|
apiVersion: app.kiegroup.org/v2 |
|
kind: KieApp |
|
metadata: |
|
name: pam |
|
spec: |
|
# Use this snippet to deploy a prior product version |
|
# version: 7.11.1 |
|
# Use this snippet to setup the openshift CA bundle as a truststore |
|
# truststore: |
|
# openshiftCaBundle: true |
|
# auth: |
|
# sso: |
|
# adminPassword: pwd |
|
# adminUser: admin #NOTE: remember to add Client Roles: realm-management -> realm-admin role to the admin user on RH-SSO |
|
# disableSSLCertValidation: true |
|
# realm: demo |
|
# url: https://keycloak-example.redhat.com/auth |
|
commonConfig: |
|
adminPassword: 'yours passwd here' |
|
adminUser: pamAdmin |
|
#Use this snippet to disable SSL routes |
|
disableSsl: true |
|
environment: rhpam-authoring |
|
objects: |
|
console: |
|
# integrate with RH-SSH |
|
# ssoClient: |
|
# name: kie-server |
|
# secret: someOtherPwd |
|
#env: |
|
# - name: KIE_SERVER_CONTROLLER_OPENSHIFT_ENABLED |
|
# value: "false" |
|
jvm: |
|
javaOptsAppend: >- |
|
-Dorg.uberfire.metadata.index.dir=/opt/kie/data |
|
# gitHooks: |
|
# from: |
|
# kind: PersistentVolumeClaim |
|
# name: githook-pvc |
|
env: |
|
name: LOGGER_CATEGORIES |
|
value: org.guvnor.m2repo:DEBUG,org.appformer.maven:DEBUG,org.eclipse.aether:TRACE,org.kie:DEBUG |
|
resources: |
|
requests: |
|
memory: 4Gi |
|
servers: |
|
- database: |
|
size: 10Gi |
|
type: postgresql |
|
jvm: |
|
javaOptsAppend: >- |
|
-Dorg.jbpm.document.storage=/data/document-storage |
|
env: |
|
#- name: KIE_SERVER_ROUTE_NAME |
|
# value: http-runtime-server |
|
#- name: KIE_SERVER_STARTUP_STRATEGY |
|
# value: "ControllerBasedStartupStrategy" |
|
- name: DROOLS_SERVER_FILTER_CLASSES |
|
value: 'false' |
|
- name: FILTERS |
|
value: >- |
|
AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE |
|
- name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_NAME |
|
value: Access-Control-Allow-Origin |
|
- name: AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_VALUE |
|
value: '*' |
|
- name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_NAME |
|
value: Access-Control-Allow-Methods |
|
- name: AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_VALUE |
|
value: 'GET, POST, OPTIONS, PUT' |
|
- name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_NAME |
|
value: Access-Control-Allow-Headers |
|
- name: AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_VALUE |
|
value: >- |
|
Accept, Authorization, Content-Type, X-Requested-With, |
|
x-kie-contenttype |
|
- name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_NAME |
|
value: Access-Control-Allow-Credentials |
|
- name: AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_VALUE |
|
value: 'true' |
|
- name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_NAME |
|
value: Access-Control-Max-Age |
|
- name: AC_MAX_AGE_FILTER_RESPONSE_HEADER_VALUE |
|
value: '3' |
|
id: remote-ks |
|
name: remote-ks |
|
# in case you wanna refer to a custom image for the kie-server |
|
# image: custom-kieserver-image |
|
# imageTag: latest |
|
# integrate with RH-SSH |
|
# ssoClient: |
|
# name: kie-server |
|
# secret: someOtherPwd |
|
# to use an external database with a custom image |
|
# database: |
|
# externalConfig: |
|
# dialect: org.hibernate.dialect.PostgreSQLDialect |
|
# driver: postgresql |
|
# extensionImage: true |
|
# host: postgresql.rhpam-ext-ds.svc.cluster.local |
|
# name: pamdb |
|
# password: '' |
|
# port: '5432' |
|
# username: '' |
|
# type: external |
|
# build: |
|
# extensionImageStreamTag: 'jboss-kie-postgresql-extension-openshift-image:5.0.0' |
|
# extensionImageStreamTagNamespace: exter-ns-custom |
|
# extensionImageInstallDir: /extensions |
|
# Use this snippet to configure persistence for kie and maven repositories |
|
# persistRepos: true |
|
# serversM2PvSize: "10Gi" |
|
# serversKiePvSize: "150Mi" |
|
replicas: 2 |
|
resources: |
|
requests: |
|
memory: 2Gi |
|
upgrades: {} |
I need to add external REST service SSL cert to KieApp because we're getting SSL handshake errors. Is there a property for this or do I have to mount a SSL secret to the Deployment? If the latter, is that defined in the kieconfig-n.n.n ConfigMap?