]-process-migration-https" - metadata: - name: "[[.ApplicationName]]-process-migration" - labels: - app: "[[.ApplicationName]]" - application: "[[.ApplicationName]]" - service: "[[.ApplicationName]]-process-migration" - annotations: - description: Route for Process Migration https service. - spec: - to: - kind: Service - name: "[[.ApplicationName]]-process-migration" - port: - targetPort: http - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge -## KIE ProcessMigration END diff --git a/deploy/crds/kieapp.crd.yaml b/deploy/crds/kieapp.crd.yaml index 8f266dd89..c364d941f 100644 --- a/deploy/crds/kieapp.crd.yaml +++ b/deploy/crds/kieapp.crd.yaml @@ -1628,6 +1628,9 @@ spec: description: KieServerSet KIE Server configuration for a single set, or for multiple sets if deployments is set to >1 properties: + MDBMaxSession: + description: MDBMaxSession number of KIE Executor sessions + type: integer build: description: KieAppBuildObject Data to define how to build an application from source @@ -4498,6 +4501,9 @@ spec: single set, or for multiple sets if deployments is set to >1 properties: + MDBMaxSession: + description: MDBMaxSession number of KIE Executor sessions + type: integer build: description: KieAppBuildObject Data to define how to build an application from source diff --git a/deploy/crs/v2/snippets/prior_version.yaml b/deploy/crs/v2/snippets/prior_version.yaml index c1ba4a783..bea570bcf 100644 --- a/deploy/crs/v2/snippets/prior_version.yaml +++ b/deploy/crs/v2/snippets/prior_version.yaml @@ -8,4 +8,4 @@ metadata: consoleTitle: Prior Product Version name: prior-version spec: - version: 7.11.1 + version: 7.12.0 diff --git a/deploy/olm-catalog/dev/7.12.1-1/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/dev/7.12.1-1/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..51345ce0d --- /dev/null +++ b/deploy/olm-catalog/dev/7.12.1-1/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,428 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "false" + containerImage: quay.io/kiegroup/kie-cloud-operator:7.12.1 + createdAt: "2022-02-22 15:27:55" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.12.1-1-dev-nkpxqmsq8d + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + * **Red Hat Decision Manager** is a platform for developing containerized microservices and applications that automate business decisions. It includes business rules management, complex event processing, and resource optimization technologies. Organizations can incorporate sophisticated decision logic into line-of-business applications and quickly update underlying business rules as market conditions change. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation (DEV) + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_DM_KIESERVER_IMAGE_7.12.1 + value: registry.redhat.io/rhdm-7/rhdm-kieserver-rhel8:7.12.1 + - name: RELATED_IMAGE_DM_CONTROLLER_IMAGE_7.12.1 + value: registry.redhat.io/rhdm-7/rhdm-controller-rhel8:7.12.1 + - name: RELATED_IMAGE_DM_DC_IMAGE_7.12.1 + value: registry.redhat.io/rhdm-7/rhdm-decisioncentral-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.12.1 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.12.1 + value: registry.redhat.io/openshift4/ose-cli:v4.8 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.12.1 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.12.1 + value: registry.redhat.io/rhscl/postgresql-10-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.12.1 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.1 + - name: RELATED_IMAGE_BROKER_IMAGE_7.12.1 + value: registry.redhat.io/amq7/amq-broker:7.8 + - name: RELATED_IMAGE_DM_KIESERVER_IMAGE_7.12.0 + value: registry.redhat.io/rhdm-7/rhdm-kieserver-rhel8:7.12.0 + - name: RELATED_IMAGE_DM_CONTROLLER_IMAGE_7.12.0 + value: registry.redhat.io/rhdm-7/rhdm-controller-rhel8:7.12.0 + - name: RELATED_IMAGE_DM_DC_IMAGE_7.12.0 + value: registry.redhat.io/rhdm-7/rhdm-decisioncentral-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.12.0 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.12.0 + value: registry.redhat.io/openshift4/ose-cli:v4.8 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.12.0 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.12.0 + value: registry.redhat.io/rhscl/postgresql-10-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.12.0 + value: registry.redhat.io/jboss-datagrid-7/datagrid73-openshift:1.6 + - name: RELATED_IMAGE_BROKER_IMAGE_7.12.0 + value: registry.redhat.io/amq7/amq-broker:7.8 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.8 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.8 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.7 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.7 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.6 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.6 + image: quay.io/kiegroup/kie-cloud-operator:7.12.1 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.12.1-1-dev-nkpxqmsq8d + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.12/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: dev + provider: + name: Red Hat + replaces: businessautomation-operator.7.12.0-2 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.12.1-1-dev-nkpxqmsq8d + version: 7.12.1-1+nkpxqmsq8d diff --git a/deploy/olm-catalog/dev/7.12.1-1/manifests/kieapp.crd.yaml b/deploy/olm-catalog/dev/7.12.1-1/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..c364d941f --- /dev/null +++ b/deploy/olm-catalog/dev/7.12.1-1/manifests/kieapp.crd.yaml @@ -0,0 +1,5851 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: DAP search filter used to locate the context + of the user to authenticate. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. A common example + for the search filter is (uid={0}). + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + MDBMaxSession: + description: MDBMaxSession number of KIE Executor sessions + type: integer + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.5.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + name: + description: Server name + type: string + persistRepos: + description: PersistRepos enables persistent volumes for + KIE Server's kie and maven repositories + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: DAP search filter used to locate the context + of the user to authenticate. The input username or userDN + obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A + common example for the search filter is (uid={0}). + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + MDBMaxSession: + description: MDBMaxSession number of KIE Executor sessions + type: integer + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.5.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + name: + description: Server name + type: string + persistRepos: + description: PersistRepos enables persistent volumes + for KIE Server's kie and maven repositories + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/dev/7.12.1-1/metadata/annotations.yaml b/deploy/olm-catalog/dev/7.12.1-1/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/dev/7.12.1-1/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/prod/7.12.1-1/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/prod/7.12.1-1/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..4fde5d009 --- /dev/null +++ b/deploy/olm-catalog/prod/7.12.1-1/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,428 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.12.1 + createdAt: "2022-02-22 15:27:55" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.12.1-1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + * **Red Hat Decision Manager** is a platform for developing containerized microservices and applications that automate business decisions. It includes business rules management, complex event processing, and resource optimization technologies. Organizations can incorporate sophisticated decision logic into line-of-business applications and quickly update underlying business rules as market conditions change. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_DM_KIESERVER_IMAGE_7.12.1 + value: registry.stage.redhat.io/rhdm-7/rhdm-kieserver-rhel8:7.12.1 + - name: RELATED_IMAGE_DM_CONTROLLER_IMAGE_7.12.1 + value: registry.stage.redhat.io/rhdm-7/rhdm-controller-rhel8:7.12.1 + - name: RELATED_IMAGE_DM_DC_IMAGE_7.12.1 + value: registry.stage.redhat.io/rhdm-7/rhdm-decisioncentral-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.12.1 + value: registry.stage.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.12.1 + value: registry.stage.redhat.io/rhpam-7/rhpam-controller-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.12.1 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.12.1 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.12.1 + value: registry.stage.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.12.1 + value: registry.stage.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.12.1 + value: registry.stage.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.12.1 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.12.1 + value: registry.redhat.io/openshift4/ose-cli:v4.8 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.12.1 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.12.1 + value: registry.redhat.io/rhscl/postgresql-10-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.12.1 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.1 + - name: RELATED_IMAGE_BROKER_IMAGE_7.12.1 + value: registry.redhat.io/amq7/amq-broker:7.8 + - name: RELATED_IMAGE_DM_KIESERVER_IMAGE_7.12.0 + value: registry.redhat.io/rhdm-7/rhdm-kieserver-rhel8:7.12.0 + - name: RELATED_IMAGE_DM_CONTROLLER_IMAGE_7.12.0 + value: registry.redhat.io/rhdm-7/rhdm-controller-rhel8:7.12.0 + - name: RELATED_IMAGE_DM_DC_IMAGE_7.12.0 + value: registry.redhat.io/rhdm-7/rhdm-decisioncentral-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.12.0 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.12.0 + value: registry.redhat.io/openshift4/ose-cli:v4.8 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.12.0 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.12.0 + value: registry.redhat.io/rhscl/postgresql-10-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.12.0 + value: registry.redhat.io/jboss-datagrid-7/datagrid73-openshift:1.6 + - name: RELATED_IMAGE_BROKER_IMAGE_7.12.0 + value: registry.redhat.io/amq7/amq-broker:7.8 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.8 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.8 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.7 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.7 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.6 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.6 + image: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.12.1 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.12.1-1 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.12/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: stable + provider: + name: Red Hat + replaces: businessautomation-operator.7.12.0-2 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.12.1-1 + version: 7.12.1-1 diff --git a/deploy/olm-catalog/prod/7.12.1-1/manifests/kieapp.crd.yaml b/deploy/olm-catalog/prod/7.12.1-1/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..c364d941f --- /dev/null +++ b/deploy/olm-catalog/prod/7.12.1-1/manifests/kieapp.crd.yaml @@ -0,0 +1,5851 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: DAP search filter used to locate the context + of the user to authenticate. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. A common example + for the search filter is (uid={0}). + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + MDBMaxSession: + description: MDBMaxSession number of KIE Executor sessions + type: integer + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.5.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + name: + description: Server name + type: string + persistRepos: + description: PersistRepos enables persistent volumes for + KIE Server's kie and maven repositories + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: DAP search filter used to locate the context + of the user to authenticate. The input username or userDN + obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A + common example for the search filter is (uid={0}). + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + MDBMaxSession: + description: MDBMaxSession number of KIE Executor sessions + type: integer + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.5.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + name: + description: Server name + type: string + persistRepos: + description: PersistRepos enables persistent volumes + for KIE Server's kie and maven repositories + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/prod/7.12.1-1/metadata/annotations.yaml b/deploy/olm-catalog/prod/7.12.1-1/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/prod/7.12.1-1/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/test/7.12.1-1/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/test/7.12.1-1/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..aeb665a22 --- /dev/null +++ b/deploy/olm-catalog/test/7.12.1-1/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,428 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.12.1 + createdAt: "2022-02-22 15:27:55" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.12.1-1-dev-k67z8w2psc + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + * **Red Hat Decision Manager** is a platform for developing containerized microservices and applications that automate business decisions. It includes business rules management, complex event processing, and resource optimization technologies. Organizations can incorporate sophisticated decision logic into line-of-business applications and quickly update underlying business rules as market conditions change. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_DM_KIESERVER_IMAGE_7.12.1 + value: registry-proxy.engineering.redhat.com/rhdm-7/rhdm-kieserver-rhel8:7.12.1 + - name: RELATED_IMAGE_DM_CONTROLLER_IMAGE_7.12.1 + value: registry-proxy.engineering.redhat.com/rhdm-7/rhdm-controller-rhel8:7.12.1 + - name: RELATED_IMAGE_DM_DC_IMAGE_7.12.1 + value: registry-proxy.engineering.redhat.com/rhdm-7/rhdm-decisioncentral-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.12.1 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-kieserver-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.12.1 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-controller-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.12.1 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.12.1 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.12.1 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-smartrouter-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.12.1 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-process-migration-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.12.1 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-dashbuilder-rhel8:7.12.1 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.12.1 + value: registry.redhat.io/openshift4/ose-cli:v4.8 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.12.1 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.12.1 + value: registry.redhat.io/rhscl/postgresql-10-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.12.1 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.1 + - name: RELATED_IMAGE_BROKER_IMAGE_7.12.1 + value: registry.redhat.io/amq7/amq-broker:7.8 + - name: RELATED_IMAGE_DM_KIESERVER_IMAGE_7.12.0 + value: registry.redhat.io/rhdm-7/rhdm-kieserver-rhel8:7.12.0 + - name: RELATED_IMAGE_DM_CONTROLLER_IMAGE_7.12.0 + value: registry.redhat.io/rhdm-7/rhdm-controller-rhel8:7.12.0 + - name: RELATED_IMAGE_DM_DC_IMAGE_7.12.0 + value: registry.redhat.io/rhdm-7/rhdm-decisioncentral-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.12.0 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.12.0 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.12.0 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.12.0 + value: registry.redhat.io/openshift4/ose-cli:v4.8 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.12.0 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.12.0 + value: registry.redhat.io/rhscl/postgresql-10-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.12.0 + value: registry.redhat.io/jboss-datagrid-7/datagrid73-openshift:1.6 + - name: RELATED_IMAGE_BROKER_IMAGE_7.12.0 + value: registry.redhat.io/amq7/amq-broker:7.8 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.8 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.8 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.7 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.7 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.6 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.6 + image: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.12.1 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.12.1-1-dev-k67z8w2psc + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.12/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: test + provider: + name: Red Hat + replaces: businessautomation-operator.7.12.0-2 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.12.1-1-dev-k67z8w2psc + version: 7.12.1-1+k67z8w2psc diff --git a/deploy/olm-catalog/test/7.12.1-1/manifests/kieapp.crd.yaml b/deploy/olm-catalog/test/7.12.1-1/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..c364d941f --- /dev/null +++ b/deploy/olm-catalog/test/7.12.1-1/manifests/kieapp.crd.yaml @@ -0,0 +1,5851 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: DAP search filter used to locate the context + of the user to authenticate. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. A common example + for the search filter is (uid={0}). + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + MDBMaxSession: + description: MDBMaxSession number of KIE Executor sessions + type: integer + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.5.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + name: + description: Server name + type: string + persistRepos: + description: PersistRepos enables persistent volumes for + KIE Server's kie and maven repositories + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: DAP search filter used to locate the context + of the user to authenticate. The input username or userDN + obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A + common example for the search filter is (uid={0}). + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + MDBMaxSession: + description: MDBMaxSession number of KIE Executor sessions + type: integer + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.5.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + name: + description: Server name + type: string + persistRepos: + description: PersistRepos enables persistent volumes + for KIE Server's kie and maven repositories + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/test/7.12.1-1/metadata/annotations.yaml b/deploy/olm-catalog/test/7.12.1-1/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/test/7.12.1-1/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 2e84a1b1d..415f3dda7 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -37,6 +37,36 @@ spec: value: "true" - name: DEBUG value: "false" + - name: RELATED_IMAGE_DM_KIESERVER_IMAGE_7.12.1 + value: registry.redhat.io/rhdm-7/rhdm-kieserver-rhel8:7.12.1 + - name: RELATED_IMAGE_DM_CONTROLLER_IMAGE_7.12.1 + value: registry.redhat.io/rhdm-7/rhdm-controller-rhel8:7.12.1 + - name: RELATED_IMAGE_DM_DC_IMAGE_7.12.1 + value: registry.redhat.io/rhdm-7/rhdm-decisioncentral-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.12.1 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.12.1 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.12.1 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.12.1 + value: registry.redhat.io/openshift4/ose-cli:v4.8 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.12.1 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.12.1 + value: registry.redhat.io/rhscl/postgresql-10-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.12.1 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.1 + - name: RELATED_IMAGE_BROKER_IMAGE_7.12.1 + value: registry.redhat.io/amq7/amq-broker:7.8 - name: RELATED_IMAGE_DM_KIESERVER_IMAGE_7.12.0 value: registry.redhat.io/rhdm-7/rhdm-kieserver-rhel8:7.12.0 - name: RELATED_IMAGE_DM_CONTROLLER_IMAGE_7.12.0 @@ -64,38 +94,8 @@ spec: - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.12.0 value: registry.redhat.io/rhscl/postgresql-10-rhel7:latest - name: RELATED_IMAGE_DATAGRID_IMAGE_7.12.0 - value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.1 - - name: RELATED_IMAGE_BROKER_IMAGE_7.12.0 - value: registry.redhat.io/amq7/amq-broker:7.8 - - name: RELATED_IMAGE_DM_KIESERVER_IMAGE_7.11.1 - value: registry.redhat.io/rhdm-7/rhdm-kieserver-rhel8:7.11.1 - - name: RELATED_IMAGE_DM_CONTROLLER_IMAGE_7.11.1 - value: registry.redhat.io/rhdm-7/rhdm-controller-rhel8:7.11.1 - - name: RELATED_IMAGE_DM_DC_IMAGE_7.11.1 - value: registry.redhat.io/rhdm-7/rhdm-decisioncentral-rhel8:7.11.1 - - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.11.1 - value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.11.1 - - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.11.1 - value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.11.1 - - name: RELATED_IMAGE_PAM_BC_IMAGE_7.11.1 - value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.11.1 - - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.11.1 - value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.11.1 - - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.11.1 - value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.11.1 - - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.11.1 - value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.11.1 - - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.11.1 - value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.11.1 - - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.11.1 - value: registry.redhat.io/openshift4/ose-cli:v4.8 - - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.11.1 - value: registry.redhat.io/rhscl/mysql-80-rhel7:latest - - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.11.1 - value: registry.redhat.io/rhscl/postgresql-10-rhel7:latest - - name: RELATED_IMAGE_DATAGRID_IMAGE_7.11.1 value: registry.redhat.io/jboss-datagrid-7/datagrid73-openshift:1.6 - - name: RELATED_IMAGE_BROKER_IMAGE_7.11.1 + - name: RELATED_IMAGE_BROKER_IMAGE_7.12.0 value: registry.redhat.io/amq7/amq-broker:7.8 - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST value: registry.redhat.io/openshift4/ose-oauth-proxy:latest @@ -105,8 +105,8 @@ spec: value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.7 - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.6 value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.6 - image: quay.io/kiegroup/kie-cloud-operator:7.12.0 + image: quay.io/kiegroup/kie-cloud-operator:7.12.1 imagePullPolicy: Always name: business-automation-operator resources: {} - serviceAccountName: business-automation-operator + serviceAccountName: business-automation-operator \ No newline at end of file diff --git a/deploy/ui/form.json b/deploy/ui/form.json index 0fd0d0a7c..a9d318baa 100644 --- a/deploy/ui/form.json +++ b/deploy/ui/form.json @@ -557,10 +557,11 @@ "description": "The size of the Business Central's Persistent Volume. Examples: 1Gi, 512Mi." }, { - "label": "Custom hostname to be used on the Business Central external Route.", + "label": "Custom hostname", "required": false, "jsonPath": "$.spec.objects.console.routeHostname", - "type": "text" + "type": "text", + "description": "Custom hostname to be used on the Business Central external Route." }, { "label": "GitHooks", @@ -1497,7 +1498,7 @@ "required": false, "jsonPath": "$.spec.objects.servers[*].persistRepos", "originalJsonPath": "$.spec.objects.servers[*].persistRepos", - "description": "Persist the Maven and KIE repositories on ~/.m2/repository and ~/.kie/repository respectively.", + "description": "Persist the Maven and KIE repositories on ~/.m2/repository and ~/.kie/repository respectively. The option persistRepos will be automatically set to false when the Trial environment is set.", "fields": [ { "label": "Enable Persistent Storage for kie and maven repositories", @@ -1719,6 +1720,23 @@ } ] }, + { + "label": "Configure KieExecutorMDB threads", + "type": "object", + "max": 1, + "jsonPath": "$.spec.objects.servers[*].MDBMaxSession", + "visible": true, + "fields": [ + { + "label": "Max Number of Session", + "type": "integer", + "required": false, + "jsonPath": "$.spec.objects.servers[*].MDBMaxSession", + "originalJsonPath": "$.spec.objects.servers[*].MDBMaxSession", + "description": "Number of max session used by the JMS Executor." + } + ] + }, { "label": "Enable JVM configuration", "type": "checkbox", diff --git a/hack/go-build-bundle.sh b/hack/go-build-bundle.sh index 68963e3b9..65e210fac 100755 --- a/hack/go-build-bundle.sh +++ b/hack/go-build-bundle.sh @@ -6,6 +6,10 @@ echo echo Building operator bundle image: echo +if [[ -z "${USERNAME}" ]]; then + read -p "Enter your username [Quay account]: " USERNAME +fi + BUNDLE=rhpam-operator-bundle BUNDLE_NAME=rhpam-7/${BUNDLE} VERSION=$(go run getversion.go) diff --git a/hack/go-configs.sh b/hack/go-configs.sh index 6ff6e515b..d582d93ae 100755 --- a/hack/go-configs.sh +++ b/hack/go-configs.sh @@ -15,9 +15,9 @@ fi git remote add origin ${REPO_LINK} git fetch origin ${BASE_SHA} VERSION=$(go run getversion.go) -RESULT=$(git diff --name-only ${BASE_SHA} | grep "^config/" | grep -v "^config/${VERSION}") +RESULT=$(git diff --name-only ${BASE_SHA} | grep "^rhpam-config/" | grep -v "^rhpam-config/${VERSION}") if [[ ${RESULT} ]]; then - echo "Detected changes to an older version's config file(s). Current version changes are only allowed in config/${VERSION}." + echo "Detected changes to an older version's config file(s). Current version changes are only allowed in rhpam-config/${VERSION}." echo "Undo changes to the following files -" echo "${RESULT}" exit 1 diff --git a/pkg/apis/app/v2/kieapp_types.go b/pkg/apis/app/v2/kieapp_types.go index cf392699e..d0fa80730 100644 --- a/pkg/apis/app/v2/kieapp_types.go +++ b/pkg/apis/app/v2/kieapp_types.go @@ -151,6 +151,8 @@ type KieServerSet struct { Kafka *KafkaExtObject `json:"kafka,omitempty"` KafkaJbpmEventEmitters *KafkaJBPMEventEmittersObject `json:"kafkaJbpmEventEmitters,omitempty"` Cors *CORSFiltersObject `json:"cors,omitempty"` + // MDBMaxSession number of KIE Executor sessions + MDBMaxSession *int `json:"MDBMaxSession,omitempty"` } // ConsoleObject configuration of the RHPAM workbench @@ -766,6 +768,8 @@ type ServerTemplate struct { KafkaJbpmEventEmitters *KafkaJBPMEventEmittersObject `json:"kafkaJbpmEventEmitters,omitempty"` Cors *CORSFiltersObject `json:"cors,omitempty"` StartupStrategy *StartupStrategy `json:"startupStrategy,omitempty"` + // MDBMaxSession number of KIE Executor sessions + MDBMaxSession *int `json:"MDBMaxSession,omitempty"` } // DashbuilderTemplate contains all the variables used in the yaml templates diff --git a/pkg/apis/app/v2/zz_generated.deepcopy.go b/pkg/apis/app/v2/zz_generated.deepcopy.go index 37ecb4b91..9e77697a9 100644 --- a/pkg/apis/app/v2/zz_generated.deepcopy.go +++ b/pkg/apis/app/v2/zz_generated.deepcopy.go @@ -1279,6 +1279,11 @@ func (in *KieServerSet) DeepCopyInto(out *KieServerSet) { *out = new(CORSFiltersObject) (*in).DeepCopyInto(*out) } + if in.MDBMaxSession != nil { + in, out := &in.MDBMaxSession, &out.MDBMaxSession + *out = new(int) + **out = **in + } return } @@ -1546,6 +1551,11 @@ func (in *ServerTemplate) DeepCopyInto(out *ServerTemplate) { *out = new(StartupStrategy) (*in).DeepCopyInto(*out) } + if in.MDBMaxSession != nil { + in, out := &in.MDBMaxSession, &out.MDBMaxSession + *out = new(int) + **out = **in + } return } diff --git a/pkg/controller/kieapp/constants/constants.go b/pkg/controller/kieapp/constants/constants.go index 5c17ba9ff..dab6cb06e 100644 --- a/pkg/controller/kieapp/constants/constants.go +++ b/pkg/controller/kieapp/constants/constants.go @@ -12,9 +12,9 @@ var Ocp4Versions = []string{"4.8", "4.7", "4.6"} const ( // CurrentVersion product version supported - CurrentVersion = "7.12.0" + CurrentVersion = "7.12.1" // PriorVersion product version supported - PriorVersion = "7.11.1" + PriorVersion = "7.12.0" ) // SupportedVersions - product versions this operator supports @@ -244,13 +244,13 @@ const ( RhelVersion = "-rhel8" //Resources Limits and Requests - ConsoleProdCPULimit = "1" + ConsoleProdCPULimit = "2" ConsoleProdMemLimit = "2Gi" ConsoleAuthoringCPULimit = "2" ConsoleAuthoringMemLimit = "4Gi" ConsoleAuthoringCPURequests = "1500m" ConsoleAuthoringMemRequests = "3Gi" - ConsoleProdCPURequests = "500m" + ConsoleProdCPURequests = "1500m" ConsoleProdMemRequests = "1536Mi" ConsolePvSize = "1Gi" ConsoleProdPvSize = "64Mi" @@ -261,7 +261,7 @@ const ( ServersCPULimit = "1" ServersMemLimit = "2Gi" ServersCPURequests = "750m" - ServersMemRequests = "1Gi" + ServersMemRequests = "1536Mi" ServersM2PvSize = "1Gi" ServersKiePvSize = "10Mi" SmartRouterCPULimit = "500m" diff --git a/pkg/controller/kieapp/defaults/defaults.go b/pkg/controller/kieapp/defaults/defaults.go index ae7686022..b8705569f 100644 --- a/pkg/controller/kieapp/defaults/defaults.go +++ b/pkg/controller/kieapp/defaults/defaults.go @@ -771,6 +771,7 @@ func getServersConfig(cr *api.KieApp) ([]api.ServerTemplate, error) { ServersM2PvSize: serverSet.ServersM2PvSize, ServersKiePvSize: serverSet.ServersKiePvSize, StartupStrategy: cr.Status.Applied.CommonConfig.StartupStrategy, + MDBMaxSession: serverSet.MDBMaxSession, } if cr.Status.Applied.Objects.Console == nil || cr.Status.Applied.Environment == api.RhdmProductionImmutable { @@ -807,6 +808,7 @@ func getServersConfig(cr *api.KieApp) ([]api.ServerTemplate, error) { // Apply PV default size if isTrial(cr) { template.PersistRepos = false + serverSet.PersistRepos = false } else { if len(template.ServersM2PvSize) <= 0 { template.ServersM2PvSize = constants.ServersM2PvSize @@ -861,6 +863,11 @@ func getServersConfig(cr *api.KieApp) ([]api.ServerTemplate, error) { template.Cors = serverSet.Cors } + // KieExecutorMDB + if serverSet.MDBMaxSession != nil { + template.MDBMaxSession = serverSet.MDBMaxSession + } + if cr.Status.Applied.CommonConfig.StartupStrategy.StrategyName != "" { template.StartupStrategy.StrategyName = cr.Status.Applied.CommonConfig.StartupStrategy.StrategyName } else { @@ -1028,6 +1035,10 @@ func getBuildConfig(product string, cr *api.KieApp, serverSet *api.KieServerSet) func getDefaultKieServerImage(product string, cr *api.KieApp, serverSet *api.KieServerSet, forBuild bool) (from api.ImageObjRef, omitImageTrigger bool, imageURL string) { if serverSet.From != nil { + if serverSet.From.Kind == "DockerImage" { + omitImageTrigger = true + imageURL = serverSet.From.Name + } return *serverSet.From, omitImageTrigger, imageURL } envVar := constants.PamKieImageVar + cr.Status.Applied.Version @@ -1209,7 +1220,7 @@ func loadYaml(service kubernetes.PlatformService, filename, productVersion, name // prepend specified product version dir to filepath filename = strings.Join([]string{productVersion, filename}, "/") if _, _, useEmbedded := UseEmbeddedFiles(service); useEmbedded { - box := packr.New("config", "../../../../config") + box := packr.New("rhpam-config", "../../../../rhpam-config") if !box.HasDir(productVersion) { return nil, fmt.Errorf("Product version %s configs are not available in this Operator, %s", productVersion, version.Version) } @@ -1284,7 +1295,7 @@ func getCMListfromBox(box *packr.Box) map[string][]map[string]string { // ConfigMapsFromFile reads the files under the config folder and creates // configmaps in the given namespace. It sets OwnerRef to operator deployment. func ConfigMapsFromFile(myDep *appsv1.Deployment, ns string, scheme *runtime.Scheme) (configMaps []corev1.ConfigMap) { - box := packr.New("config", "../../../../config") + box := packr.New("rhpam-config", "../../../../rhpam-config") cmList := getCMListfromBox(box) for cmName, dataSlice := range cmList { cmData := map[string]string{} diff --git a/pkg/controller/kieapp/defaults/defaults_test.go b/pkg/controller/kieapp/defaults/defaults_test.go index 895a8f8e8..f27a9eafd 100644 --- a/pkg/controller/kieapp/defaults/defaults_test.go +++ b/pkg/controller/kieapp/defaults/defaults_test.go @@ -764,6 +764,7 @@ func TestRhpamTrialWithReposPersistedWithStorageClass(t *testing.T) { // there shouldn't be any pvc on trial env assert.Len(t, env.Servers[0].PersistentVolumeClaims, 0) + assert.Equal(t, false, cr.Status.Applied.Objects.Servers[0].PersistRepos) } func runCommonAssertsForKieServerPersistentStorageVolumeMounts(t *testing.T, cr api.KieApp, env api.Environment) { @@ -3293,6 +3294,14 @@ func TestSetKieServerFrom(t *testing.T) { }, }, }, + { + From: &api.ImageObjRef{ + Kind: "DockerImage", + ObjectReference: api.ObjectReference{ + Name: "quay.io/custom/image:1.0", + }, + }, + }, }, }, }, @@ -3303,6 +3312,10 @@ func TestSetKieServerFrom(t *testing.T) { assert.Equal(t, "", env.Servers[0].DeploymentConfigs[0].Spec.Triggers[0].ImageChangeParams.From.Namespace) assert.Equal(t, byeRules, env.Servers[1].DeploymentConfigs[0].Spec.Triggers[0].ImageChangeParams.From.Name) assert.Equal(t, "", env.Servers[1].DeploymentConfigs[0].Spec.Triggers[0].ImageChangeParams.From.Namespace) + + assert.Equal(t, (*appsv1.DeploymentTriggerImageChangeParams)(nil), env.Servers[2].DeploymentConfigs[0].Spec.Triggers[0].ImageChangeParams) + assert.Equal(t, "quay.io/custom/image:1.0", env.Servers[2].DeploymentConfigs[0].Spec.Template.Spec.Containers[0].Image) + } func TestSetKieServerFromBuild(t *testing.T) { @@ -3408,7 +3421,7 @@ func TestMultipleBuildConfigurations(t *testing.T) { }, { Build: &api.KieAppBuildObject{ - KieServerContainerDeployment: "rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.5.0-SNAPSHOT", + KieServerContainerDeployment: "rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT", GitSource: api.GitSource{ URI: "http://git.example.com", Reference: "anotherbranch", @@ -3422,6 +3435,23 @@ func TestMultipleBuildConfigurations(t *testing.T) { }, }, }, + { + Build: &api.KieAppBuildObject{ + KieServerContainerDeployment: "rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.7.0-SNAPSHOT", + GitSource: api.GitSource{ + URI: "http://git.example.com", + Reference: "anotherbranch", + ContextDir: "test", + }, + From: &api.ImageObjRef{ + Kind: "DockerImage", + ObjectReference: api.ObjectReference{ + Name: "quay.io/test/custom:1.0", + Namespace: "", + }, + }, + }, + }, }, }, }, @@ -3432,7 +3462,7 @@ func TestMultipleBuildConfigurations(t *testing.T) { env, err := GetEnvironment(cr, test.MockService()) assert.Nil(t, err, "Error getting prod environment") - assert.Len(t, env.Servers, 2, "Expect two KIE Servers to be created based on provided build configs") + assert.Len(t, env.Servers, 3, "Expect two KIE Servers to be created based on provided build configs") assert.Equal(t, "somebranch", env.Servers[0].BuildConfigs[0].Spec.Source.Git.Ref) assert.Equal(t, "anotherbranch", env.Servers[1].BuildConfigs[0].Spec.Source.Git.Ref) @@ -3446,6 +3476,10 @@ func TestMultipleBuildConfigurations(t *testing.T) { assert.Equal(t, "openshift", env.Servers[1].BuildConfigs[0].Spec.Strategy.SourceStrategy.From.Namespace) assert.Len(t, env.Servers[1].ImageStreams, 1) assert.Equal(t, cr.Status.Applied.Objects.Servers[1].Name+latestTag, env.Servers[1].DeploymentConfigs[0].Spec.Triggers[0].ImageChangeParams.From.Name) + + assert.Equal(t, "DockerImage", env.Servers[2].BuildConfigs[0].Spec.Strategy.SourceStrategy.From.Kind) + assert.Equal(t, "quay.io/test/custom:1.0", env.Servers[2].BuildConfigs[0].Spec.Strategy.SourceStrategy.From.Name) + os.Clearenv() } @@ -5998,10 +6032,14 @@ func TestResourcesDefault(t *testing.T) { }, } GetEnvironment(cr, test.MockService()) - testReqAndLimit(t, cr, constants.ServersCPULimit, constants.ServersCPURequests, + testCPUReqAndLimit(t, cr, constants.ServersCPULimit, constants.ServersCPURequests, constants.ConsoleProdCPULimit, constants.ConsoleProdCPURequests, constants.SmartRouterLimits["CPU"], constants.SmartRouterRequests["CPU"], constants.ProcessMigrationLimits["CPU"], constants.ProcessMigrationRequests["CPU"]) + testMemoryReqAndLimit(t, cr, constants.ServersMemLimit, constants.ServersMemRequests, + constants.ConsoleProdMemLimit, constants.ConsoleProdMemRequests, + constants.SmartRouterLimits["MEM"], constants.SmartRouterRequests["MEM"], + constants.ProcessMigrationLimits["MEM"], constants.ProcessMigrationRequests["MEM"]) } func TestResourcesOverrideServers(t *testing.T) { @@ -6040,13 +6078,17 @@ func TestResourcesOverrideServers(t *testing.T) { }, } GetEnvironment(cr, test.MockService()) - testReqAndLimit(t, cr, sampleLimitAndRequestsResources.Limits.Cpu().String(), sampleLimitAndRequestsResources.Requests.Cpu().String(), + testCPUReqAndLimit(t, cr, sampleLimitAndRequestsResources.Limits.Cpu().String(), sampleLimitAndRequestsResources.Requests.Cpu().String(), sampleLimitAndRequestsResources.Limits.Cpu().String(), sampleLimitAndRequestsResources.Requests.Cpu().String(), sampleLimitAndRequestsResources.Limits.Cpu().String(), sampleLimitAndRequestsResources.Requests.Cpu().String(), - sampleLimitAndRequestsResources.Limits.Cpu().String(), sampleLimitAndRequestsResources.Requests.Cpu().String()) //Since Memory request is not set, default will be used + sampleLimitAndRequestsResources.Limits.Cpu().String(), sampleLimitAndRequestsResources.Requests.Cpu().String()) + testMemoryReqAndLimit(t, cr, sampleLimitAndRequestsResources.Limits.Memory().String(), sampleLimitAndRequestsResources.Requests.Memory().String(), + sampleLimitAndRequestsResources.Limits.Memory().String(), sampleLimitAndRequestsResources.Requests.Memory().String(), + sampleLimitAndRequestsResources.Limits.Memory().String(), sampleLimitAndRequestsResources.Requests.Memory().String(), + sampleLimitAndRequestsResources.Limits.Memory().String(), sampleLimitAndRequestsResources.Requests.Memory().String()) } -func testReqAndLimit(t *testing.T, cr *api.KieApp, lCPUServer string, rCPUServer string, lCPUConsole string, rCPUConsole string, lCPUSmartRouter string, rCPUSmartRouter string, lCPUProcessMigration, rCPUProcessMigration string) { +func testCPUReqAndLimit(t *testing.T, cr *api.KieApp, lCPUServer string, rCPUServer string, lCPUConsole string, rCPUConsole string, lCPUSmartRouter string, rCPUSmartRouter string, lCPUProcessMigration string, rCPUProcessMigration string) { assert.NotNil(t, cr.Status.Applied) assert.NotNil(t, cr.Status.Applied.Objects.Servers[0].Resources) @@ -6079,12 +6121,46 @@ func testReqAndLimit(t *testing.T, cr *api.KieApp, lCPUServer string, rCPUServer assert.True(t, requestsCPUProcessMigration.String() == rCPUProcessMigration) } +func testMemoryReqAndLimit(t *testing.T, cr *api.KieApp, lMEMServers string, rMEMServers string, lMEMConsole string, rMEMConsole string, lMEMSmartRouter string, rMEMSmartRouter string, lMEMProcessMigration string, rMEMProcessMigration string) { + assert.NotNil(t, cr.Status.Applied) + assert.NotNil(t, cr.Status.Applied.Objects.Servers[0].Resources) + assert.NotNil(t, cr.Status.Applied.Objects.Console.Resources) + assert.NotNil(t, cr.Status.Applied.Objects.SmartRouter.Resources) + assert.NotNil(t, cr.Status.Applied.Objects.ProcessMigration.Resources) + + limitMEMServer := cr.Status.Applied.Objects.Servers[0].Resources.Limits[corev1.ResourceMemory] + assert.True(t, limitMEMServer.String() == lMEMServers) + + requestsMEMServer := cr.Status.Applied.Objects.Servers[0].Resources.Requests[corev1.ResourceMemory] + assert.True(t, requestsMEMServer.String() == rMEMServers) + + limitMEMConsole := cr.Status.Applied.Objects.Console.KieAppObject.Resources.Limits[corev1.ResourceMemory] + assert.True(t, limitMEMConsole.String() == lMEMConsole) + + requestsMEMConsole := cr.Status.Applied.Objects.Console.Resources.Requests[corev1.ResourceMemory] + assert.True(t, requestsMEMConsole.String() == rMEMConsole) + + limitMEMSmartRouter := cr.Status.Applied.Objects.SmartRouter.KieAppObject.Resources.Limits[corev1.ResourceMemory] + assert.True(t, limitMEMSmartRouter.String() == lMEMSmartRouter) + + requestsMEMSmartRouter := cr.Status.Applied.Objects.SmartRouter.Resources.Requests[corev1.ResourceMemory] + assert.True(t, requestsMEMSmartRouter.String() == rMEMSmartRouter) + + limitMEMProcessMigration := cr.Status.Applied.Objects.ProcessMigration.KieAppObject.Resources.Limits[corev1.ResourceMemory] + assert.True(t, limitMEMProcessMigration.String() == lMEMProcessMigration) + + requestsMEMProcessMigration := cr.Status.Applied.Objects.ProcessMigration.Resources.Requests[corev1.ResourceMemory] + assert.True(t, requestsMEMProcessMigration.String() == rMEMProcessMigration) +} + var sampleLimitAndRequestsResources = &corev1.ResourceRequirements{ Limits: corev1.ResourceList{ - corev1.ResourceCPU: *resource.NewQuantity(200, "m"), + corev1.ResourceCPU: *resource.NewQuantity(200, "m"), + corev1.ResourceMemory: *resource.NewQuantity(256, "Mi"), }, Requests: corev1.ResourceList{ - corev1.ResourceCPU: *resource.NewQuantity(100, "m"), + corev1.ResourceCPU: *resource.NewQuantity(100, "m"), + corev1.ResourceMemory: *resource.NewQuantity(102, "Mi"), }, } @@ -7184,6 +7260,60 @@ func assertRouteHostnameEmpty(t *testing.T, env api.Environment) { assert.Empty(t, env.Dashbuilder.Routes[0].Spec.Host) } +func TestKieExecutorMDB(t *testing.T) { + cr := &api.KieApp{ + ObjectMeta: metav1.ObjectMeta{Name: "testKieExecutorMDB"}, + Spec: api.KieAppSpec{ + Environment: api.RhpamProductionImmutable, + Objects: api.KieAppObjects{ + Servers: []api.KieServerSet{ + {MDBMaxSession: Pint(40)}, + }, + }, + }, + } + + env, err := GetEnvironment(cr, test.MockService()) + assert.Nil(t, err, "Error getting TestKieExecutorMDB environment") + + assert.NotNil(t, cr.Status.Applied.Objects.Servers[0].MDBMaxSession) + mdbMaxSessionPassed := false + for _, env := range env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0].Env { + if strings.HasPrefix(env.Name, "JBOSS_MDB") { + if env.Name != "JBOSS_MDB_MAX_SESSION" && env.Value == "40" { + mdbMaxSessionPassed = true + } + } + } + assert.True(t, mdbMaxSessionPassed) +} + +func TestKieExecutorMDBEmpty(t *testing.T) { + cr := &api.KieApp{ + ObjectMeta: metav1.ObjectMeta{Name: "testKieExecutorMDB"}, + Spec: api.KieAppSpec{ + Environment: api.RhpamProductionImmutable, + Objects: api.KieAppObjects{ + Servers: []api.KieServerSet{}, + }, + }, + } + + env, err := GetEnvironment(cr, test.MockService()) + assert.Nil(t, err, "Error getting TestKieExecutorMDBEmpty environment") + + assert.Nil(t, cr.Status.Applied.Objects.Servers[0].MDBMaxSession) + mdbMaxSessionNotPassed := true + for _, env := range env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0].Env { + if strings.HasPrefix(env.Name, "JBOSS_MDB") { + if env.Name != "JBOSS_MDB_MAX_SESSION" { + mdbMaxSessionNotPassed = false + } + } + } + assert.True(t, mdbMaxSessionNotPassed) +} + func TestDataGridRHPAMAuth(t *testing.T) { DataGridAuth(t, api.RhpamAuthoringHA) } diff --git a/pkg/controller/kieapp/defaults/upgrade.go b/pkg/controller/kieapp/defaults/upgrade.go index 05df04b4f..fd936bc85 100644 --- a/pkg/controller/kieapp/defaults/upgrade.go +++ b/pkg/controller/kieapp/defaults/upgrade.go @@ -91,7 +91,7 @@ func getConfigVersionLists(fromVersion, toVersion string) (configFromList, confi fromList := map[string][]map[string]string{} toList := map[string][]map[string]string{} if checkVersion(fromVersion) && checkVersion(toVersion) { - box := packr.New("config", "../../../../config") + box := packr.New("rhpam-config", "../../../../rhpam-config") if box.HasDir(fromVersion) && box.HasDir(toVersion) { cmList := getCMListfromBox(box) for cmName, cmData := range cmList { diff --git a/config/7.12.0/common.yaml b/rhpam-config/7.12.0/common.yaml similarity index 100% rename from config/7.12.0/common.yaml rename to rhpam-config/7.12.0/common.yaml diff --git a/config/7.12.0/dashbuilder/rhpam-standalone-dashbuilder.yaml b/rhpam-config/7.12.0/dashbuilder/rhpam-standalone-dashbuilder.yaml similarity index 100% rename from config/7.12.0/dashbuilder/rhpam-standalone-dashbuilder.yaml rename to rhpam-config/7.12.0/dashbuilder/rhpam-standalone-dashbuilder.yaml diff --git a/config/7.11.1/dbs/mysql.yaml b/rhpam-config/7.12.0/dbs/mysql.yaml similarity index 100% rename from config/7.11.1/dbs/mysql.yaml rename to rhpam-config/7.12.0/dbs/mysql.yaml diff --git a/config/7.12.0/dbs/pim/external.yaml b/rhpam-config/7.12.0/dbs/pim/external.yaml similarity index 100% rename from config/7.12.0/dbs/pim/external.yaml rename to rhpam-config/7.12.0/dbs/pim/external.yaml diff --git a/config/7.12.0/dbs/pim/mysql.yaml b/rhpam-config/7.12.0/dbs/pim/mysql.yaml similarity index 100% rename from config/7.12.0/dbs/pim/mysql.yaml rename to rhpam-config/7.12.0/dbs/pim/mysql.yaml diff --git a/config/7.12.0/dbs/pim/postgresql.yaml b/rhpam-config/7.12.0/dbs/pim/postgresql.yaml similarity index 100% rename from config/7.12.0/dbs/pim/postgresql.yaml rename to rhpam-config/7.12.0/dbs/pim/postgresql.yaml diff --git a/config/7.11.1/dbs/postgresql.yaml b/rhpam-config/7.12.0/dbs/postgresql.yaml similarity index 100% rename from config/7.11.1/dbs/postgresql.yaml rename to rhpam-config/7.12.0/dbs/postgresql.yaml diff --git a/config/7.11.1/dbs/servers/external.yaml b/rhpam-config/7.12.0/dbs/servers/external.yaml similarity index 100% rename from config/7.11.1/dbs/servers/external.yaml rename to rhpam-config/7.12.0/dbs/servers/external.yaml diff --git a/config/7.11.1/dbs/servers/h2.yaml b/rhpam-config/7.12.0/dbs/servers/h2.yaml similarity index 100% rename from config/7.11.1/dbs/servers/h2.yaml rename to rhpam-config/7.12.0/dbs/servers/h2.yaml diff --git a/config/7.11.1/dbs/servers/mysql.yaml b/rhpam-config/7.12.0/dbs/servers/mysql.yaml similarity index 100% rename from config/7.11.1/dbs/servers/mysql.yaml rename to rhpam-config/7.12.0/dbs/servers/mysql.yaml diff --git a/config/7.11.1/dbs/servers/postgresql.yaml b/rhpam-config/7.12.0/dbs/servers/postgresql.yaml similarity index 100% rename from config/7.11.1/dbs/servers/postgresql.yaml rename to rhpam-config/7.12.0/dbs/servers/postgresql.yaml diff --git a/config/7.12.0/envs/rhdm-authoring-ha.yaml b/rhpam-config/7.12.0/envs/rhdm-authoring-ha.yaml similarity index 100% rename from config/7.12.0/envs/rhdm-authoring-ha.yaml rename to rhpam-config/7.12.0/envs/rhdm-authoring-ha.yaml diff --git a/config/7.11.1/envs/rhdm-authoring.yaml b/rhpam-config/7.12.0/envs/rhdm-authoring.yaml similarity index 100% rename from config/7.11.1/envs/rhdm-authoring.yaml rename to rhpam-config/7.12.0/envs/rhdm-authoring.yaml diff --git a/config/7.11.1/envs/rhdm-production-immutable.yaml b/rhpam-config/7.12.0/envs/rhdm-production-immutable.yaml similarity index 100% rename from config/7.11.1/envs/rhdm-production-immutable.yaml rename to rhpam-config/7.12.0/envs/rhdm-production-immutable.yaml diff --git a/config/7.12.0/envs/rhdm-trial.yaml b/rhpam-config/7.12.0/envs/rhdm-trial.yaml similarity index 100% rename from config/7.12.0/envs/rhdm-trial.yaml rename to rhpam-config/7.12.0/envs/rhdm-trial.yaml diff --git a/config/7.12.0/envs/rhpam-authoring-ha.yaml b/rhpam-config/7.12.0/envs/rhpam-authoring-ha.yaml similarity index 100% rename from config/7.12.0/envs/rhpam-authoring-ha.yaml rename to rhpam-config/7.12.0/envs/rhpam-authoring-ha.yaml diff --git a/config/7.11.1/envs/rhpam-authoring.yaml b/rhpam-config/7.12.0/envs/rhpam-authoring.yaml similarity index 100% rename from config/7.11.1/envs/rhpam-authoring.yaml rename to rhpam-config/7.12.0/envs/rhpam-authoring.yaml diff --git a/config/7.11.1/envs/rhpam-production-immutable.yaml b/rhpam-config/7.12.0/envs/rhpam-production-immutable.yaml similarity index 100% rename from config/7.11.1/envs/rhpam-production-immutable.yaml rename to rhpam-config/7.12.0/envs/rhpam-production-immutable.yaml diff --git a/config/7.11.1/envs/rhpam-production.yaml b/rhpam-config/7.12.0/envs/rhpam-production.yaml similarity index 100% rename from config/7.11.1/envs/rhpam-production.yaml rename to rhpam-config/7.12.0/envs/rhpam-production.yaml diff --git a/config/7.11.1/envs/rhpam-standalone-dashbuilder.yaml b/rhpam-config/7.12.0/envs/rhpam-standalone-dashbuilder.yaml similarity index 100% rename from config/7.11.1/envs/rhpam-standalone-dashbuilder.yaml rename to rhpam-config/7.12.0/envs/rhpam-standalone-dashbuilder.yaml diff --git a/config/7.12.0/envs/rhpam-trial.yaml b/rhpam-config/7.12.0/envs/rhpam-trial.yaml similarity index 100% rename from config/7.12.0/envs/rhpam-trial.yaml rename to rhpam-config/7.12.0/envs/rhpam-trial.yaml diff --git a/config/7.11.1/jms/activemq-jms-config.yaml b/rhpam-config/7.12.0/jms/activemq-jms-config.yaml similarity index 100% rename from config/7.11.1/jms/activemq-jms-config.yaml rename to rhpam-config/7.12.0/jms/activemq-jms-config.yaml diff --git a/config/7.12.0/pim/process-migration.yaml b/rhpam-config/7.12.0/pim/process-migration.yaml similarity index 100% rename from config/7.12.0/pim/process-migration.yaml rename to rhpam-config/7.12.0/pim/process-migration.yaml diff --git a/config/7.11.1/common.yaml b/rhpam-config/7.12.1/common.yaml similarity index 80% rename from config/7.11.1/common.yaml rename to rhpam-config/7.12.1/common.yaml index f5abdf2db..0d72ff8c8 100644 --- a/config/7.11.1/common.yaml +++ b/rhpam-config/7.12.1/common.yaml @@ -55,7 +55,7 @@ console: path: /rest/healthy port: 8080 scheme: HTTP - initialDelaySeconds: 180 + initialDelaySeconds: 60 timeoutSeconds: 2 periodSeconds: 15 successThreshold: 1 @@ -98,7 +98,9 @@ console: - name: KIE_DASHBUILDER_RUNTIME_LOCATION value: "[[.Console.DashbuilderLocation]]" #[[end]] - ## OpenShift Enhancement BEGIN + #[[if .Console.StartupStrategy ]] + #[[if eq .Console.StartupStrategy.StrategyName "OpenShiftStartupStrategy" ]] + ## OpenShift Enhancement BEGIN - name: KIE_SERVER_CONTROLLER_OPENSHIFT_ENABLED value: "true" - name: KIE_SERVER_CONTROLLER_OPENSHIFT_GLOBAL_DISCOVERY_ENABLED @@ -106,8 +108,19 @@ console: - name: KIE_SERVER_CONTROLLER_OPENSHIFT_PREFER_KIESERVER_SERVICE value: "true" - name: KIE_SERVER_CONTROLLER_TEMPLATE_CACHE_TTL - value: "5000" - ## OpenShift Enhancement END + value: "[[.Console.StartupStrategy.ControllerTemplateCacheTTL]]" + ## OpenShift Enhancement END + #[[end]] + #[[if eq .Console.StartupStrategy.StrategyName "ControllerBasedStartupStrategy" ]] + - name: KIE_SERVER_CONTROLLER_OPENSHIFT_ENABLED + value: "false" + - name: KIE_SERVER_CONTROLLER_OPENSHIFT_GLOBAL_DISCOVERY_ENABLED + value: "false" + - name: KIE_SERVER_CONTROLLER_OPENSHIFT_PREFER_KIESERVER_SERVICE + value: "false" + #[[end]] + #[[end]] + #[[if not .DisableSsl]] - name: HTTPS_KEYSTORE_DIR value: "/etc/businesscentral-secret-volume" - name: HTTPS_KEYSTORE @@ -116,6 +129,7 @@ console: value: "jboss" - name: HTTPS_PASSWORD value: "[[.KeyStorePassword]]" + #[[end]] - name: WORKBENCH_ROUTE_NAME value: "[[.ApplicationName]]-[[.Console.Name]]" - name: JGROUPS_PING_PROTOCOL @@ -158,30 +172,22 @@ console: #[[if .Auth.LDAP.URL]] - name: AUTH_LDAP_URL value: "[[.Auth.LDAP.URL]]" + - name: AUTH_LDAP_LOGIN_MODULE + value: "[[.Auth.LDAP.LoginModule]]" + - name: AUTH_LDAP_LOGIN_FAILOVER + value: "[[.Auth.LDAP.LoginFailover]]" - name: AUTH_LDAP_BIND_DN value: "[[.Auth.LDAP.BindDN]]" - name: AUTH_LDAP_BIND_CREDENTIAL value: "[[.Auth.LDAP.BindCredential]]" - - name: AUTH_LDAP_JAAS_SECURITY_DOMAIN - value: "[[.Auth.LDAP.JAASSecurityDomain]]" - - name: AUTH_LDAP_LOGIN_MODULE - value: "[[.Auth.LDAP.LoginModule]]" - name: AUTH_LDAP_BASE_CTX_DN value: "[[.Auth.LDAP.BaseCtxDN]]" - name: AUTH_LDAP_BASE_FILTER value: "[[.Auth.LDAP.BaseFilter]]" - - name: AUTH_LDAP_SEARCH_SCOPE - value: "[[.Auth.LDAP.SearchScope]]" + - name: AUTH_LDAP_RECURSIVE_SEARCH + value: "[[.Auth.LDAP.RecursiveSearch]]" - name: AUTH_LDAP_SEARCH_TIME_LIMIT value: "[[.Auth.LDAP.SearchTimeLimit]]" - - name: AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE - value: "[[.Auth.LDAP.DistinguishedNameAttribute]]" - - name: AUTH_LDAP_PARSE_USERNAME - value: "[[.Auth.LDAP.ParseUsername]]" - - name: AUTH_LDAP_USERNAME_BEGIN_STRING - value: "[[.Auth.LDAP.UsernameBeginString]]" - - name: AUTH_LDAP_USERNAME_END_STRING - value: "[[.Auth.LDAP.UsernameEndString]]" - name: AUTH_LDAP_ROLE_ATTRIBUTE_ID value: "[[.Auth.LDAP.RoleAttributeID]]" - name: AUTH_LDAP_ROLES_CTX_DN @@ -192,22 +198,20 @@ console: value: "[[.Auth.LDAP.RoleRecursion]]" - name: AUTH_LDAP_DEFAULT_ROLE value: "[[.Auth.LDAP.DefaultRole]]" - - name: AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID - value: "[[.Auth.LDAP.RoleNameAttributeID]]" - - name: AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN - value: "[[.Auth.LDAP.ParseRoleNameFromDN]]" - - name: AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN - value: "[[.Auth.LDAP.RoleAttributeIsDN]]" - - name: AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK - value: "[[.Auth.LDAP.ReferralUserAttributeIDToCheck]]" + - name: AUTH_LDAP_NEW_IDENTITY_ATTRIBUTES + value: "[[.Auth.LDAP.NewIdentityAttributes]]" + - name: AUTH_LDAP_REFERRAL_MODE + value: "[[.Auth.LDAP.ReferralMode]]" #[[end]] ## LDAP config END ## RoleMapping config BEGIN #[[if .Auth.RoleMapper.RolesProperties]] - name: AUTH_ROLE_MAPPER_ROLES_PROPERTIES value: "[[.Auth.RoleMapper.RolesProperties]]" - - name: AUTH_ROLE_MAPPER_REPLACE_ROLE - value: "[[.Auth.RoleMapper.ReplaceRole]]" + - name: AUTH_LDAP_MAPPER_KEEP_MAPPED + value: "[[.Auth.RoleMapper.RolesKeepMapped]]" + - name: AUTH_LDAP_MAPPER_KEEP_NON_MAPPED + value: "[[.Auth.RoleMapper.RolesKeepNonMapped]]" #[[end]] ## RoleMapping config END # Auth config END @@ -265,10 +269,60 @@ console: value: "[[.Console.Jvm.GcContainerOptions]]" #[[end]] ## Jvm config END + ## CORS BEGIN + #[[if .Console.Cors]] + #[[if .Console.Cors.Filters]] + - name: FILTERS + value: "[[.Console.Cors.Filters]]" + #[[end]] + #[[if .Console.Cors.AllowOriginName]] + - name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_NAME + value: "[[.Console.Cors.AllowOriginName]]" + #[[end]] + #[[if .Console.Cors.AllowOriginValue]] + - name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Console.Cors.AllowOriginValue]]" + #[[end]] + #[[if .Console.Cors.AllowMethodsName]] + - name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_NAME + value: "[[.Console.Cors.AllowMethodsName]]" + #[[end]] + #[[if .Console.Cors.AllowMethodsValue]] + - name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Console.Cors.AllowMethodsValue]]" + #[[end]] + #[[if .Console.Cors.AllowHeadersName]] + - name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_NAME + value: "[[.Console.Cors.AllowHeadersName]]" + #[[end]] + #[[if .Console.Cors.AllowHeadersValue]] + - name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Console.Cors.AllowHeadersValue]]" + #[[end]] + #[[if .Console.Cors.AllowCredentialsName]] + - name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_NAME + value: "[[.Console.Cors.AllowCredentialsName]]" + #[[end]] + #[[if .Console.Cors.AllowCredentialsValue]] + - name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Console.Cors.AllowCredentialsValue]]" + #[[end]] + #[[if .Console.Cors.MaxAgeName]] + - name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_NAME + value: "[[.Console.Cors.MaxAgeName]]" + #[[end]] + #[[if .Console.Cors.MaxAgeValue]] + - name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Console.Cors.MaxAgeValue]]" + #[[end]] + #[[end]] + ## CORS END volumeMounts: + #[[if not .DisableSsl]] - name: "[[.ApplicationName]]-[[.Console.Name]]-[[.Constants.KeystoreVolumeSuffix]]" mountPath: "/etc/businesscentral-secret-volume" readOnly: true + #[[end]] #[[if .OpenshiftCaBundle]] - name: "[[.ApplicationName]]-truststore" mountPath: "/etc/openshift-truststore-volume" @@ -293,9 +347,11 @@ console: mountPath: "/home/jboss/.ssh" #[[end]] volumes: + #[[if not .DisableSsl]] - name: "[[.ApplicationName]]-[[.Console.Name]]-[[.Constants.KeystoreVolumeSuffix]]" secret: secretName: "[[.Console.KeystoreSecret]]" + #[[end]] #[[if .OpenshiftCaBundle]] - name: "[[.ApplicationName]]-truststore" secret: @@ -385,7 +441,7 @@ console: annotations: description: All the Business Central web server's ports. routes: - - id: "[[.ApplicationName]]-[[.Console.Name]]-https" + - id: "[[.ApplicationName]]-[[.Console.Name]]-[[.RouteProtocol]]" metadata: name: "[[.ApplicationName]]-[[.Console.Name]]" labels: @@ -393,17 +449,22 @@ console: application: "[[.ApplicationName]]" service: "[[.ApplicationName]]-[[.Console.Name]]" annotations: - description: Route for Business Central's https service. + description: "Route for Business Central's [[.RouteProtocol]] service." haproxy.router.openshift.io/timeout: 60s + #[[if not .DisableSsl]] + haproxy.router.openshift.io/balance: source + #[[end]] spec: - host: "" + host: "[[.Console.RouteHostname]]" to: name: "[[.ApplicationName]]-[[.Console.Name]]" port: - targetPort: https + targetPort: [[.RouteProtocol]] + #[[if not .DisableSsl]] tls: insecureEdgeTerminationPolicy: Redirect termination: passthrough + #[[end]] ## KIE smartrouter BEGIN smartRouter: persistentVolumeClaims: @@ -492,12 +553,14 @@ smartRouter: #[[end]] - name: KIE_SERVER_ROUTER_SERVICE value: "[[.ApplicationName]]-smartrouter" + #[[if not .DisableSsl]] - name: KIE_SERVER_ROUTER_TLS_KEYSTORE_KEYALIAS value: "jboss" - name: KIE_SERVER_ROUTER_TLS_KEYSTORE_PASSWORD value: "[[.KeyStorePassword]]" - name: KIE_SERVER_ROUTER_TLS_KEYSTORE value: "/etc/smartrouter-secret-volume/keystore.jks" + #[[end]] - name: KIE_ADMIN_USER value: "[[.AdminUser]]" - name: KIE_ADMIN_PWD @@ -567,9 +630,11 @@ smartRouter: volumeMounts: - name: "[[.ApplicationName]]-smartrouter" mountPath: "/opt/[[.Constants.Product]]-smartrouter/data" + #[[if not .DisableSsl]] - name: smartrouter-[[.Constants.KeystoreVolumeSuffix]] mountPath: "/etc/smartrouter-secret-volume" readOnly: true + #[[end]] #[[if .OpenshiftCaBundle]] - name: "[[.ApplicationName]]-truststore" mountPath: "/etc/openshift-truststore-volume" @@ -579,9 +644,11 @@ smartRouter: - name: "[[.ApplicationName]]-smartrouter" persistentVolumeClaim: claimName: "[[.ApplicationName]]-smartrouter-claim" + #[[if not .DisableSsl]] - name: smartrouter-[[.Constants.KeystoreVolumeSuffix]] secret: secretName: "[[.SmartRouter.KeystoreSecret]]" + #[[end]] #[[if .OpenshiftCaBundle]] - name: "[[.ApplicationName]]-truststore" secret: @@ -607,7 +674,7 @@ smartRouter: annotations: description: The smart router server http and https ports. routes: - - id: "[[.ApplicationName]]-smartrouter-https" + - id: "[[.ApplicationName]]-smartrouter-[[.RouteProtocol]]" metadata: name: "[[.ApplicationName]]-smartrouter" labels: @@ -615,16 +682,21 @@ smartRouter: application: "[[.ApplicationName]]" service: "[[.ApplicationName]]-smartrouter" annotations: - description: Route for Smart Router's https service. + description: Route for Smart Router's [[.RouteProtocol]] service. + #[[if not $.DisableSsl]] + haproxy.router.openshift.io/balance: source + #[[end]] spec: - host: "" + host: "[[.SmartRouter.RouteHostname]]" to: name: "[[.ApplicationName]]-smartrouter" port: - targetPort: https + targetPort: [[.RouteProtocol]] + #[[if not .DisableSsl]] tls: insecureEdgeTerminationPolicy: Redirect termination: passthrough + #[[end]] ## KIE smartrouter END ## KIE Servers BEGIN servers: @@ -704,7 +776,15 @@ servers: - name: KIE_ADMIN_PWD value: "[[$.AdminPassword]]" - name: KIE_SERVER_STARTUP_STRATEGY - value: "OpenShiftStartupStrategy" + value: "[[.StartupStrategy.StrategyName]]" + #[[if eq .StartupStrategy.StrategyName "OpenShiftStartupStrategy" ]] + - name: KIE_SERVER_CONTROLLER_TEMPLATE_CACHE_TTL + value: "[[.StartupStrategy.ControllerTemplateCacheTTL]]" + #[[end]] + #[[if eq .StartupStrategy.StrategyName "ControllerBasedStartupStrategy" ]] + - name: KIE_SERVER_CONTROLLER_OPENSHIFT_ENABLED + value: "false" + #[[end]] - name: DROOLS_SERVER_FILTER_CLASSES value: "true" - name: KIE_SERVER_MODE @@ -735,6 +815,7 @@ servers: value: /maven2/ - name: KIE_SERVER_BYPASS_AUTH_USER value: "false" + #[[if not $.DisableSsl]] - name: HTTPS_KEYSTORE_DIR value: "/etc/kieserver-secret-volume" - name: HTTPS_KEYSTORE @@ -743,6 +824,7 @@ servers: value: "jboss" - name: HTTPS_PASSWORD value: "[[$.KeyStorePassword]]" + #[[end]] - name: JGROUPS_PING_PROTOCOL value: "kubernetes.KUBE_PING" - name: KUBERNETES_NAMESPACE @@ -789,30 +871,22 @@ servers: #[[if $.Auth.LDAP.URL]] - name: AUTH_LDAP_URL value: "[[$.Auth.LDAP.URL]]" + - name: AUTH_LDAP_LOGIN_MODULE + value: "[[$.Auth.LDAP.LoginModule]]" + - name: AUTH_LDAP_LOGIN_FAILOVER + value: "[[$.Auth.LDAP.LoginFailover]]" - name: AUTH_LDAP_BIND_DN value: "[[$.Auth.LDAP.BindDN]]" - name: AUTH_LDAP_BIND_CREDENTIAL value: "[[$.Auth.LDAP.BindCredential]]" - - name: AUTH_LDAP_JAAS_SECURITY_DOMAIN - value: "[[$.Auth.LDAP.JAASSecurityDomain]]" - - name: AUTH_LDAP_LOGIN_MODULE - value: "[[$.Auth.LDAP.LoginModule]]" - name: AUTH_LDAP_BASE_CTX_DN value: "[[$.Auth.LDAP.BaseCtxDN]]" - name: AUTH_LDAP_BASE_FILTER value: "[[$.Auth.LDAP.BaseFilter]]" - - name: AUTH_LDAP_SEARCH_SCOPE - value: "[[$.Auth.LDAP.SearchScope]]" + - name: AUTH_LDAP_RECURSIVE_SEARCH + value: "[[$.Auth.LDAP.RecursiveSearch]]" - name: AUTH_LDAP_SEARCH_TIME_LIMIT value: "[[$.Auth.LDAP.SearchTimeLimit]]" - - name: AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE - value: "[[$.Auth.LDAP.DistinguishedNameAttribute]]" - - name: AUTH_LDAP_PARSE_USERNAME - value: "[[$.Auth.LDAP.ParseUsername]]" - - name: AUTH_LDAP_USERNAME_BEGIN_STRING - value: "[[$.Auth.LDAP.UsernameBeginString]]" - - name: AUTH_LDAP_USERNAME_END_STRING - value: "[[$.Auth.LDAP.UsernameEndString]]" - name: AUTH_LDAP_ROLE_ATTRIBUTE_ID value: "[[$.Auth.LDAP.RoleAttributeID]]" - name: AUTH_LDAP_ROLES_CTX_DN @@ -823,22 +897,20 @@ servers: value: "[[$.Auth.LDAP.RoleRecursion]]" - name: AUTH_LDAP_DEFAULT_ROLE value: "[[$.Auth.LDAP.DefaultRole]]" - - name: AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID - value: "[[$.Auth.LDAP.RoleNameAttributeID]]" - - name: AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN - value: "[[$.Auth.LDAP.ParseRoleNameFromDN]]" - - name: AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN - value: "[[$.Auth.LDAP.RoleAttributeIsDN]]" - - name: AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK - value: "[[$.Auth.LDAP.ReferralUserAttributeIDToCheck]]" + - name: AUTH_LDAP_NEW_IDENTITY_ATTRIBUTES + value: "[[$.Auth.LDAP.NewIdentityAttributes]]" + - name: AUTH_LDAP_REFERRAL_MODE + value: "[[$.Auth.LDAP.ReferralMode]]" #[[end]] ## LDAP config END ## RoleMapping config BEGIN #[[if $.Auth.RoleMapper.RolesProperties]] - name: AUTH_ROLE_MAPPER_ROLES_PROPERTIES value: "[[$.Auth.RoleMapper.RolesProperties]]" - - name: AUTH_ROLE_MAPPER_REPLACE_ROLE - value: "[[$.Auth.RoleMapper.ReplaceRole]]" + - name: AUTH_LDAP_MAPPER_KEEP_MAPPED + value: "[[$.Auth.RoleMapper.RolesKeepMapped]]" + - name: AUTH_LDAP_MAPPER_KEEP_NON_MAPPED + value: "[[$.Auth.RoleMapper.RolesKeepNonMapped]]" #[[end]] ## RoleMapping config END # Auth config END @@ -941,7 +1013,7 @@ servers: #[[end]] #[[end]] ## AMQ Streams END - ## JBPM Kafka Emitter BEGIN + ## JBPM Kafka Emitter BEGIN #[[if .KafkaJbpmEventEmitters]] - name: KIE_SERVER_KAFKA_JBPM_EVENT_EMITTER_ENABLED value: "true" @@ -965,7 +1037,7 @@ servers: - name: KIE_SERVER_KAFKA_JBPM_EVENT_EMITTER_DATE_FORMAT value: "[[.KafkaJbpmEventEmitters.DateFormat]]" #[[end]] - #[[if .KafkaJbpmEventEmitters.ProcessesTopicName]] + #[[if .KafkaJbpmEventEmitters.ProcessesTopicName]] - name: KIE_SERVER_KAFKA_JBPM_EVENT_EMITTER_PROCESSES_TOPIC_NAME value: "[[.KafkaJbpmEventEmitters.ProcessesTopicName]]" #[[end]] @@ -979,6 +1051,58 @@ servers: #[[end]] #[[end]] ## JBPM Kafka Emitter END + ## CORS BEGIN + #[[if .Cors]] + #[[if .Cors.Filters]] + - name: FILTERS + value: "[[.Cors.Filters]]" + #[[end]] + #[[if .Cors.AllowOriginName]] + - name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_NAME + value: "[[.Cors.AllowOriginName]]" + #[[end]] + #[[if .Cors.AllowOriginValue]] + - name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Cors.AllowOriginValue]]" + #[[end]] + #[[if .Cors.AllowMethodsName]] + - name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_NAME + value: "[[.Cors.AllowMethodsName]]" + #[[end]] + #[[if .Cors.AllowMethodsValue]] + - name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Cors.AllowMethodsValue]]" + #[[end]] + #[[if .Cors.AllowHeadersName]] + - name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_NAME + value: "[[.Cors.AllowHeadersName]]" + #[[end]] + #[[if .Cors.AllowHeadersValue]] + - name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Cors.AllowHeadersValue]]" + #[[end]] + #[[if .Cors.AllowCredentialsName]] + - name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_NAME + value: "[[.Cors.AllowCredentialsName]]" + #[[end]] + #[[if .Cors.AllowCredentialsValue]] + - name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Cors.AllowCredentialsValue]]" + #[[end]] + #[[if .Cors.MaxAgeName]] + - name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_NAME + value: "[[.Cors.MaxAgeName]]" + #[[end]] + #[[if .Cors.MaxAgeValue]] + - name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Cors.MaxAgeValue]]" + #[[end]] + #[[end]] + ## CORS END + #[[if .MDBMaxSession]] + - name: JBOSS_MDB_MAX_SESSIONS + value: "[[.MDBMaxSession]]" + #[[end]] livenessProbe: httpGet: path: /services/rest/server/healthcheck @@ -1008,28 +1132,46 @@ servers: containerPort: 8443 protocol: TCP volumeMounts: + #[[if not $.DisableSsl]] - mountPath: /etc/kieserver-secret-volume name: kieserver-[[$.Constants.KeystoreVolumeSuffix]] readOnly: true + #[[end]] #[[if $.OpenshiftCaBundle]] - name: "[[$.ApplicationName]]-truststore" mountPath: "/etc/openshift-truststore-volume" readOnly: true #[[end]] + #[[if .PersistRepos]] + - name: "[[$.ApplicationName]]-m2-repository" + mountPath: "/home/jboss/.m2/repository" + - name: "[[$.ApplicationName]]-kie-repository" + mountPath: "/home/jboss/.kie/repository" + #[[end]] #[[if $.Auth.RoleMapper.From]] - name: "[[$.Constants.RoleMapperVolume]]" mountPath: "[[$.Auth.RoleMapper.MountPath]]" readOnly: true #[[end]] volumes: + #[[if not $.DisableSsl]] - name: kieserver-[[$.Constants.KeystoreVolumeSuffix]] secret: secretName: "[[.KeystoreSecret]]" + #[[end]] #[[if $.OpenshiftCaBundle]] - name: "[[$.ApplicationName]]-truststore" secret: secretName: "[[$.ApplicationName]]-truststore" #[[end]] + #[[if .PersistRepos]] + - name: "[[$.ApplicationName]]-m2-repository" + persistentVolumeClaim: + claimName: "[[$.ApplicationName]]-m2-repository-claim" + - name: "[[$.ApplicationName]]-kie-repository" + persistentVolumeClaim: + claimName: "[[$.ApplicationName]]-kie-repository-claim" + #[[end]] #[[if $.Auth.RoleMapper.From]] - name: "[[$.Constants.RoleMapperVolume]]" #[[if eq $.Auth.RoleMapper.From.Kind "ConfigMap"]] @@ -1047,6 +1189,38 @@ servers: #[[end]] #[[end]] ## KIE server deployment config END + #[[if .PersistRepos]] + persistentVolumeClaims: + - metadata: + name: "[[$.ApplicationName]]-m2-repository-claim" + labels: + app: "[[$.ApplicationName]]" + application: "[[$.ApplicationName]]" + spec: + # [[ if ne .StorageClassName "" ]] + storageClassName: "[[.StorageClassName]]" + # [[ end ]] + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "[[.ServersM2PvSize]]" + - metadata: + name: "[[$.ApplicationName]]-kie-repository-claim" + labels: + app: "[[$.ApplicationName]]" + application: "[[$.ApplicationName]]" + spec: + # [[ if ne .StorageClassName "" ]] + storageClassName: "[[.StorageClassName]]" + # [[ end ]] + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "[[.ServersKiePvSize]]" + #[[end]] + ## KIE server pvc END ## KIE server services BEGIN services: - spec: @@ -1074,7 +1248,7 @@ servers: ## KIE server services END ## KIE server routes BEGIN routes: - - id: "[[.KieName]]-https" + - id: "[[.KieName]]-[[$.RouteProtocol]]" metadata: name: "[[.KieName]]" labels: @@ -1082,16 +1256,22 @@ servers: application: "[[$.ApplicationName]]" service: "[[.KieName]]" annotations: - description: Route for KIE server's https service. + description: Route for KIE server's [[$.RouteProtocol]] service. haproxy.router.openshift.io/timeout: 60s + #[[if not $.DisableSsl]] + haproxy.router.openshift.io/balance: source + #[[end]] spec: + host: "[[.RouteHostname]]" to: name: "[[.KieName]]" port: - targetPort: https + targetPort: [[$.RouteProtocol]] + #[[if not $.DisableSsl]] tls: insecureEdgeTerminationPolicy: Redirect termination: passthrough + #[[end]] ## KIE server routes END #[[end]] ## RANGE ends diff --git a/config/7.11.1/dashbuilder/rhpam-standalone-dashbuilder.yaml b/rhpam-config/7.12.1/dashbuilder/rhpam-standalone-dashbuilder.yaml similarity index 79% rename from config/7.11.1/dashbuilder/rhpam-standalone-dashbuilder.yaml rename to rhpam-config/7.12.1/dashbuilder/rhpam-standalone-dashbuilder.yaml index c6a54ad94..8ca916b21 100644 --- a/config/7.11.1/dashbuilder/rhpam-standalone-dashbuilder.yaml +++ b/rhpam-config/7.12.1/dashbuilder/rhpam-standalone-dashbuilder.yaml @@ -139,6 +139,7 @@ dashbuilder: - name: DASHBUILDER_CONFIG_MAP_PROPS value: "[[.Dashbuilder.Config.ConfigMapProps]]" #[[end]] + #[[if not .DisableSsl]] - name: HTTPS_KEYSTORE_DIR value: "/etc/dashbuilder-secret-volume" - name: HTTPS_KEYSTORE @@ -147,6 +148,7 @@ dashbuilder: value: "jboss" - name: HTTPS_PASSWORD value: "[[.KeyStorePassword]]" + #[[end]] - name: KUBERNETES_NAMESPACE valueFrom: fieldRef: @@ -186,30 +188,22 @@ dashbuilder: #[[if .Auth.LDAP.URL]] - name: AUTH_LDAP_URL value: "[[.Auth.LDAP.URL]]" + - name: AUTH_LDAP_LOGIN_MODULE + value: "[[.Auth.LDAP.LoginModule]]" + - name: AUTH_LDAP_LOGIN_FAILOVER + value: "[[.Auth.LDAP.LoginFailover]]" - name: AUTH_LDAP_BIND_DN value: "[[.Auth.LDAP.BindDN]]" - name: AUTH_LDAP_BIND_CREDENTIAL value: "[[.Auth.LDAP.BindCredential]]" - - name: AUTH_LDAP_JAAS_SECURITY_DOMAIN - value: "[[.Auth.LDAP.JAASSecurityDomain]]" - - name: AUTH_LDAP_LOGIN_MODULE - value: "[[.Auth.LDAP.LoginModule]]" - name: AUTH_LDAP_BASE_CTX_DN value: "[[.Auth.LDAP.BaseCtxDN]]" - name: AUTH_LDAP_BASE_FILTER value: "[[.Auth.LDAP.BaseFilter]]" - - name: AUTH_LDAP_SEARCH_SCOPE - value: "[[.Auth.LDAP.SearchScope]]" + - name: AUTH_LDAP_RECURSIVE_SEARCH + value: "[[.Auth.LDAP.RecursiveSearch]]" - name: AUTH_LDAP_SEARCH_TIME_LIMIT value: "[[.Auth.LDAP.SearchTimeLimit]]" - - name: AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE - value: "[[.Auth.LDAP.DistinguishedNameAttribute]]" - - name: AUTH_LDAP_PARSE_USERNAME - value: "[[.Auth.LDAP.ParseUsername]]" - - name: AUTH_LDAP_USERNAME_BEGIN_STRING - value: "[[.Auth.LDAP.UsernameBeginString]]" - - name: AUTH_LDAP_USERNAME_END_STRING - value: "[[.Auth.LDAP.UsernameEndString]]" - name: AUTH_LDAP_ROLE_ATTRIBUTE_ID value: "[[.Auth.LDAP.RoleAttributeID]]" - name: AUTH_LDAP_ROLES_CTX_DN @@ -220,22 +214,20 @@ dashbuilder: value: "[[.Auth.LDAP.RoleRecursion]]" - name: AUTH_LDAP_DEFAULT_ROLE value: "[[.Auth.LDAP.DefaultRole]]" - - name: AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID - value: "[[.Auth.LDAP.RoleNameAttributeID]]" - - name: AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN - value: "[[.Auth.LDAP.ParseRoleNameFromDN]]" - - name: AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN - value: "[[.Auth.LDAP.RoleAttributeIsDN]]" - - name: AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK - value: "[[.Auth.LDAP.ReferralUserAttributeIDToCheck]]" + - name: AUTH_LDAP_NEW_IDENTITY_ATTRIBUTES + value: "[[.Auth.LDAP.NewIdentityAttributes]]" + - name: AUTH_LDAP_REFERRAL_MODE + value: "[[.Auth.LDAP.ReferralMode]]" #[[end]] ## LDAP config END ## RoleMapping config BEGIN #[[if .Auth.RoleMapper.RolesProperties]] - name: AUTH_ROLE_MAPPER_ROLES_PROPERTIES value: "[[.Auth.RoleMapper.RolesProperties]]" - - name: AUTH_ROLE_MAPPER_REPLACE_ROLE - value: "[[.Auth.RoleMapper.ReplaceRole]]" + - name: AUTH_LDAP_MAPPER_KEEP_MAPPED + value: "[[.Auth.RoleMapper.RolesKeepMapped]]" + - name: AUTH_LDAP_MAPPER_KEEP_NON_MAPPED + value: "[[.Auth.RoleMapper.RolesKeepNonMapped]]" #[[end]] ## RoleMapping config END # Auth config END @@ -293,10 +285,60 @@ dashbuilder: value: "[[.Dashbuilder.Jvm.GcContainerOptions]]" #[[end]] ## Jvm config END + ## CORS BEGIN + #[[if .Dashbuilder.Cors]] + #[[if .Dashbuilder.Cors.Filters]] + - name: FILTERS + value: "[[.Dashbuilder.Cors.Filters]]" + #[[end]] + #[[if .Dashbuilder.Cors.AllowOriginName]] + - name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_NAME + value: "[[.Dashbuilder.Cors.AllowOriginName]]" + #[[end]] + #[[if .Dashbuilder.Cors.AllowOriginValue]] + - name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Dashbuilder.Cors.AllowOriginValue]]" + #[[end]] + #[[if .Dashbuilder.Cors.AllowMethodsName]] + - name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_NAME + value: "[[.Dashbuilder.Cors.AllowMethodsName]]" + #[[end]] + #[[if .Dashbuilder.Cors.AllowMethodsValue]] + - name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Dashbuilder.Cors.AllowMethodsValue]]" + #[[end]] + #[[if .Dashbuilder.Cors.AllowHeadersName]] + - name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_NAME + value: "[[.Dashbuilder.Cors.AllowHeadersName]]" + #[[end]] + #[[if .Dashbuilder.Cors.AllowHeadersValue]] + - name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Dashbuilder.Cors.AllowHeadersValue]]" + #[[end]] + #[[if .Dashbuilder.Cors.AllowCredentialsName]] + - name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_NAME + value: "[[.Dashbuilder.Cors.AllowCredentialsName]]" + #[[end]] + #[[if .Dashbuilder.Cors.AllowCredentialsValue]] + - name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Dashbuilder.Cors.AllowCredentialsValue]]" + #[[end]] + #[[if .Dashbuilder.Cors.MaxAgeName]] + - name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_NAME + value: "[[.Dashbuilder.Cors.MaxAgeName]]" + #[[end]] + #[[if .Dashbuilder.Cors.MaxAgeValue]] + - name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_VALUE + value: "[[.Dashbuilder.Cors.MaxAgeValue]]" + #[[end]] + #[[end]] + ## CORS END volumeMounts: + #[[if not .DisableSsl]] - name: "[[.ApplicationName]]-[[.Dashbuilder.Name]]-[[.Constants.KeystoreVolumeSuffix]]" mountPath: "/etc/dashbuilder-secret-volume" readOnly: true + #[[end]] #[[if .OpenshiftCaBundle]] - name: "[[.ApplicationName]]-truststore" mountPath: "/etc/openshift-truststore-volume" @@ -307,9 +349,11 @@ dashbuilder: mountPath: "/opt/kie/dashbuilder" #[[end]] volumes: + #[[if not .DisableSsl]] - name: "[[.ApplicationName]]-[[.Dashbuilder.Name]]-[[.Constants.KeystoreVolumeSuffix]]" secret: secretName: "[[.Dashbuilder.KeystoreSecret]]" + #[[end]] #[[if .OpenshiftCaBundle]] - name: "[[.ApplicationName]]-truststore" secret: @@ -340,7 +384,7 @@ dashbuilder: annotations: description: All the Dashbuilder web server's ports. routes: - - id: "[[.ApplicationName]]-[[.Dashbuilder.Name]]-https" + - id: "[[.ApplicationName]]-[[.Dashbuilder.Name]]-[[.RouteProtocol]]" metadata: name: "[[.ApplicationName]]-[[.Dashbuilder.Name]]" labels: @@ -348,15 +392,20 @@ dashbuilder: application: "[[.ApplicationName]]" service: "[[.ApplicationName]]-[[.Dashbuilder.Name]]" annotations: - description: Route for Dashbuilder's https service. + description: Route for Dashbuilder's [[.RouteProtocol]] service. haproxy.router.openshift.io/timeout: 60s + #[[if not .DisableSsl]] + haproxy.router.openshift.io/balance: source + #[[end]] spec: - host: "" + host: "[[.Dashbuilder.RouteHostname]]" to: name: "[[.ApplicationName]]-[[.Dashbuilder.Name]]" port: - targetPort: https + targetPort: [[.RouteProtocol]] + #[[if not .DisableSsl]] tls: insecureEdgeTerminationPolicy: Redirect termination: passthrough + #[[end]] diff --git a/config/7.12.0/dbs/mysql.yaml b/rhpam-config/7.12.1/dbs/mysql.yaml similarity index 100% rename from config/7.12.0/dbs/mysql.yaml rename to rhpam-config/7.12.1/dbs/mysql.yaml diff --git a/rhpam-config/7.12.1/dbs/pim/external.yaml b/rhpam-config/7.12.1/dbs/pim/external.yaml new file mode 100644 index 000000000..1a9a95866 --- /dev/null +++ b/rhpam-config/7.12.1/dbs/pim/external.yaml @@ -0,0 +1,104 @@ +## KIE ProcessMigration BEGIN +processMigration: + ## KIE ProcessMigration ConfigMap BEGIN + configMaps: + - metadata: + name: "[[.ApplicationName]]-process-migration" + data: + application.yaml: |- + # Default pim configuration for external databases. + quarkus: + class-loading: + # be sure to remove the target database from here. + removed-artifacts: com.oracle.database.jdbc:ojdbc8,com.ibm.db2:jcc,com.microsoft.sqlserver:mssql-jdbc + package: + type: mutable-jar + user-providers-directory: providers + http: + auth: + basic: true + policy: + main-policy: + roles-allowed: admin + permission: + main: + paths: /* + policy: main-policy + public: + paths: /q/health/* + policy: permit + methods: GET + security: + users: + file: + realm-name: pim-file + enabled: true + plain-text: false + users: /opt/rhpam-process-migration/quarkus-app/config/application-users.properties + roles: /opt/rhpam-process-migration/quarkus-app/config/application-roles.properties + jdbc: + realm-name: pim-jdbc + enabled: true + principal-query: + sql: SELECT u.password, u.role FROM users u WHERE u.username=? + ldap: + realm-name: pim-ldap + enabled: true + dir-context: + url: ldap://override-when-needed + identity-mapping: + search-base-dn: ou=users,o=YourCompany,c=ES + # Flyway to create PIM schema + flyway: + connect-retries: 10 + table: flyway_pim_history + migrate-at-start: true + baseline-on-migrate: true + baseline-version: 1.0 + baseline-description: PimDB + sql-migration-prefix: [[.ProcessMigration.Database.ExternalConfig.Driver]] + # Quartz configuration + quartz: + store-type: jdbc-cmt + start-mode: forced + resteasy: + path: /rest + datasource: + # see all supported databases here https://quarkus.io/guides/datasource + db-kind: [[.ProcessMigration.Database.ExternalConfig.Driver]] + jdbc: + url: [[.ProcessMigration.Database.ExternalConfig.JdbcURL]] + #[[if .ProcessMigration.Database.ExternalConfig.MaxPoolSize]] + max-size: [[.ProcessMigration.Database.ExternalConfig.MaxPoolSize]] + #[[end]] + #[[if .ProcessMigration.Database.ExternalConfig.MinPoolSize]] + min-size: [[.ProcessMigration.Database.ExternalConfig.MinPoolSize]] + #[[end]] + username: [[.ProcessMigration.Database.ExternalConfig.Username]] + password: [[.ProcessMigration.Database.ExternalConfig.Password]] + hibernate-orm: + database: + generation: validate + pim: + auth-method: file + kieservers: + #[[range $index, $Map := .ProcessMigration.KieServerClients]] + - host: [[.Host]] + username: [[.Username]] + password: [[.Password]] + #[[end]] + application-users.properties: |- + # set the following spec to autogenerated this file content, if you want to provide your own properties file + # override this file's content. + # spec: + # objects: + # processMigration: + # username: pimAdmin + # password: somePasswordThatWillBeConvertedToMD5 + # to generate password use: echo -n "username:pim-file:password" | openssl md5 + # pim-file is the realm defined on the application.yaml config-map; + [[.ProcessMigration.Username]]=[[.ProcessMigration.Password]] + application-roles.properties: |- + [[.ProcessMigration.Username]]=admin + ## KIE ProcessMigration ConfigMap END +## KIE ProcessMigration END diff --git a/rhpam-config/7.12.1/dbs/pim/mysql.yaml b/rhpam-config/7.12.1/dbs/pim/mysql.yaml new file mode 100644 index 000000000..4c646585c --- /dev/null +++ b/rhpam-config/7.12.1/dbs/pim/mysql.yaml @@ -0,0 +1,119 @@ +## KIE ProcessMigration BEGIN +processMigration: + ## KIE ProcessMigration Deployment config BEGIN + deploymentConfigs: + - metadata: + name: "[[.ApplicationName]]-process-migration" + spec: + template: + spec: + initContainers: + - command: + [ + "/bin/bash", + "-c", + ">- + replicas=$(oc get dc [[.ApplicationName]]-process-migration-mysql -o=jsonpath='{.status.availableReplicas}'); until '[' $replicas -gt 0 ']'; do echo waiting for [[.ApplicationName]]-process-migration-mysql; replicas=$(oc get dc [[.ApplicationName]]-process-migration-mysql -o=jsonpath='{.status.availableReplicas}'); sleep 2; done;", + ] + image: "[[$.Constants.OseCliImageURL]]" + imagePullPolicy: IfNotPresent + name: "[[.ApplicationName]]-process-migration-mysql-init" + terminationMessagePolicy: FallbackToLogsOnError + containers: + - name: "[[.ApplicationName]]-process-migration" + ## KIE ProcessMigration Deployment config END + ## KIE ProcessMigration ConfigMap BEGIN + configMaps: + - metadata: + name: "[[.ApplicationName]]-process-migration" + data: + application.yaml: |- + # Default pim configuration for managed by this operator mysql/mariadb sql servers + quarkus: + class-loading: + removed-artifacts: com.oracle.database.jdbc:ojdbc8,com.ibm.db2:jcc,com.microsoft.sqlserver:mssql-jdbc + package: + type: mutable-jar + user-providers-directory: providers + http: + auth: + basic: true + policy: + main-policy: + roles-allowed: admin + permission: + main: + paths: /* + policy: main-policy + public: + paths: /q/health/* + policy: permit + methods: GET + security: + users: + file: + realm-name: pim-file + enabled: true + plain-text: false + users: /opt/rhpam-process-migration/quarkus-app/config/application-users.properties + roles: /opt/rhpam-process-migration/quarkus-app/config/application-roles.properties + jdbc: + realm-name: pim-jdbc + enabled: true + principal-query: + sql: SELECT u.password, u.role FROM users u WHERE u.username=? + ldap: + realm-name: pim-ldap + enabled: true + dir-context: + url: ldap://override-when-needed + identity-mapping: + search-base-dn: ou=users,o=YourCompany,c=ES + # Flyway to create PIM schema + flyway: + connect-retries: 10 + table: flyway_pim_history + migrate-at-start: true + baseline-on-migrate: true + baseline-version: 1.0 + baseline-description: PimDB + sql-migration-prefix: mariadb + # Quartz configuration + quartz: + store-type: jdbc-cmt + start-mode: forced + resteasy: + path: /rest + datasource: + # if the backend database is mysql, just update the kind the url + db-kind: mariadb + jdbc: + url: jdbc:mariadb://[[.ApplicationName]]-process-migration-mysql:3306/pimdb?useUnicode=true&useSSL=false&serverTimezone=UTC + username: pim + password: [[$.DBPassword]] + hibernate-orm: + database: + generation: validate + pim: + auth-method: file + kieservers: + #[[range $index, $Map := .ProcessMigration.KieServerClients]] + - host: [[.Host]] + username: [[.Username]] + password: [[.Password]] + #[[end]] + application-users.properties: |- + # set the following spec to autogenerated this file content, if you want to provide your own properties file + # override this file's content. + # spec: + # objects: + # processMigration: + # username: pimAdmin + # password: somePasswordThatWillBeConvertedToMD5 + # to generate password use: echo -n "username:pim-file:password" | openssl md5 + # pim-file is the realm defined on the application.yaml config-map; + [[.ProcessMigration.Username]]=[[.ProcessMigration.Password]] + application-roles.properties: |- + [[.ProcessMigration.Username]]=admin + ## KIE ProcessMigration ConfigMap END +## KIE ProcessMigration END diff --git a/rhpam-config/7.12.1/dbs/pim/postgresql.yaml b/rhpam-config/7.12.1/dbs/pim/postgresql.yaml new file mode 100644 index 000000000..c3f390c1e --- /dev/null +++ b/rhpam-config/7.12.1/dbs/pim/postgresql.yaml @@ -0,0 +1,118 @@ +## KIE ProcessMigration BEGIN +processMigration: + ## KIE ProcessMigration Deployment config BEGIN + deploymentConfigs: + - metadata: + name: "[[.ApplicationName]]-process-migration" + spec: + template: + spec: + initContainers: + - command: + [ + "/bin/bash", + "-c", + ">- + replicas=$(oc get dc [[.ApplicationName]]-process-migration-postgresql -o=jsonpath='{.status.availableReplicas}'); until '[' $replicas -gt 0 ']'; do echo waiting for [[.ApplicationName]]-process-migration-postgresql; replicas=$(oc get dc [[.ApplicationName]]-process-migration-postgresql -o=jsonpath='{.status.availableReplicas}'); sleep 2; done;", + ] + image: "[[$.Constants.OseCliImageURL]]" + imagePullPolicy: IfNotPresent + name: "[[.ApplicationName]]-process-migration-postgresql-init" + terminationMessagePolicy: FallbackToLogsOnError + containers: + - name: "[[.ApplicationName]]-process-migration" + ## KIE ProcessMigration Deployment config END + ## KIE ProcessMigration ConfigMap BEGIN + configMaps: + - metadata: + name: "[[.ApplicationName]]-process-migration" + data: + application.yaml: |- + # Default pim configuration + quarkus: + class-loading: + removed-artifacts: com.oracle.database.jdbc:ojdbc8,com.ibm.db2:jcc,com.microsoft.sqlserver:mssql-jdbc + package: + type: mutable-jar + user-providers-directory: providers + http: + auth: + basic: true + policy: + main-policy: + roles-allowed: admin + permission: + main: + paths: /* + policy: main-policy + public: + paths: /q/health/* + policy: permit + methods: GET + security: + users: + file: + realm-name: pim-file + enabled: true + plain-text: false + users: /opt/rhpam-process-migration/quarkus-app/config/application-users.properties + roles: /opt/rhpam-process-migration/quarkus-app/config/application-roles.properties + jdbc: + realm-name: pim-jdbc + enabled: true + principal-query: + sql: SELECT u.password, u.role FROM users u WHERE u.username=? + ldap: + realm-name: pim-ldap + enabled: true + dir-context: + url: ldap://override-when-needed + identity-mapping: + search-base-dn: ou=users,o=YourCompany,c=ES + # Flyway to create PIM schema + flyway: + connect-retries: 10 + table: flyway_pim_history + migrate-at-start: true + baseline-on-migrate: true + baseline-version: 1.0 + baseline-description: PimDB + sql-migration-prefix: postgresql + # Quartz configuration + quartz: + store-type: jdbc-cmt + start-mode: forced + resteasy: + path: /rest + datasource: + db-kind: postgresql + jdbc: + url: jdbc:postgresql://[[.ApplicationName]]-process-migration-postgresql:5432/pimdb + username: pim + password: [[$.DBPassword]] + hibernate-orm: + database: + generation: validate + pim: + auth-method: file + kieservers: + #[[range $index, $Map := .ProcessMigration.KieServerClients]] + - host: [[.Host]] + username: [[.Username]] + password: [[.Password]] + #[[end]] + application-users.properties: |- + # set the following spec to autogenerated this file content, if you want to provide your own properties file + # override this file's content. + # spec: + # objects: + # processMigration: + # username: pimAdmin + # password: somePasswordThatWillBeConvertedToMD5 + # to generate password use: echo -n "username:pim-file:password" | openssl md5 + # pim-file is the realm defined on the application.yaml config-map; + [[.ProcessMigration.Username]]=[[.ProcessMigration.Password]] + application-roles.properties: |- + [[.ProcessMigration.Username]]=admin + ## KIE ProcessMigration ConfigMap END +## KIE ProcessMigration END diff --git a/config/7.12.0/dbs/postgresql.yaml b/rhpam-config/7.12.1/dbs/postgresql.yaml similarity index 100% rename from config/7.12.0/dbs/postgresql.yaml rename to rhpam-config/7.12.1/dbs/postgresql.yaml diff --git a/config/7.12.0/dbs/servers/external.yaml b/rhpam-config/7.12.1/dbs/servers/external.yaml similarity index 100% rename from config/7.12.0/dbs/servers/external.yaml rename to rhpam-config/7.12.1/dbs/servers/external.yaml diff --git a/config/7.12.0/dbs/servers/h2.yaml b/rhpam-config/7.12.1/dbs/servers/h2.yaml similarity index 100% rename from config/7.12.0/dbs/servers/h2.yaml rename to rhpam-config/7.12.1/dbs/servers/h2.yaml diff --git a/config/7.12.0/dbs/servers/mysql.yaml b/rhpam-config/7.12.1/dbs/servers/mysql.yaml similarity index 100% rename from config/7.12.0/dbs/servers/mysql.yaml rename to rhpam-config/7.12.1/dbs/servers/mysql.yaml diff --git a/config/7.12.0/dbs/servers/postgresql.yaml b/rhpam-config/7.12.1/dbs/servers/postgresql.yaml similarity index 100% rename from config/7.12.0/dbs/servers/postgresql.yaml rename to rhpam-config/7.12.1/dbs/servers/postgresql.yaml diff --git a/config/7.11.1/envs/rhdm-authoring-ha.yaml b/rhpam-config/7.12.1/envs/rhdm-authoring-ha.yaml similarity index 90% rename from config/7.11.1/envs/rhdm-authoring-ha.yaml rename to rhpam-config/7.12.1/envs/rhdm-authoring-ha.yaml index 0d1aa33eb..693b280af 100644 --- a/config/7.11.1/envs/rhdm-authoring-ha.yaml +++ b/rhpam-config/7.12.1/envs/rhdm-authoring-ha.yaml @@ -41,6 +41,16 @@ console: value: "jmsBrokerUser" - name: APPFORMER_JMS_BROKER_PASSWORD value: "[[.AMQClusterPassword]]" + - name: APPFORMER_INFINISPAN_USERNAME + value: "[[.Console.DataGridAuth.Username]]" + - name: APPFORMER_INFINISPAN_PASSWORD + value: "[[.Console.DataGridAuth.Password]]" + - name: APPFORMER_INFINISPAN_SASL_QOP + value: "auth" + - name: APPFORMER_INFINISPAN_SERVER_NAME + value: "infinispan" + - name: APPFORMER_INFINISPAN_REALM + value: "default" volumes: - name: "[[.ApplicationName]]-[[.Console.Name]]-pvol" persistentVolumeClaim: @@ -76,6 +86,10 @@ others: spec: containers: - env: + - name: USER + value: "[[.Console.DataGridAuth.Username]]" + - name: PASS + value: "[[.Console.DataGridAuth.Password]]" - name: SERVICE_NAME value: "[[.ApplicationName]]-datagrid" - name: SERVICE_PROFILE @@ -97,23 +111,25 @@ others: name: hotrod protocol: TCP livenessProbe: - exec: - command: - - /opt/datagrid/bin/livenessProbe.sh + httpGet: + path: /rest/v2/cache-managers/default/health/status + port: 11222 + scheme: HTTP failureThreshold: 5 - initialDelaySeconds: 15 - periodSeconds: 20 + initialDelaySeconds: 10 + periodSeconds: 10 successThreshold: 1 - timeoutSeconds: 10 + timeoutSeconds: 40 readinessProbe: - exec: - command: - - /opt/datagrid/bin/readinessProbe.sh + httpGet: + path: /rest/v2/cache-managers/default/health/status + port: 11222 + scheme: HTTP failureThreshold: 5 - initialDelaySeconds: 17 + initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 - timeoutSeconds: 10 + timeoutSeconds: 40 resources: limits: cpu: "1000m" diff --git a/config/7.12.0/envs/rhdm-authoring.yaml b/rhpam-config/7.12.1/envs/rhdm-authoring.yaml similarity index 100% rename from config/7.12.0/envs/rhdm-authoring.yaml rename to rhpam-config/7.12.1/envs/rhdm-authoring.yaml diff --git a/config/7.12.0/envs/rhdm-production-immutable.yaml b/rhpam-config/7.12.1/envs/rhdm-production-immutable.yaml similarity index 100% rename from config/7.12.0/envs/rhdm-production-immutable.yaml rename to rhpam-config/7.12.1/envs/rhdm-production-immutable.yaml diff --git a/config/7.11.1/envs/rhdm-trial.yaml b/rhpam-config/7.12.1/envs/rhdm-trial.yaml similarity index 60% rename from config/7.11.1/envs/rhdm-trial.yaml rename to rhpam-config/7.12.1/envs/rhdm-trial.yaml index 784a7a941..a181bc98b 100644 --- a/config/7.11.1/envs/rhdm-trial.yaml +++ b/rhpam-config/7.12.1/envs/rhdm-trial.yaml @@ -51,29 +51,6 @@ servers: spec: containers: - name: "[[.KieName]]" - env: - - name: FILTERS - value: "AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE" - - name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_NAME - value: "Access-Control-Allow-Origin" - - name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_VALUE - value: "*" - - name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_NAME - value: "Access-Control-Allow-Methods" - - name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_VALUE - value: "GET, POST, OPTIONS, PUT" - - name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_NAME - value: "Access-Control-Allow-Headers" - - name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_VALUE - value: "Accept, Authorization, Content-Type, X-Requested-With" - - name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_NAME - value: "Access-Control-Allow-Credentials" - - name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_VALUE - value: "true" - - name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_NAME - value: "Access-Control-Max-Age" - - name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_VALUE - value: "1" resources: limits: memory: 1Gi @@ -89,7 +66,6 @@ servers: service: "[[.KieName]]" annotations: description: Route for KIE server's http service. - haproxy.router.openshift.io/balance: source haproxy.router.openshift.io/timeout: 60s spec: to: diff --git a/config/7.11.1/envs/rhpam-authoring-ha.yaml b/rhpam-config/7.12.1/envs/rhpam-authoring-ha.yaml similarity index 90% rename from config/7.11.1/envs/rhpam-authoring-ha.yaml rename to rhpam-config/7.12.1/envs/rhpam-authoring-ha.yaml index 0431ef3ed..78a1d7432 100644 --- a/config/7.11.1/envs/rhpam-authoring-ha.yaml +++ b/rhpam-config/7.12.1/envs/rhpam-authoring-ha.yaml @@ -41,6 +41,16 @@ console: value: "jmsBrokerUser" - name: APPFORMER_JMS_BROKER_PASSWORD value: "[[.AMQClusterPassword]]" + - name: APPFORMER_INFINISPAN_USERNAME + value: "[[.Console.DataGridAuth.Username]]" + - name: APPFORMER_INFINISPAN_PASSWORD + value: "[[.Console.DataGridAuth.Password]]" + - name: APPFORMER_INFINISPAN_SASL_QOP + value: "auth" + - name: APPFORMER_INFINISPAN_SERVER_NAME + value: "infinispan" + - name: APPFORMER_INFINISPAN_REALM + value: "default" volumes: - name: "[[.ApplicationName]]-[[.Console.Name]]-pvol" persistentVolumeClaim: @@ -76,6 +86,10 @@ others: spec: containers: - env: + - name: USER + value: "[[.Console.DataGridAuth.Username]]" + - name: PASS + value: "[[.Console.DataGridAuth.Password]]" - name: SERVICE_NAME value: "[[.ApplicationName]]-datagrid" - name: SERVICE_PROFILE @@ -97,23 +111,25 @@ others: name: hotrod protocol: TCP livenessProbe: - exec: - command: - - /opt/datagrid/bin/livenessProbe.sh + httpGet: + path: /rest/v2/cache-managers/default/health/status + port: 11222 + scheme: HTTP failureThreshold: 5 - initialDelaySeconds: 15 - periodSeconds: 20 + initialDelaySeconds: 10 + periodSeconds: 10 successThreshold: 1 - timeoutSeconds: 10 + timeoutSeconds: 40 readinessProbe: - exec: - command: - - /opt/datagrid/bin/readinessProbe.sh + httpGet: + path: /rest/v2/cache-managers/default/health/status + port: 11222 + scheme: HTTP failureThreshold: 5 - initialDelaySeconds: 17 + initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 - timeoutSeconds: 10 + timeoutSeconds: 40 resources: limits: cpu: "1000m" diff --git a/config/7.12.0/envs/rhpam-authoring.yaml b/rhpam-config/7.12.1/envs/rhpam-authoring.yaml similarity index 100% rename from config/7.12.0/envs/rhpam-authoring.yaml rename to rhpam-config/7.12.1/envs/rhpam-authoring.yaml diff --git a/config/7.12.0/envs/rhpam-production-immutable.yaml b/rhpam-config/7.12.1/envs/rhpam-production-immutable.yaml similarity index 100% rename from config/7.12.0/envs/rhpam-production-immutable.yaml rename to rhpam-config/7.12.1/envs/rhpam-production-immutable.yaml diff --git a/config/7.12.0/envs/rhpam-production.yaml b/rhpam-config/7.12.1/envs/rhpam-production.yaml similarity index 100% rename from config/7.12.0/envs/rhpam-production.yaml rename to rhpam-config/7.12.1/envs/rhpam-production.yaml diff --git a/config/7.12.0/envs/rhpam-standalone-dashbuilder.yaml b/rhpam-config/7.12.1/envs/rhpam-standalone-dashbuilder.yaml similarity index 100% rename from config/7.12.0/envs/rhpam-standalone-dashbuilder.yaml rename to rhpam-config/7.12.1/envs/rhpam-standalone-dashbuilder.yaml diff --git a/config/7.11.1/envs/rhpam-trial.yaml b/rhpam-config/7.12.1/envs/rhpam-trial.yaml similarity index 60% rename from config/7.11.1/envs/rhpam-trial.yaml rename to rhpam-config/7.12.1/envs/rhpam-trial.yaml index 17087c702..a181bc98b 100644 --- a/config/7.11.1/envs/rhpam-trial.yaml +++ b/rhpam-config/7.12.1/envs/rhpam-trial.yaml @@ -20,7 +20,6 @@ console: name: "[[.ApplicationName]]-[[.Console.Name]]-claim" annotations: delete: "true" - routes: - id: "[[.ApplicationName]]-[[.Console.Name]]-http" metadata: @@ -52,29 +51,6 @@ servers: spec: containers: - name: "[[.KieName]]" - env: - - name: FILTERS - value: "AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE" - - name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_NAME - value: "Access-Control-Allow-Origin" - - name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_VALUE - value: "*" - - name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_NAME - value: "Access-Control-Allow-Methods" - - name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_VALUE - value: "GET, POST, OPTIONS, PUT" - - name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_NAME - value: "Access-Control-Allow-Headers" - - name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_VALUE - value: "Accept, Authorization, Content-Type, X-Requested-With" - - name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_NAME - value: "Access-Control-Allow-Credentials" - - name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_VALUE - value: "true" - - name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_NAME - value: "Access-Control-Max-Age" - - name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_VALUE - value: "1" resources: limits: memory: 1Gi @@ -90,7 +66,6 @@ servers: service: "[[.KieName]]" annotations: description: Route for KIE server's http service. - haproxy.router.openshift.io/balance: source haproxy.router.openshift.io/timeout: 60s spec: to: diff --git a/config/7.12.0/jms/activemq-jms-config.yaml b/rhpam-config/7.12.1/jms/activemq-jms-config.yaml similarity index 100% rename from config/7.12.0/jms/activemq-jms-config.yaml rename to rhpam-config/7.12.1/jms/activemq-jms-config.yaml diff --git a/rhpam-config/7.12.1/pim/process-migration.yaml b/rhpam-config/7.12.1/pim/process-migration.yaml new file mode 100644 index 000000000..d1e000676 --- /dev/null +++ b/rhpam-config/7.12.1/pim/process-migration.yaml @@ -0,0 +1,271 @@ +## KIE ProcessMigration BEGIN +processMigration: + deploymentConfigs: + - metadata: + name: "[[.ApplicationName]]-process-migration" + labels: + app: "[[$.ApplicationName]]" + application: "[[$.ApplicationName]]" + service: "[[.ApplicationName]]-process-migration" + spec: + replicas: [[.ProcessMigration.Replicas]] + selector: + deploymentConfig: "[[.ApplicationName]]-process-migration" + strategy: + type: Recreate + triggers: + #[[if not .ProcessMigration.OmitImageStream]] + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - "[[.ApplicationName]]-process-migration" + from: + kind: ImageStreamTag + namespace: openshift + name: "[[.ProcessMigration.Image]]:[[.ProcessMigration.ImageTag]]" + #[[end]] + - type: ConfigChange + template: + metadata: + name: "[[.ApplicationName]]-process-migration" + labels: + app: "[[.ApplicationName]]" + application: "[[.ApplicationName]]" + deploymentConfig: "[[.ApplicationName]]-process-migration" + service: "[[.ApplicationName]]-process-migration" + spec: + serviceAccountName: "[[$.ApplicationName]]-[[$.Constants.Product]]svc" + terminationGracePeriodSeconds: 60 + containers: + - name: "[[.ApplicationName]]-process-migration" + image: "[[.ProcessMigration.ImageURL]]" + imagePullPolicy: Always + resources: + limits: + memory: 512Mi + ports: + - name: http + containerPort: 8080 + protocol: TCP + readinessProbe: + failureThreshold: 36 + httpGet: + path: /q/health/ready + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /q/health/live + port: 8080 + scheme: HTTP + initialDelaySeconds: 90 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 2 + env: + #[[if .ProcessMigration.ExtraClassPath]] + - name: JBOSS_KIE_EXTRA_CLASSPATH + value: [[.ProcessMigration.ExtraClassPath]] + #[[end]] + ## Jvm config BEGIN + #[[if .ProcessMigration.Jvm.JavaOptsAppend]] + - name: JAVA_OPTS_APPEND + value: "[[.ProcessMigration.Jvm.JavaOptsAppend]]" + #[[end]] + #[[if .ProcessMigration.Jvm.JavaMaxMemRatio]] + - name: JAVA_MAX_MEM_RATIO + value: "[[.ProcessMigration.Jvm.JavaMaxMemRatio]]" + #[[end]] + #[[if .ProcessMigration.Jvm.JavaInitialMemRatio]] + - name: JAVA_INITIAL_MEM_RATIO + value: "[[.ProcessMigration.Jvm.JavaInitialMemRatio]]" + #[[end]] + #[[if .ProcessMigration.Jvm.JavaMaxInitialMem]] + - name: JAVA_MAX_INITIAL_MEM + value: "[[.ProcessMigration.Jvm.JavaMaxInitialMem]]" + #[[end]] + #[[if .ProcessMigration.Jvm.JavaDiagnostics]] + - name: JAVA_DIAGNOSTICS + value: "[[.ProcessMigration.Jvm.JavaDiagnostics]]" + #[[end]] + #[[if .ProcessMigration.Jvm.JavaDebug]] + - name: JAVA_DEBUG + value: "[[.ProcessMigration.Jvm.JavaDebug]]" + #[[end]] + #[[if .ProcessMigration.Jvm.JavaDebugPort]] + - name: JAVA_DEBUG_PORT + value: "[[.ProcessMigration.Jvm.JavaDebugPort]]" + #[[end]] + #[[if .ProcessMigration.Jvm.GcMinHeapFreeRatio]] + - name: GC_MIN_HEAP_FREE_RATIO + value: "[[.ProcessMigration.Jvm.GcMinHeapFreeRatio]]" + #[[end]] + #[[if .ProcessMigration.Jvm.GcMaxHeapFreeRatio]] + - name: GC_MAX_HEAP_FREE_RATIO + value: "[[.ProcessMigration.Jvm.GcMaxHeapFreeRatio]]" + #[[end]] + #[[if .ProcessMigration.Jvm.GcTimeRatio]] + - name: GC_TIME_RATIO + value: "[[.ProcessMigration.Jvm.GcTimeRatio]]" + #[[end]] + #[[if .ProcessMigration.Jvm.GcAdaptiveSizePolicyWeight]] + - name: GC_ADAPTIVE_SIZE_POLICY_WEIGHT + value: "[[.ProcessMigration.Jvm.GcAdaptiveSizePolicyWeight]]" + #[[end]] + #[[if .ProcessMigration.Jvm.GcMaxMetaspaceSize]] + - name: GC_MAX_METASPACE_SIZE + value: "[[.ProcessMigration.Jvm.GcMaxMetaspaceSize]]" + #[[end]] + #[[if .ProcessMigration.Jvm.GcContainerOptions]] + - name: GC_CONTAINER_OPTIONS + value: "[[.ProcessMigration.Jvm.GcContainerOptions]]" + #[[end]] + ## Jvm config END + volumeMounts: + - mountPath: /opt/rhpam-process-migration/quarkus-app/config/application.yaml + subPath: application.yaml + name: config + - mountPath: /opt/rhpam-process-migration/quarkus-app/config/application-users.properties + subPath: application-users.properties + name: config + - mountPath: /opt/rhpam-process-migration/quarkus-app/config/application-roles.properties + subPath: application-roles.properties + name: config + volumes: + - name: config + configMap: + name: "[[.ApplicationName]]-process-migration" + defaultMode: 420 + configMaps: + - metadata: + name: "[[.ApplicationName]]-process-migration" + data: + application.yaml: |- + # Default pim configuration + quarkus: + class-loading: + removed-artifacts: com.oracle.database.jdbc:ojdbc8,com.ibm.db2:jcc,com.microsoft.sqlserver:mssql-jdbc + package: + type: mutable-jar + user-providers-directory: providers + http: + auth: + basic: true + policy: + main-policy: + roles-allowed: admin + permission: + main: + paths: /* + policy: main-policy + public: + paths: /q/health/* + policy: permit + methods: GET + security: + users: + file: + realm-name: pim-file + enabled: true + plain-text: false + users: /opt/rhpam-process-migration/quarkus-app/config/application-users.properties + roles: /opt/rhpam-process-migration/quarkus-app/config/application-roles.properties + jdbc: + realm-name: pim-jdbc + enabled: true + principal-query: + sql: SELECT u.password, u.role FROM users u WHERE u.username=? + ldap: + realm-name: pim-ldap + enabled: true + dir-context: + url: ldap://override-when-needed + identity-mapping: + search-base-dn: ou=users,o=YourCompany,c=ES + # Flyway to create PIM schema + flyway: + connect-retries: 10 + table: flyway_pim_history + migrate-at-start: true + baseline-on-migrate: true + baseline-version: 1.0 + baseline-description: PimDB + sql-migration-prefix: h2 + # Quartz configuration + quartz: + store-type: jdbc-cmt + start-mode: forced + resteasy: + path: /rest + datasource: + db-kind: h2 + jdbc: + url: jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE + username: sa + password: sa + hibernate-orm: + database: + generation: validate + pim: + auth-method: file + kieservers: + #[[range $index, $Map := .ProcessMigration.KieServerClients]] + - host: [[.Host]] + username: [[.Username]] + password: [[.Password]] + #[[end]] + application-users.properties: |- + # set the following spec to autogenerated this file content, if you want to provide your own properties file + # override this file's content. + # spec: + # objects: + # processMigration: + # username: pimAdmin + # password: somePasswordThatWillBeConvertedToMD5 + # to generate password use: echo -n "username:pim-file:password" | openssl md5 + # pim-file is the realm defined on the application.yaml config-map; + [[.ProcessMigration.Username]]=[[.ProcessMigration.Password]] + application-roles.properties: |- + [[.ProcessMigration.Username]]=admin + services: + - spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + deploymentConfig: "[[.ApplicationName]]-process-migration" + metadata: + name: "[[.ApplicationName]]-process-migration" + labels: + app: "[[$.ApplicationName]]" + application: "[[$.ApplicationName]]" + service: "[[.ApplicationName]]-process-migration" + annotations: + description: Process Migration web server's port. + routes: + - id: "[[.ApplicationName]]-process-migration-http" + metadata: + name: "[[.ApplicationName]]-process-migration" + labels: + app: "[[.ApplicationName]]" + application: "[[.ApplicationName]]" + service: "[[.ApplicationName]]-process-migration" + annotations: + description: "Route for Process Migration [[.RouteProtocol]] service." + spec: + host: "[[.ProcessMigration.RouteHostname]]" + to: + kind: Service + name: "[[.ApplicationName]]-process-migration" + port: + targetPort: http +## KIE ProcessMigration END + diff --git a/version/version.go b/version/version.go index f6c3a7d6e..4c145199d 100644 --- a/version/version.go +++ b/version/version.go @@ -8,9 +8,9 @@ var ( // Version - current version Version = constants.CurrentVersion // CsvVersion - csv release - CsvVersion = Version + "-2" + CsvVersion = Version + "-1" // PriorVersion - prior version PriorVersion = constants.PriorVersion // CsvPriorVersion - prior csv release - CsvPriorVersion = Version + "-1" + CsvPriorVersion = PriorVersion + "-2" )