diff options
Diffstat (limited to 'roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json')
| -rw-r--r-- | roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json | 193 |
1 files changed, 143 insertions, 50 deletions
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json index 6c644553e..09023be71 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json @@ -6,13 +6,13 @@ "iconClass" : "icon-jboss", "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", - "version": "1.3.0" + "version": "1.3.2" }, "name": "eap64-sso-s2i" }, "labels": { "template": "eap64-sso-s2i", - "xpaas": "1.3.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -22,27 +22,27 @@ "required": true }, { - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTP", "value": "", - "required": false + "required": true }, { - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTPS", "value": "", - "required": false + "required": true }, { "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/keycloak/keycloak-examples", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", "required": true }, { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "0.4-openshift", + "value": "7.0.x-ose", "required": false }, { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -76,15 +82,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -127,15 +139,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -146,31 +158,43 @@ "required": true }, { - "description": "SSO Location", - "name": "SSO_URI", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", "value": "https://secure-sso:8443/auth", "required": false }, { - "description": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", "name": "SSO_REALM", - "value": "demo", - "required": false + "value": "", + "required": true }, { - "description": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", "name": "SSO_USERNAME", "value": "", "required": false }, { - "description": "SSO Password", + "description": "The password for the SSO service user.", "name": "SSO_PASSWORD", "value": "", "required": false }, { - "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.", "name": "SSO_PUBLIC_KEY", "value": "", "required": false @@ -182,21 +206,9 @@ "required": false }, { - "description": "Routes", - "name": "APPLICATION_ROUTES", - "value": "", - "required": false - }, - { - "description": "Artifacts", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", "name": "ARTIFACT_DIR", - "value": "app-jee/target,service-jaxrs/target,app-profile-jee/target,app-profile-jee-saml/target", - "required": false - }, - { - "description": "maven", - "name": "MAVEN_ARGS_APPEND", - "value": "", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", "required": false }, { @@ -208,7 +220,7 @@ { "description": "The name of the keystore file within the secret", "name": "SSO_SAML_KEYSTORE", - "value": "/etc/sso-saml-secret-volume/keystore.jks", + "value": "keystore.jks", "required": false }, { @@ -235,6 +247,36 @@ "name": "SSO_ENABLE_CORS", "value": "false", "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap-app-secret", + "required": false } ], "objects": [ @@ -364,7 +406,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.3" + "name": "jboss-eap64-openshift:1.4" }, "env": [ { @@ -373,7 +415,7 @@ }, { "name": "MAVEN_ARGS_APPEND", - "value": "${MAVEN_ARGS_APPEND}" + "value": "" } ] } @@ -429,8 +471,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -451,7 +493,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -473,6 +515,11 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], "livenessProbe": { @@ -529,6 +576,14 @@ } }, { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, @@ -537,6 +592,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -581,8 +640,16 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "SSO_URI", - "value": "${SSO_URI}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" }, { "name": "SSO_REALM", @@ -605,10 +672,6 @@ "value": "${SSO_BEARER_ONLY}" }, { - "name": "APPLICATION_ROUTES", - "value": "${APPLICATION_ROUTES}" - }, - { "name": "SSO_SAML_KEYSTORE_SECRET", "value": "${SSO_SAML_KEYSTORE_SECRET}" }, @@ -617,6 +680,10 @@ "value": "${SSO_SAML_KEYSTORE}" }, { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { "name": "SSO_SAML_CERTIFICATE_NAME", "value": "${SSO_SAML_CERTIFICATE_NAME}" }, @@ -631,6 +698,26 @@ { "name": "SSO_ENABLE_CORS", "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -653,6 +740,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } |