-
Notifications
You must be signed in to change notification settings - Fork 0
/
image.yaml
157 lines (137 loc) · 5.93 KB
/
image.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
schema_version: 1
## Both name and description are overridden, see overrides/*
name: "rh-sso-7/sso75-openshift-rhel8"
description: "Red Hat Single Sign-On 7.5 for OpenShift container image, based on the Red Hat Universal Base Image 8 Minimal container image"
version: "7.5"
from: "registry.redhat.io/ubi8/ubi-minimal"
labels:
- name: "com.redhat.component"
value: "redhat-sso-7-sso75-openshift-rhel8-container"
- name: "org.jboss.product"
value: &product "sso"
- name: "org.jboss.product.version"
value: &product_version "7.5.2.GA"
- name: "org.jboss.product.sso.version"
value: *product_version
- name: "io.k8s.description"
value: "Platform for running Red Hat SSO"
- name: "io.k8s.display-name"
value: "Red Hat SSO 7.5"
- name: "io.openshift.expose-services"
value: "8080:http"
- name: "io.openshift.tags"
value: "sso,sso75,keycloak"
- name: "io.openshift.s2i.scripts-url"
value: "image:///usr/local/s2i"
envs:
- name: "JBOSS_PRODUCT"
value: *product
- name: "JBOSS_SSO_VERSION"
value: *product_version
- name: "PRODUCT_VERSION"
value: *product_version
- name: "SSO_ADMIN_USERNAME"
example: "admin"
description: "Username of the administrator account for the 'master' realm of the SSO server. Required. If no value is specified, it is auto generated and displayed as an OpenShift Instructional message when the template is instantiated."
- name: "SSO_ADMIN_PASSWORD"
example: "hardtoguess"
description: "Password of the administrator account for the 'master' realm of the SSO server. Required. If no value is specified, it is auto generated and displayed as an OpenShift Instructional message when the template is instantiated."
- name: "SSO_REALM"
example: "demo"
description: "SSO Realm created if this ENV is provided"
- name: "SSO_SERVICE_USERNAME"
example: "username"
description: "SSO Server service username with rights to create Client configurations in SSO_REALM. This user is created if this ENV is provided"
- name: "SSO_SERVICE_PASSWORD"
example: "password"
description: "Password for SSO_SERVICE_USERNAME"
- name: "SSO_TRUSTSTORE"
example: "truststore.jks"
description: "The name of the truststore file within the secret"
- name: "SSO_TRUSTSTORE_DIR"
example: "/etc/sso-secret-volume"
description: "Truststore directory"
- name: "SSO_TRUSTSTORE_PASSWORD"
example: "mykeystorepass"
description: "The password for the truststore and certificate"
- name: "SSO_TRUSTSTORE_SECRET"
example: "truststore-secret"
description: "The name of the secret containing the truststore file. Used for volume secretName"
- name: "SSO_VAULT_DIR"
example: "/etc/sso-vault-secret-volume"
description: "Directory for the secret files."
- name: "SCRIPT_DEBUG"
description: "If set to true, ensurses that the bash scripts are executed with the -x option, printing the commands and their arguments as they are executed."
example: "true"
ports:
- value: 8443
modules:
repositories:
- name: cct_module
git:
url: https://github.com/jboss-openshift/cct_module.git
ref: 0.45.3
- name: jboss-eap-modules
git:
url: https://github.com/jboss-container-images/jboss-eap-modules.git
ref: EAP_743_CR3
- name: jboss-eap-image
git:
url: https://github.com/jboss-container-images/jboss-eap-7-image.git
ref: EAP_743_CR3
- name: wildfly-cekit-modules
git:
url: https://github.com/wildfly/wildfly-cekit-modules.git
ref: 0.23.4
- name: sso-modules
path: modules
install:
# First define RH-SSO global variables & functions required by subsequent modules
#
# IMPORTANT: Include this module in each of the subsequent modules using some variable
# or function definition from it
- name: sso.rcfile
version: '1.0'
# Setup nss_wrapper
- name: sso.security.cve-2020-10695
version: '1.0'
# Install JDK runtime
- name: sso-jdk
version: &jdk_version '11'
# Perform all actions required by Wildfly / JBoss EAP Galleon Maven build
# See 'used-eap-modules-list.txt' for overview of used JBoss EAP modules,
# and the order they need to be called in
- name: eap
version: '1.0'
# RH-SSO product specific modules from modules/ path in this repository
- name: keycloak.openshift.clients
version: '1.0'
- name: sso.config.launch.setup.75
- name: sso.db.drivers
version: '1.0'
# Other common modules from the main CE cct_module repository
- name: openshift-layer
- name: keycloak-layer
# Apply any possibly needed EAP / RH-SSO patches
# Note: In order to properly manage also RH-SSO patches, this module
# can only be called once the 'keycloak' layer was added
- name: sso.apply.patches
version: '1.0'
# The extensions module can be called only after all updates to standalone-openshift.xml have been done.
# See eg. https://access.redhat.com/solutions/3402171 for details how to use
- name: sso-cli-extensions
# Various SSO image pre-launch actions to prevent regressions
- name: sso-pre-launch-actions
# Various SSO image pre-launch checks to prevent regressions
- name: sso-pre-launch-checks
packages:
manager: microdnf
content_sets_file: content_sets.yaml
install:
- which
- unzip
run:
cmd:
- "/opt/eap/bin/openshift-launch.sh"
user: 185
workdir: "/home/jboss"