From d8c8a84a352092703344560a0061177d75a250d5 Mon Sep 17 00:00:00 2001 From: Spolti Date: Wed, 17 May 2023 16:40:19 -0300 Subject: [PATCH 01/10] [KIECLOUD-721] - Prepare RHPAM Operators for CVE respin Signed-off-by: Spolti --- ...mation-operator.clusterserviceversion.yaml | 423 ++ .../dev/7.13.3-2/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../dev/7.13.3-2/metadata/annotations.yaml | 10 + ...mation-operator.clusterserviceversion.yaml | 423 ++ .../prod/7.13.3-2/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../prod/7.13.3-2/metadata/annotations.yaml | 10 + ...mation-operator.clusterserviceversion.yaml | 423 ++ .../test/7.13.3-2/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../test/7.13.3-2/metadata/annotations.yaml | 10 + version/version.go | 6 +- 10 files changed, 19680 insertions(+), 3 deletions(-) create mode 100644 deploy/olm-catalog/dev/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/dev/7.13.3-2/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/dev/7.13.3-2/metadata/annotations.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-2/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-2/metadata/annotations.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-2/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-2/metadata/annotations.yaml diff --git a/deploy/olm-catalog/dev/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/dev/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..14cdfd028 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "false" + containerImage: quay.io/kiegroup/kie-cloud-operator:7.13.3 + createdAt: "2023-05-17 16:34:30" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-2-dev-84bpgb8n2n + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation (DEV) + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: quay.io/kiegroup/kie-cloud-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-2-dev-84bpgb8n2n + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: dev + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-1 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-2-dev-84bpgb8n2n + version: 7.13.3-2+84bpgb8n2n diff --git a/deploy/olm-catalog/dev/7.13.3-2/manifests/kieapp.crd.yaml b/deploy/olm-catalog/dev/7.13.3-2/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-2/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/dev/7.13.3-2/metadata/annotations.yaml b/deploy/olm-catalog/dev/7.13.3-2/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-2/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/prod/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/prod/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..567ba970b --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.3 + createdAt: "2023-05-17 16:34:30" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-2 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-2 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: stable + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-1 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-2 + version: 7.13.3-2 diff --git a/deploy/olm-catalog/prod/7.13.3-2/manifests/kieapp.crd.yaml b/deploy/olm-catalog/prod/7.13.3-2/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-2/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/prod/7.13.3-2/metadata/annotations.yaml b/deploy/olm-catalog/prod/7.13.3-2/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-2/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/test/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/test/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..193769a40 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-2/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.3 + createdAt: "2023-05-17 16:34:30" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-2-dev-dpg8svbgf7 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-2-dev-dpg8svbgf7 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: test + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-1 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-2-dev-dpg8svbgf7 + version: 7.13.3-2+dpg8svbgf7 diff --git a/deploy/olm-catalog/test/7.13.3-2/manifests/kieapp.crd.yaml b/deploy/olm-catalog/test/7.13.3-2/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-2/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/test/7.13.3-2/metadata/annotations.yaml b/deploy/olm-catalog/test/7.13.3-2/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-2/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/version/version.go b/version/version.go index f8ea5259a..efff21144 100644 --- a/version/version.go +++ b/version/version.go @@ -8,9 +8,9 @@ var ( // Version - current version Version = constants.CurrentVersion // CsvVersion - csv release - CsvVersion = Version + "-1" + CsvVersion = Version + "-2" // PriorVersion - prior version - PriorVersion = constants.PriorVersion + PriorVersion = constants.CurrentVersion // CsvPriorVersion - prior csv release - CsvPriorVersion = PriorVersion + "-3" + CsvPriorVersion = PriorVersion + "-1" ) From 3088fe8baf5d19e11be9ebeb103283559290d1e2 Mon Sep 17 00:00:00 2001 From: Spolti Date: Wed, 14 Jun 2023 00:13:18 -0300 Subject: [PATCH 02/10] [KIECLOUD-723] - Update RHPAM and BAMOE bundle due CVE respin Signed-off-by: Spolti --- ...mation-operator.clusterserviceversion.yaml | 423 ++ .../dev/7.13.3-3/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../dev/7.13.3-3/metadata/annotations.yaml | 10 + ...mation-operator.clusterserviceversion.yaml | 423 ++ .../prod/7.13.3-3/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../prod/7.13.3-3/metadata/annotations.yaml | 10 + ...mation-operator.clusterserviceversion.yaml | 423 ++ .../test/7.13.3-3/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../test/7.13.3-3/metadata/annotations.yaml | 10 + version/version.go | 4 +- 10 files changed, 19679 insertions(+), 2 deletions(-) create mode 100644 deploy/olm-catalog/dev/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/dev/7.13.3-3/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/dev/7.13.3-3/metadata/annotations.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-3/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-3/metadata/annotations.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-3/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-3/metadata/annotations.yaml diff --git a/deploy/olm-catalog/dev/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/dev/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..e4af5687b --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "false" + containerImage: quay.io/kiegroup/kie-cloud-operator:7.13.3 + createdAt: "2023-06-14 00:11:19" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-3-dev-ccqtzkh5h4 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation (DEV) + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: quay.io/kiegroup/kie-cloud-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-3-dev-ccqtzkh5h4 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: dev + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-2 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-3-dev-ccqtzkh5h4 + version: 7.13.3-3+ccqtzkh5h4 diff --git a/deploy/olm-catalog/dev/7.13.3-3/manifests/kieapp.crd.yaml b/deploy/olm-catalog/dev/7.13.3-3/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-3/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/dev/7.13.3-3/metadata/annotations.yaml b/deploy/olm-catalog/dev/7.13.3-3/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-3/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/prod/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/prod/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..0001b7b00 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.3 + createdAt: "2023-06-14 00:11:19" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-3 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-3 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: stable + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-2 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-3 + version: 7.13.3-3 diff --git a/deploy/olm-catalog/prod/7.13.3-3/manifests/kieapp.crd.yaml b/deploy/olm-catalog/prod/7.13.3-3/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-3/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/prod/7.13.3-3/metadata/annotations.yaml b/deploy/olm-catalog/prod/7.13.3-3/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-3/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/test/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/test/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..3655b3a81 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-3/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.3 + createdAt: "2023-06-14 00:11:19" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-3-dev-hg44s2bwq8 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-3-dev-hg44s2bwq8 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: test + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-2 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-3-dev-hg44s2bwq8 + version: 7.13.3-3+hg44s2bwq8 diff --git a/deploy/olm-catalog/test/7.13.3-3/manifests/kieapp.crd.yaml b/deploy/olm-catalog/test/7.13.3-3/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-3/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/test/7.13.3-3/metadata/annotations.yaml b/deploy/olm-catalog/test/7.13.3-3/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-3/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/version/version.go b/version/version.go index efff21144..755e07ce6 100644 --- a/version/version.go +++ b/version/version.go @@ -8,9 +8,9 @@ var ( // Version - current version Version = constants.CurrentVersion // CsvVersion - csv release - CsvVersion = Version + "-2" + CsvVersion = Version + "-3" // PriorVersion - prior version PriorVersion = constants.CurrentVersion // CsvPriorVersion - prior csv release - CsvPriorVersion = PriorVersion + "-1" + CsvPriorVersion = PriorVersion + "-2" ) From 5209983e00db16bcdb4d3cc903b7acb3bdf164e7 Mon Sep 17 00:00:00 2001 From: Spolti Date: Wed, 28 Jun 2023 11:06:55 -0300 Subject: [PATCH 03/10] [KIECLOUD-725] - Update RHPAM and BAMOE bundle for CVE respin Signed-off-by: Spolti --- ...mation-operator.clusterserviceversion.yaml | 423 ++ .../dev/7.13.3-4/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../dev/7.13.3-4/metadata/annotations.yaml | 10 + ...mation-operator.clusterserviceversion.yaml | 423 ++ .../prod/7.13.3-4/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../prod/7.13.3-4/metadata/annotations.yaml | 10 + ...mation-operator.clusterserviceversion.yaml | 423 ++ .../test/7.13.3-4/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../test/7.13.3-4/metadata/annotations.yaml | 10 + version/version.go | 4 +- 10 files changed, 19679 insertions(+), 2 deletions(-) create mode 100644 deploy/olm-catalog/dev/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/dev/7.13.3-4/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/dev/7.13.3-4/metadata/annotations.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-4/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-4/metadata/annotations.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-4/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-4/metadata/annotations.yaml diff --git a/deploy/olm-catalog/dev/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/dev/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..f5f26a7c2 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "false" + containerImage: quay.io/kiegroup/kie-cloud-operator:7.13.3 + createdAt: "2023-06-28 11:05:04" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-4-dev-6kj6h45bmz + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation (DEV) + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: quay.io/kiegroup/kie-cloud-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-4-dev-6kj6h45bmz + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: dev + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-3 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-4-dev-6kj6h45bmz + version: 7.13.3-4+6kj6h45bmz diff --git a/deploy/olm-catalog/dev/7.13.3-4/manifests/kieapp.crd.yaml b/deploy/olm-catalog/dev/7.13.3-4/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-4/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/dev/7.13.3-4/metadata/annotations.yaml b/deploy/olm-catalog/dev/7.13.3-4/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-4/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/prod/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/prod/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..ba4f9c8d9 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.3 + createdAt: "2023-06-28 11:05:04" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-4 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-4 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: stable + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-3 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-4 + version: 7.13.3-4 diff --git a/deploy/olm-catalog/prod/7.13.3-4/manifests/kieapp.crd.yaml b/deploy/olm-catalog/prod/7.13.3-4/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-4/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/prod/7.13.3-4/metadata/annotations.yaml b/deploy/olm-catalog/prod/7.13.3-4/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-4/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/test/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/test/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..76600756d --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-4/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.3 + createdAt: "2023-06-28 11:05:04" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-4-dev-ggbfzh6xc5 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-4-dev-ggbfzh6xc5 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: test + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-3 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-4-dev-ggbfzh6xc5 + version: 7.13.3-4+ggbfzh6xc5 diff --git a/deploy/olm-catalog/test/7.13.3-4/manifests/kieapp.crd.yaml b/deploy/olm-catalog/test/7.13.3-4/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-4/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/test/7.13.3-4/metadata/annotations.yaml b/deploy/olm-catalog/test/7.13.3-4/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-4/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/version/version.go b/version/version.go index 755e07ce6..f7cc3b631 100644 --- a/version/version.go +++ b/version/version.go @@ -8,9 +8,9 @@ var ( // Version - current version Version = constants.CurrentVersion // CsvVersion - csv release - CsvVersion = Version + "-3" + CsvVersion = Version + "-4" // PriorVersion - prior version PriorVersion = constants.CurrentVersion // CsvPriorVersion - prior csv release - CsvPriorVersion = PriorVersion + "-2" + CsvPriorVersion = PriorVersion + "-3" ) From 4551d2b7c1066f15abb8a3961d6d593ef71a9da5 Mon Sep 17 00:00:00 2001 From: Spolti Date: Mon, 31 Jul 2023 16:10:01 -0300 Subject: [PATCH 04/10] [RHPAM-4704] - NoSuchMethodException: Method setURL not found Signed-off-by: Spolti --- pkg/controller/kieapp/defaults/defaults.go | 7 +- .../kieapp/defaults/defaults_test.go | 131 ++++++++++++++++++ rhpam-config/7.13.3/dbs/servers/external.yaml | 5 + 3 files changed, 141 insertions(+), 2 deletions(-) diff --git a/pkg/controller/kieapp/defaults/defaults.go b/pkg/controller/kieapp/defaults/defaults.go index ee3a4f99e..b49bc4977 100644 --- a/pkg/controller/kieapp/defaults/defaults.go +++ b/pkg/controller/kieapp/defaults/defaults.go @@ -1347,8 +1347,11 @@ func loadYaml(service kubernetes.PlatformService, filename, productVersion, name func parseTemplate(env api.EnvTemplate, objYaml string) ([]byte, error) { var b bytes.Buffer - - tmpl, err := template.New(env.ApplicationName).Delims("[[", "]]").Parse(objYaml) + // add custom functions to the templates' if conditions + funcs := map[string]interface{}{ + "contains": strings.Contains, + } + tmpl, err := template.New(env.ApplicationName).Delims("[[", "]]").Funcs(funcs).Parse(objYaml) if err != nil { log.Error("Error creating new Go template.") return []byte{}, err diff --git a/pkg/controller/kieapp/defaults/defaults_test.go b/pkg/controller/kieapp/defaults/defaults_test.go index f247b2716..1193e021b 100644 --- a/pkg/controller/kieapp/defaults/defaults_test.go +++ b/pkg/controller/kieapp/defaults/defaults_test.go @@ -3641,6 +3641,137 @@ func TestDatabaseExternal(t *testing.T) { } } +func TestDatabaseExternalMariaDBXAUrl(t *testing.T) { + deployments := 1 + cr := &api.KieApp{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + }, + Spec: api.KieAppSpec{ + Environment: api.RhpamProductionImmutable, + Objects: api.KieAppObjects{ + Servers: []api.KieServerSet{ + { + Deployments: Pint(deployments), + Database: &api.DatabaseObject{ + InternalDatabaseObject: api.InternalDatabaseObject{ + Type: api.DatabaseExternal, + }, + ExternalConfig: &api.ExternalDatabaseObject{ + CommonExtDBObjectURL: api.CommonExtDBObjectURL{ + JdbcURL: "jdbc:mariadb://host.abc.com:3306/bpms", + CommonExternalDatabaseObject: api.CommonExternalDatabaseObject{ + Driver: "mariadb", + ConnectionChecker: "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker", + ExceptionSorter: "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter", + BackgroundValidation: "false", + Username: "user", + Password: "password", + }, + }, + Dialect: "org.hibernate.dialect.MariaDB10Dialect", + }, + }, + }, + }, + }, + }, + } + env, err := GetEnvironment(cr, test.MockService()) + env = ConsolidateObjects(env, cr) + + assert.Nil(t, err, "Error getting prod environment") + assert.Nil(t, env.Console.DeploymentConfigs) + + assert.Equal(t, "RHPAM", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "DATASOURCES")) + assert.Equal(t, "true", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_JTA")) + assert.Equal(t, "10000", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL")) + assert.Equal(t, "mariadb", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_DRIVER")) + assert.Equal(t, "user", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_USERNAME")) + assert.Equal(t, "password", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_PASSWORD")) + assert.Equal(t, "jdbc:mariadb://host.abc.com:3306/bpms", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_URL")) + assert.Equal(t, "jdbc:mariadb://host.abc.com:3306/bpms", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_XA_CONNECTION_PROPERTY_Url")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_XA_CONNECTION_PROPERTY_URL")) + assert.Equal(t, "false", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_BACKGROUND_VALIDATION")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_VALIDATION_MILLIS")) + assert.Equal(t, "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_CONNECTION_CHECKER")) + assert.Equal(t, "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_EXCEPTION_SORTER")) + assert.Equal(t, "java:/jboss/datasources/rhpam", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_JNDI")) + assert.Equal(t, "org.hibernate.dialect.MariaDB10Dialect", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "KIE_SERVER_PERSISTENCE_DIALECT")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_DATABASE")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_SERVICE_HOST")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_SERVICE_PORT")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_NONXA")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_MIN_POOL_SIZE")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_MAX_POOL_SIZE")) +} + +func TestDatabaseExternalPostgreSQLXAUrl(t *testing.T) { + deployments := 1 + cr := &api.KieApp{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + }, + Spec: api.KieAppSpec{ + Environment: api.RhpamProductionImmutable, + Objects: api.KieAppObjects{ + Servers: []api.KieServerSet{ + { + Deployments: Pint(deployments), + Database: &api.DatabaseObject{ + InternalDatabaseObject: api.InternalDatabaseObject{ + Type: api.DatabaseExternal, + }, + ExternalConfig: &api.ExternalDatabaseObject{ + CommonExtDBObjectURL: api.CommonExtDBObjectURL{ + JdbcURL: "jdbc:postgresql://host.abc.com:3306/bpms", + CommonExternalDatabaseObject: api.CommonExternalDatabaseObject{ + Driver: "postgresql", + ConnectionChecker: "org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker", + ExceptionSorter: "org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter", + BackgroundValidation: "false", + Username: "user", + Password: "password", + }, + }, + Dialect: "org.hibernate.dialect.PostgreSQL91Dialect", + }, + }, + }, + }, + }, + }, + } + env, err := GetEnvironment(cr, test.MockService()) + env = ConsolidateObjects(env, cr) + + assert.Nil(t, err, "Error getting prod environment") + assert.Nil(t, env.Console.DeploymentConfigs) + + assert.Equal(t, "RHPAM", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "DATASOURCES")) + assert.Equal(t, "true", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_JTA")) + assert.Equal(t, "10000", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL")) + assert.Equal(t, "postgresql", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_DRIVER")) + assert.Equal(t, "user", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_USERNAME")) + assert.Equal(t, "password", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_PASSWORD")) + assert.Equal(t, "jdbc:postgresql://host.abc.com:3306/bpms", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_URL")) + assert.Equal(t, "jdbc:postgresql://host.abc.com:3306/bpms", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_XA_CONNECTION_PROPERTY_Url")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_XA_CONNECTION_PROPERTY_URL")) + assert.Equal(t, "false", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_BACKGROUND_VALIDATION")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_VALIDATION_MILLIS")) + assert.Equal(t, "org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_CONNECTION_CHECKER")) + assert.Equal(t, "org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_EXCEPTION_SORTER")) + assert.Equal(t, "java:/jboss/datasources/rhpam", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_JNDI")) + assert.Equal(t, "org.hibernate.dialect.PostgreSQL91Dialect", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "KIE_SERVER_PERSISTENCE_DIALECT")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_DATABASE")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_SERVICE_HOST")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_SERVICE_PORT")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_NONXA")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_MIN_POOL_SIZE")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_MAX_POOL_SIZE")) + +} + func TestDatabaseH2(t *testing.T) { deployments := 2 cr := &api.KieApp{ diff --git a/rhpam-config/7.13.3/dbs/servers/external.yaml b/rhpam-config/7.13.3/dbs/servers/external.yaml index 644459164..9c4361619 100644 --- a/rhpam-config/7.13.3/dbs/servers/external.yaml +++ b/rhpam-config/7.13.3/dbs/servers/external.yaml @@ -37,8 +37,13 @@ servers: value: "[[.Database.ExternalConfig.NonXA]]" - name: RHPAM_URL value: "[[.Database.ExternalConfig.JdbcURL]]" + #[[if or (contains .Database.ExternalConfig.Driver "postgresql") (contains .Database.ExternalConfig.Driver "mariadb") ]] + - name: RHPAM_XA_CONNECTION_PROPERTY_Url + value: "[[.Database.ExternalConfig.JdbcURL]]" + #[[ else ]] - name: RHPAM_XA_CONNECTION_PROPERTY_URL value: "[[.Database.ExternalConfig.JdbcURL]]" + #[[ end ]] - name: RHPAM_MIN_POOL_SIZE value: "[[.Database.ExternalConfig.MinPoolSize]]" - name: RHPAM_MAX_POOL_SIZE From 658349059aa689384f2bd922bf5abc685206e93d Mon Sep 17 00:00:00 2001 From: Spolti Date: Fri, 4 Aug 2023 13:49:59 -0300 Subject: [PATCH 05/10] [RHPAM-4713] - Do not set URL envs if jdbcUrl property is not set Signed-off-by: Spolti --- .../kieapp/defaults/defaults_test.go | 52 +++++++++++++++++++ rhpam-config/7.13.3/dbs/servers/external.yaml | 2 + 2 files changed, 54 insertions(+) diff --git a/pkg/controller/kieapp/defaults/defaults_test.go b/pkg/controller/kieapp/defaults/defaults_test.go index 1193e021b..69ec963bb 100644 --- a/pkg/controller/kieapp/defaults/defaults_test.go +++ b/pkg/controller/kieapp/defaults/defaults_test.go @@ -3772,6 +3772,58 @@ func TestDatabaseExternalPostgreSQLXAUrl(t *testing.T) { } +func TestDatabaseExternalWithNoURL(t *testing.T) { + deployments := 1 + cr := &api.KieApp{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + }, + Spec: api.KieAppSpec{ + Environment: api.RhpamProductionImmutable, + Objects: api.KieAppObjects{ + Servers: []api.KieServerSet{ + { + Deployments: Pint(deployments), + Database: &api.DatabaseObject{ + InternalDatabaseObject: api.InternalDatabaseObject{ + Type: api.DatabaseExternal, + }, + ExternalConfig: &api.ExternalDatabaseObject{ + Port: "1000", + Host: "hosta-com", + Name: "rhpam", + CommonExtDBObjectURL: api.CommonExtDBObjectURL{ + CommonExternalDatabaseObject: api.CommonExternalDatabaseObject{ + Driver: "mariadb", + ConnectionChecker: "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker", + ExceptionSorter: "org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter", + BackgroundValidation: "false", + Username: "user", + Password: "password", + }, + }, + Dialect: "org.hibernate.dialect.MariaDB10Dialect", + }, + }, + }, + }, + }, + }, + } + env, err := GetEnvironment(cr, test.MockService()) + env = ConsolidateObjects(env, cr) + + assert.Nil(t, err, "Error getting prod environment") + assert.Nil(t, env.Console.DeploymentConfigs) + + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_URL")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_XA_CONNECTION_PROPERTY_Url")) + assert.Equal(t, "", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_XA_CONNECTION_PROPERTY_URL")) + assert.Equal(t, "rhpam", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_DATABASE")) + assert.Equal(t, "hosta-com", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_SERVICE_HOST")) + assert.Equal(t, "1000", getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_SERVICE_PORT")) +} + func TestDatabaseH2(t *testing.T) { deployments := 2 cr := &api.KieApp{ diff --git a/rhpam-config/7.13.3/dbs/servers/external.yaml b/rhpam-config/7.13.3/dbs/servers/external.yaml index 9c4361619..a8b987664 100644 --- a/rhpam-config/7.13.3/dbs/servers/external.yaml +++ b/rhpam-config/7.13.3/dbs/servers/external.yaml @@ -35,6 +35,7 @@ servers: value: "[[.Database.ExternalConfig.Password]]" - name: RHPAM_NONXA value: "[[.Database.ExternalConfig.NonXA]]" + #[[if .Database.ExternalConfig.JdbcURL]] - name: RHPAM_URL value: "[[.Database.ExternalConfig.JdbcURL]]" #[[if or (contains .Database.ExternalConfig.Driver "postgresql") (contains .Database.ExternalConfig.Driver "mariadb") ]] @@ -44,6 +45,7 @@ servers: - name: RHPAM_XA_CONNECTION_PROPERTY_URL value: "[[.Database.ExternalConfig.JdbcURL]]" #[[ end ]] + #[[ end ]] - name: RHPAM_MIN_POOL_SIZE value: "[[.Database.ExternalConfig.MinPoolSize]]" - name: RHPAM_MAX_POOL_SIZE From 9d37718549f4d8848e5e6cdd88349f807a80328a Mon Sep 17 00:00:00 2001 From: Davide Salerno Date: Thu, 10 Aug 2023 11:27:21 +0200 Subject: [PATCH 06/10] Update RHPAM and BAMOE bundle for CVE respin Signed-off-by: Davide Salerno --- ...mation-operator.clusterserviceversion.yaml | 423 ++ .../dev/7.13.3-5/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../dev/7.13.3-5/metadata/annotations.yaml | 10 + ...mation-operator.clusterserviceversion.yaml | 423 ++ .../prod/7.13.3-5/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../prod/7.13.3-5/metadata/annotations.yaml | 10 + ...mation-operator.clusterserviceversion.yaml | 423 ++ .../test/7.13.3-5/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../test/7.13.3-5/metadata/annotations.yaml | 10 + version/version.go | 4 +- 10 files changed, 19679 insertions(+), 2 deletions(-) create mode 100644 deploy/olm-catalog/dev/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/dev/7.13.3-5/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/dev/7.13.3-5/metadata/annotations.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-5/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/prod/7.13.3-5/metadata/annotations.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-5/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/test/7.13.3-5/metadata/annotations.yaml diff --git a/deploy/olm-catalog/dev/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/dev/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..68c79ebe5 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "false" + containerImage: quay.io/kiegroup/kie-cloud-operator:7.13.3 + createdAt: "2023-08-10 11:26:18" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-5-dev-q2m46jvr9k + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation (DEV) + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: quay.io/kiegroup/kie-cloud-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-5-dev-q2m46jvr9k + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: dev + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-4 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-5-dev-q2m46jvr9k + version: 7.13.3-5+q2m46jvr9k diff --git a/deploy/olm-catalog/dev/7.13.3-5/manifests/kieapp.crd.yaml b/deploy/olm-catalog/dev/7.13.3-5/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-5/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/dev/7.13.3-5/metadata/annotations.yaml b/deploy/olm-catalog/dev/7.13.3-5/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.3-5/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/prod/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/prod/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..dd6fbb1de --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.3 + createdAt: "2023-08-10 11:26:18" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-5 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.stage.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-5 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: stable + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-4 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-5 + version: 7.13.3-5 diff --git a/deploy/olm-catalog/prod/7.13.3-5/manifests/kieapp.crd.yaml b/deploy/olm-catalog/prod/7.13.3-5/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-5/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/prod/7.13.3-5/metadata/annotations.yaml b/deploy/olm-catalog/prod/7.13.3-5/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.3-5/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/test/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/test/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..e95e3eeb3 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-5/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.3 + createdAt: "2023-08-10 11:26:18" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.3-5-dev-fsswv8pjqp + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.3 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-5-dev-fsswv8pjqp + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: test + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-4 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.3-5-dev-fsswv8pjqp + version: 7.13.3-5+fsswv8pjqp diff --git a/deploy/olm-catalog/test/7.13.3-5/manifests/kieapp.crd.yaml b/deploy/olm-catalog/test/7.13.3-5/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-5/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/test/7.13.3-5/metadata/annotations.yaml b/deploy/olm-catalog/test/7.13.3-5/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.3-5/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/version/version.go b/version/version.go index f7cc3b631..ea5411abe 100644 --- a/version/version.go +++ b/version/version.go @@ -8,9 +8,9 @@ var ( // Version - current version Version = constants.CurrentVersion // CsvVersion - csv release - CsvVersion = Version + "-4" + CsvVersion = Version + "-5" // PriorVersion - prior version PriorVersion = constants.CurrentVersion // CsvPriorVersion - prior csv release - CsvPriorVersion = PriorVersion + "-3" + CsvPriorVersion = PriorVersion + "-4" ) From 5e692ea4555b96cb6e5d96df8f78839c3c2a696e Mon Sep 17 00:00:00 2001 From: Spolti Date: Fri, 11 Aug 2023 11:13:19 -0300 Subject: [PATCH 07/10] [KIECLOUD-731] - Bump RHPAM and BAMOE version in the next branch Signed-off-by: Spolti --- deploy/crs/v2/snippets/prior_version.yaml | 2 +- ...mation-operator.clusterserviceversion.yaml | 423 ++ .../dev/7.13.4-1/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../dev/7.13.4-1/metadata/annotations.yaml | 10 + ...mation-operator.clusterserviceversion.yaml | 423 ++ .../prod/7.13.4-1/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../prod/7.13.4-1/metadata/annotations.yaml | 10 + ...mation-operator.clusterserviceversion.yaml | 423 ++ .../test/7.13.4-1/manifests/kieapp.crd.yaml | 6126 +++++++++++++++++ .../test/7.13.4-1/metadata/annotations.yaml | 10 + deploy/operator.yaml | 50 +- pkg/controller/kieapp/constants/constants.go | 4 +- rhpam-config/{7.13.2 => 7.13.4}/common.yaml | 0 .../rhpam-standalone-dashbuilder.yaml | 0 .../{7.13.2 => 7.13.4}/dbs/mysql.yaml | 0 .../{7.13.2 => 7.13.4}/dbs/pim/external.yaml | 0 .../{7.13.2 => 7.13.4}/dbs/pim/mysql.yaml | 0 .../dbs/pim/postgresql.yaml | 0 .../{7.13.2 => 7.13.4}/dbs/postgresql.yaml | 0 .../dbs/servers/external.yaml | 7 + .../{7.13.2 => 7.13.4}/dbs/servers/h2.yaml | 0 .../{7.13.2 => 7.13.4}/dbs/servers/mysql.yaml | 0 .../dbs/servers/postgresql.yaml | 0 .../envs/rhdm-authoring-ha.yaml | 0 .../envs/rhdm-authoring.yaml | 0 .../envs/rhdm-production-immutable.yaml | 0 .../{7.13.2 => 7.13.4}/envs/rhdm-trial.yaml | 0 .../envs/rhpam-authoring-ha.yaml | 0 .../envs/rhpam-authoring.yaml | 0 .../envs/rhpam-production-immutable.yaml | 0 .../envs/rhpam-production.yaml | 0 .../envs/rhpam-standalone-dashbuilder.yaml | 0 .../{7.13.2 => 7.13.4}/envs/rhpam-trial.yaml | 0 .../jms/activemq-jms-config.yaml | 0 .../pim/process-migration.yaml | 0 version/version.go | 6 +- 36 files changed, 19715 insertions(+), 31 deletions(-) create mode 100644 deploy/olm-catalog/dev/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/dev/7.13.4-1/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/dev/7.13.4-1/metadata/annotations.yaml create mode 100644 deploy/olm-catalog/prod/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/prod/7.13.4-1/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/prod/7.13.4-1/metadata/annotations.yaml create mode 100644 deploy/olm-catalog/test/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/test/7.13.4-1/manifests/kieapp.crd.yaml create mode 100644 deploy/olm-catalog/test/7.13.4-1/metadata/annotations.yaml rename rhpam-config/{7.13.2 => 7.13.4}/common.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/dashbuilder/rhpam-standalone-dashbuilder.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/dbs/mysql.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/dbs/pim/external.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/dbs/pim/mysql.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/dbs/pim/postgresql.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/dbs/postgresql.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/dbs/servers/external.yaml (91%) rename rhpam-config/{7.13.2 => 7.13.4}/dbs/servers/h2.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/dbs/servers/mysql.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/dbs/servers/postgresql.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/envs/rhdm-authoring-ha.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/envs/rhdm-authoring.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/envs/rhdm-production-immutable.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/envs/rhdm-trial.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/envs/rhpam-authoring-ha.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/envs/rhpam-authoring.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/envs/rhpam-production-immutable.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/envs/rhpam-production.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/envs/rhpam-standalone-dashbuilder.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/envs/rhpam-trial.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/jms/activemq-jms-config.yaml (100%) rename rhpam-config/{7.13.2 => 7.13.4}/pim/process-migration.yaml (100%) diff --git a/deploy/crs/v2/snippets/prior_version.yaml b/deploy/crs/v2/snippets/prior_version.yaml index 4183f460a..959f595bf 100644 --- a/deploy/crs/v2/snippets/prior_version.yaml +++ b/deploy/crs/v2/snippets/prior_version.yaml @@ -8,4 +8,4 @@ metadata: consoleTitle: Prior Product Version name: prior-version spec: - version: 7.13.2 + version: 7.13.3 diff --git a/deploy/olm-catalog/dev/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/dev/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..bfd45ef16 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "false" + containerImage: quay.io/kiegroup/kie-cloud-operator:7.13.4 + createdAt: "2023-08-11 11:11:50" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.4-1-dev-vgv827tf24 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation (DEV) + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.4 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.4 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.4 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.4 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.4 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.4 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: quay.io/kiegroup/kie-cloud-operator:7.13.4 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.4-1-dev-vgv827tf24 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: dev + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-5 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.4-1-dev-vgv827tf24 + version: 7.13.4-1+vgv827tf24 diff --git a/deploy/olm-catalog/dev/7.13.4-1/manifests/kieapp.crd.yaml b/deploy/olm-catalog/dev/7.13.4-1/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.4-1/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/dev/7.13.4-1/metadata/annotations.yaml b/deploy/olm-catalog/dev/7.13.4-1/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/dev/7.13.4-1/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/prod/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/prod/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..57722c888 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.4 + createdAt: "2023-08-11 11:11:50" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.4-1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.4 + value: registry.stage.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.4 + value: registry.stage.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.4 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.4 + value: registry.stage.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.4 + value: registry.stage.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.4 + value: registry.stage.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.4 + value: registry.stage.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.4 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.4 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.4 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.4 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.4 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.4 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.4 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.4-1 + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: stable + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-5 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.4-1 + version: 7.13.4-1 diff --git a/deploy/olm-catalog/prod/7.13.4-1/manifests/kieapp.crd.yaml b/deploy/olm-catalog/prod/7.13.4-1/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.4-1/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/prod/7.13.4-1/metadata/annotations.yaml b/deploy/olm-catalog/prod/7.13.4-1/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/prod/7.13.4-1/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/olm-catalog/test/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/test/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..11a216e3a --- /dev/null +++ b/deploy/olm-catalog/test/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -0,0 +1,423 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"app.kiegroup.org/v2","kind":"KieApp","metadata":{"name":"rhpam-trial"},"spec":{"environment":"rhpam-trial"}}]' + capabilities: Seamless Upgrades + categories: Integration & Delivery + certified: "true" + containerImage: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.4 + createdAt: "2023-08-11 11:11:50" + description: Deploys and manages Red Hat Process Automation Manager and Red Hat + Decision Manager environments. + operators.openshift.io/infrastructure-features: '["Disconnected"]' + operators.openshift.io/valid-subscription: '["Red Hat Process Automation Manager", + "Red Hat Decision Manager"]' + repository: https://github.com/kiegroup/kie-cloud-operator + support: Red Hat + tectonic-visibility: ocs + labels: + operator-businessautomation: "true" + operatorframework.io/arch.amd64: supported + operatorframework.io/os.linux: supported + name: businessautomation-operator.7.13.4-1-dev-nf729k4z9v + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: A project prescription running an RHPAM/RHDM environment. + displayName: KieApp + kind: KieApp + name: kieapps.app.kiegroup.org + resources: + - kind: DeploymentConfig + name: "" + version: apps.openshift.io/v1 + - kind: StatefulSet + name: "" + version: apps/v1 + - kind: Role + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: RoleBinding + name: "" + version: rbac.authorization.k8s.io/v1 + - kind: Route + name: "" + version: route.openshift.io/v1 + - kind: BuildConfig + name: "" + version: build.openshift.io/v1 + - kind: ImageStream + name: "" + version: image.openshift.io/v1 + - kind: Secret + name: "" + version: v1 + - kind: PersistentVolumeClaim + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + specDescriptors: + - description: Set true to enable automatic micro version product upgrades, + it is disabled by default. + displayName: Enable Upgrades + path: upgrades.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable automatic minor product version upgrades, + it is disabled by default. Requires spec.upgrades.enabled to be true. + displayName: Include minor version upgrades + path: upgrades.minor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set true to enable image tags, disabled by default. This will + leverage image tags instead of the image digests. + displayName: Use Image Tags + path: useImageTags + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Environment deployed. + displayName: Environment + path: environment + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + statusDescriptors: + - description: Product version installed. + displayName: Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: Current phase. + displayName: Status + path: phase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The address for accessing Business Central, if it is deployed. + displayName: Business/Decision Central URL + path: consoleHost + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Deployments for the KieApp environment. + displayName: Deployments + path: deployments + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + version: v2 + description: |- + Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. + + * **Red Hat Process Automation Manager** is a platform for developing containerized microservices and applications that automate business decisions and processes. It includes business process management (BPM), business rules management (BRM), and business resource optimization and complex event processing (CEP) technologies. It also includes a user experience platform to create engaging user interfaces for process and decision services with minimal coding. + + [See more](https://www.redhat.com/en/products/process-automation). + displayName: Business Automation + icon: + - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA3MjEuMTUgNzIxLjE1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2RkMzkyNjt9LmNscy0ye2ZpbGw6I2NjMzQyNzt9LmNscy0ze2ZpbGw6I2ZmZjt9LmNscy00e2ZpbGw6I2U1ZTVlNDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlByb2R1Y3RfSWNvbi1SZWRfSGF0LUF1dG9tYXRpb24tUkdCPC90aXRsZT48Y2lyY2xlIGNsYXNzPSJjbHMtMSIgY3g9IjM2MC41NyIgY3k9IjM2MC41NyIgcj0iMzU4LjU4Ii8+PHBhdGggY2xhc3M9ImNscy0yIiBkPSJNNjEzLjc4LDEwNy4wOSwxMDYuNzIsNjE0LjE2YzE0MC4xNCwxMzguNjIsMzY2LjExLDEzOC4xNiw1MDUuNjctMS40Uzc1Mi40LDI0Ny4yNCw2MTMuNzgsMTA3LjA5WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMyIgcG9pbnRzPSIzNzguOTcgMzI3LjQ4IDQ2MS43NyAxNTkuNTcgMjU5LjY3IDE1OS40OSAyNTkuNjcgNDEzLjEgMzA2Ljk3IDQxMy43OCAzOTMuMjcgMzI3LjQ3IDM3OC45NyAzMjcuNDgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTQiIHBvaW50cz0iMzU5LjYgNTc4LjA2IDQ4Mi41NSAzMjcuNDUgMzkzLjI3IDMyNy40NyAzMDYuOTcgNDEzLjc4IDM1OS42IDQxNC41MiAzNTkuNiA1NzguMDYiLz48L3N2Zz4= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleyamlsamples + verbs: + - get + - create + - update + - delete + serviceAccountName: business-automation-operator + deployments: + - name: business-automation-operator + spec: + replicas: 1 + selector: + matchLabels: + name: business-automation-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + name: business-automation-operator + spec: + containers: + - command: + - kie-cloud-operator + env: + - name: OPERATOR_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['name'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_UI + value: "true" + - name: DEBUG + value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.4 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-kieserver-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.4 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-controller-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.4 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.4 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.4 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-smartrouter-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.4 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-process-migration-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.4 + value: registry-proxy.engineering.redhat.com/rhpam-7/rhpam-dashbuilder-rhel8:7.13.4 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.4 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.4 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.4 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.4 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.4 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.3 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.3 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.3 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.3 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.3 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.3 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST + value: registry.redhat.io/openshift4/ose-oauth-proxy:latest + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.12 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.11 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 + - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 + value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 + image: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.4 + imagePullPolicy: Always + name: business-automation-operator + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + serviceAccountName: business-automation-operator + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - services + - services/finalizers + - serviceaccounts + - persistentvolumeclaims + - secrets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - replicasets + - statefulsets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - build.openshift.io + resources: + - buildconfigs + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - image.openshift.io + resources: + - images + - imagestreams + - imagestreamimages + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - app.kiegroup.org + resources: + - kieapps + - kieapps/status + - kieapps/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + verbs: + - get + - list + - patch + - update + - watch + serviceAccountName: business-automation-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - kieapp + - pam + - decision + - kie + - cloud + - bpm + - process + - automation + - operator + labels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.4-1-dev-nf729k4z9v + links: + - name: Product Page + url: https://access.redhat.com/products/red-hat-process-automation-manager + - name: Documentation + url: https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.13/#category-deploying-red-hat-process-automation-manager-on-openshift + maintainers: + - email: bsig-cloud@redhat.com + name: Red Hat + maturity: test + provider: + name: Red Hat + replaces: businessautomation-operator.7.13.3-5 + selector: + matchLabels: + alm-owner-businessautomation: businessautomation-operator + operated-by: businessautomation-operator.7.13.4-1-dev-nf729k4z9v + version: 7.13.4-1+nf729k4z9v diff --git a/deploy/olm-catalog/test/7.13.4-1/manifests/kieapp.crd.yaml b/deploy/olm-catalog/test/7.13.4-1/manifests/kieapp.crd.yaml new file mode 100644 index 000000000..09474bb77 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.4-1/manifests/kieapp.crd.yaml @@ -0,0 +1,6126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kieapps.app.kiegroup.org +spec: + group: app.kiegroup.org + names: + kind: KieApp + listKind: KieAppList + plural: kieapps + singular: kieapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of the application deployment + jsonPath: .status.version + name: Version + type: string + - description: The name of the environment used as a baseline + jsonPath: .spec.environment + name: Environment + type: string + - description: The status of the KieApp deployment + jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2 + schema: + openAPIV3Schema: + description: KieApp is the Schema for the kieapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to be used + by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected otherwise. + Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to begin + the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate the + context of the user to authenticate. The input username + or userDN obtained from the login module callback is substituted + into the filter anywhere a {0} expression is used. A common + example for the search filter is (uid={0}). For Elytron + based subsystem this property should be configured only + with the search filter parameter, without any search expression. + Example (uid={0}) became just uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN of the + user itself contains special characters, backslash for example, + that prevent correct user mapping. If the attribute does + not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to decrypt + the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity mapping, + the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN is + not checked for the roleNameAttributeID. This flag can improve + the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the username. + If set to true, the DN is parsed for the username. If set + to false the DN is not parsed for the username. This option + is used together with usernameBeginString and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this option. + When using referrals, this option denotes the attribute + name which contains users defined for a certain role, for + example member, if the role object is inside the referral. + Users are checked against the content of this attribute + name. If this option is not set, the check will always fail, + so role objects cannot be stored in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken from + the value of the roleNameAttributeId attribute of the context + name. Certain directory schemas, such as Microsoft Active + Directory, require this attribute to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles associated + with the authenticated user. The input username or userDN + obtained from the login module callback is substituted into + the filter anywhere a {0} expression is used. The authenticated + userDN is substituted into the filter anywhere a {1} is + used. An example search filter that , matches on the input + username is (member={0}). An alternative that matches on + the authenticated userDN is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role object’s + name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role search + will go below a matching context. Disable recursion by setting + this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for user + roles. This is not the DN where the actual roles are, but + the DN where the objects containing the user roles are. + For example, in a Microsoft Active Directory server, this + is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated by + space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used together + with usernameEndString and only taken into account if parseUsername + is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end of + the DN to reveal the username. This option is used together + with usernameBeginString and only taken into account if + parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will be + configured. + properties: + from: + description: ObjRef contains enough information to let you + inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have defined mappings. Defaults to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will retain + all roles, that have no defined mappings. Defaults to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a properties + file or a set of roles with the following pattern 'role=role1;another-role=role2'. + The format of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the patter + above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create the + Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create the + Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and adminPassword + are provided the secretAdminCredentials will be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when the + OpenShiftStartupStrategy is choosed and Business Central + is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the 'openshift' + and local namespaces, the operator will create said imagestreams + locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry is + insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder will + be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known hosts + file. The secret must contain two files: id_rsa and + known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations that + can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the Runtime + Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if a property + is set mode than once, the one from this property file + will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the Runtime + Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ExternalCompDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/components + directory will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs are + stored. If PersistentConfigs is enabled and ImportsBaseDir + is not pointing to a already existing PV the /opt/kie/dashbuilder/imports + directory will be used. If ImportFileLocation is set + ImportsBaseDir will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual model + file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default value + is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new imports + (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards (in + kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench and + RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response Header + Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response Headers + Filter Header Value, default is: GET, POST, OPTIONS, + PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how a + Process Migration server will manage and create a new Database + or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the configured + datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the configured + datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to the + application classpath separated by colon. Needs to be mounted + on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a single + set, or for multiple sets if deployments is set to >1 + properties: + build: + description: KieAppBuildObject Data to define how to build + an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If unspecified, + all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. It + is recommended to test the kjar manually before disabling + this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for immutable + KIE Server configurations for S2I and pre built kjars. + Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the extensions + image where the extensions are located (e.g. install.sh, + modules/, etc.). Defaults to '/extension'. Do not + change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For example, + custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers and + configuration is located. Defaults to openshift namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate the + source code to build + properties: + contextDir: + description: Context/subdirectory where the code + is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a given + webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter Header + Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter Header + Value, default is: Accept, Authorization, Content-Type, + X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header Filter + Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default values, + default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header Name, + default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header Value, + default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer will + manage and create a new Database or connect to an existing + one + properties: + externalConfig: + description: ExternalDatabaseObject configuration definition + of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to background-validation, + if set to false the validate-on-match method will + be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. For + example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should be + broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases running + on OCP where the host will correspond to the kubernetes + added env *_SERVICE_HOST, it is mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can be + XA or NONXA. For non XA set it to true. Default + value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. Port + is intended to be used with databases running + on OCP where the post will correspond to the kubernetes + added env *_SERVICE_PORT, these are mostly likely + used with PostgreSQL and MySQL variants running + on OCP. For Databases Running outside OCP use + jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to create. + For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE Server + image to disable all capabilities that are not related + to decisions, Default to true for RHDM environments and + false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm clustering + for processes fail-over, it could increase the number + of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification to + be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, if + will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be used. + type: string + amqSecretName: + description: The name of a secret containing AMQ SSL + related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. Default + is false. + type: boolean + enableIntegration: + description: When set to true will configure the KIE + Server with JMS integration, if no configuration is + added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, disabled + by default. + type: boolean + password: + description: AMQ broker password to connect do the AMQ, + generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for JMS, + example queue/CUSTOM.KIE.SERVER.AUDIT, default is + queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, example + queue/CUSTOM.KIE.SERVER.EXECUTOR, default is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, example + queue/CUSTOM.KIE.SERVER.REQUEST, default is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, example + queue/CUSTOM.KIE.SERVER.RESPONSE, default is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, example + queue/CUSTOM.KIE.SERVER.SIGNAL, default is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the AMQ, + generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new + heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The default + is '25' which means 25% of the '-Xmx' is used as the + initial heap size. You can skip this mechanism by + setting this value to '0' in which case no '-Xms' + option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container then + this option has no effect. If there is a memory constraint + then '-Xms' is limited to the value set here. The + default is 4096Mb which means the calculated value + of '-Xms' never will be greater than 4096Mb. The value + of this variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as set + here. The default is '50' which means 50% of the available + memory is used as an upper boundary. You can skip + this mechanism by setting this value to '0' in which + case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be used + by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when making + requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates how + long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that the + emitter requires the leader to have received before + considering a request to be complete, not set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection to + the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to set + an ID to provide a logical application name for logging + purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to Kafka. + Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates how + long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event messages. + Set up to override the default value jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it must + be lower than the value of max-pool-size, by default is + max-pool-size set to 60. Max pool size can be set by system + property jboss.mdb.strict.max.pool.size (using javaOptsAppend: + "-Djboss.mdb.strict.max.pool.size=40"), for more information + see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories on ~/.m2/repository + and ~/.kie/repository respectively. The option persistRepos + will be automatically set to false when the Trial environment + is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the KIE + local repository persistent volume. Defaults to 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the Maven + persistent volume, the size of the files on this directory + can grow fast as all dependencies for KIE Containers will + be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the SSO + integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM smart + router + properties: + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. rhpam-7, + this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, this + param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by the + KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC time + versus previous GC times when determining the new heap + size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of this + variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after GC + to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after GC + to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent outside + the garbage collection (for example, the time spent + for application execution) to the time spent in the + garbage collection, it's desirable that not more than + 1 / (1 + n) e.g. 99 and means 1% spent on gc, 4 means + spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate a default initial + heap memory based on the maximum heap memory. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xms' is set to a ratio of + the '-Xmx' memory as set here. The default is '25' which + means 25% of the '-Xmx' is used as the initial heap + size. You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. e.g. + '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given in + JAVA_OPTS. This is used to calculate the maximum value + of the initial heap memory. If used in a container without + any memory constraints for the container then this option + has no effect. If there is a memory constraint then + '-Xms' is limited to the value set here. The default + is 4096Mb which means the calculated value of '-Xms' + never will be greater than 4096Mb. The value of this + variable is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given in + JAVA_OPTS. This is used to calculate a default maximal + heap memory based on a containers restriction. If used + in a container without any memory constraints for the + container then this option has no effect. If there is + a memory constraint then '-Xmx' is set to a ratio of + the container available memory as set here. The default + is '50' which means 50% of the available memory is used + as an upper boundary. You can skip this mechanism by + setting this value to '0' in which case no '-Xmx' option + is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to use + for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the external + smartrouter route to communicate with it. Note that, valid + SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on the + ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, kieservers, + smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should be allowed + when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. This + will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + status: + description: KieAppStatus - The status for custom resources managed by + the operator-sdk. + properties: + applied: + description: KieAppSpec defines the desired state of KieApp + properties: + auth: + description: KieAppAuthObject Authentication specification to + be used by the KieApp + properties: + ldap: + description: LDAPAuthConfig Authentication configuration for + LDAP + properties: + allowEmptyPasswords: + description: Does this realm support blank password direct + verification? Blank password attempt will be rejected + otherwise. Boolean flag, defaults to false. + type: boolean + baseCtxDN: + description: LDAP Base DN of the top-level context to + begin the user search. + type: string + baseFilter: + description: Legacy LDAP search filter used to locate + the context of the user to authenticate. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. A common example for the search filter is (uid={0}). + For Elytron based subsystem this property should be + configured only with the search filter parameter, without + any search expression. Example (uid={0}) became just + uid. + type: string + bindCredential: + description: LDAP Credentials used for authentication + format: password + type: string + bindDN: + description: Bind DN used for authentication + type: string + defaultRole: + description: A role included for all authenticated users + type: string + distinguishedNameAttribute: + description: Deprecated - parameter not supported by Elytron + The name of the attribute in the user entry that contains + the DN of the user. This may be necessary if the DN + of the user itself contains special characters, backslash + for example, that prevent correct user mapping. If the + attribute does not exist, the entry’s DN is used. + type: string + jaasSecurityDomain: + description: Deprecated - parameter not supported by Elytron + The JMX ObjectName of the JaasSecurityDomain used to + decrypt the password. + type: string + loginFailover: + description: Enable failover, if Ldap Url is unreachable, + it will fail over to the KieFsRealm. + type: boolean + loginModule: + description: LDAP login module flag, adds backward compatibility + with the legacy security subsystem on elytron. 'optional' + is the only supported value, if set will create a distributed + realm with ldap and filesystem realm with the user added + using the KIE_ADMIN_USER. + enum: + - optional + type: string + newIdentityAttributes: + description: Provide new identities for Ldap identity + mapping, the pattern to be used with this env is 'attribute_name=attribute_value;another_attribute_name=value' + type: string + parseRoleNameFromDN: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN returned by a query contains + the roleNameAttributeID. If set to true, the DN is checked + for the roleNameAttributeID. If set to false, the DN + is not checked for the roleNameAttributeID. This flag + can improve the performance of LDAP queries. + type: boolean + parseUsername: + description: Deprecated - parameter not supported by Elytron + A flag indicating if the DN is to be parsed for the + username. If set to true, the DN is parsed for the username. + If set to false the DN is not parsed for the username. + This option is used together with usernameBeginString + and usernameEndString. + type: boolean + recursiveSearch: + description: Indicates if the user queries are recursive. + type: boolean + referralMode: + description: If LDAP referrals should be followed. + enum: + - FOLLOW + - IGNORE + - THROW + type: string + referralUserAttributeIDToCheck: + description: Deprecated - parameter not supported by Elytron + If you are not using referrals, you can ignore this + option. When using referrals, this option denotes the + attribute name which contains users defined for a certain + role, for example member, if the role object is inside + the referral. Users are checked against the content + of this attribute name. If this option is not set, the + check will always fail, so role objects cannot be stored + in a referral tree. + type: string + roleAttributeID: + description: Name of the attribute containing the user + roles. + type: string + roleAttributeIsDN: + description: Deprecated - parameter not supported by Elytron + Whether or not the roleAttributeID contains the fully-qualified + DN of a role object. If false, the role name is taken + from the value of the roleNameAttributeId attribute + of the context name. Certain directory schemas, such + as Microsoft Active Directory, require this attribute + to be set to true. + type: boolean + roleFilter: + description: A search filter used to locate the roles + associated with the authenticated user. The input username + or userDN obtained from the login module callback is + substituted into the filter anywhere a {0} expression + is used. The authenticated userDN is substituted into + the filter anywhere a {1} is used. An example search + filter that , matches on the input username is (member={0}). + An alternative that matches on the authenticated userDN + is (member={1}). + type: string + roleNameAttributeID: + description: Deprecated - parameter not supported by Elytron + Name of the attribute within the roleCtxDN context which + contains the role name. If the roleAttributeIsDN property + is set to true, this property is used to find the role + object’s name attribute. + type: string + roleRecursion: + description: The number of levels of recursion the role + search will go below a matching context. Disable recursion + by setting this to 0. + format: int16 + type: integer + rolesCtxDN: + description: The fixed DN of the context to search for + user roles. This is not the DN where the actual roles + are, but the DN where the objects containing the user + roles are. For example, in a Microsoft Active Directory + server, this is the DN where the user account is. + type: string + searchScope: + description: Deprecated - parameter not supported by Elytron + type: string + searchTimeLimit: + description: The timeout in milliseconds for user or role + searches. + format: int32 + type: integer + url: + description: LDAP endpoint to connect for authentication. + For failover set two or more LDAP endpoints separated + by space + type: string + usernameBeginString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the start + of the DN to reveal the username. This option is used + together with usernameEndString and only taken into + account if parseUsername is set to true. + type: string + usernameEndString: + description: Deprecated - parameter not supported by Elytron + Defines the String which is to be removed from the end + of the DN to reveal the username. This option is used + together with usernameBeginString and only taken into + account if parseUsername is set to true. + type: string + required: + - url + type: object + roleMapper: + description: When present, the RoleMapping Login Module will + be configured. + properties: + from: + description: ObjRef contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + replaceRole: + description: Deprecated - parameter not supported by Elytron, + instead use RolesKeepMapped and RolesKeepNonMapped + type: boolean + rolesKeepMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have defined mappings. Defaults + to false. + type: boolean + rolesKeepNonMapped: + description: When set to 'true' the mapped roles will + retain all roles, that have no defined mappings. Defaults + to false. + type: boolean + rolesProperties: + description: When present, the RoleMapping will be configured + to use the provided properties file or roles. This parameter + defines the fully-qualified file path and name of a + properties file or a set of roles with the following + pattern 'role=role1;another-role=role2'. The format + of every entry in the file is original_role=role1,role2,role3 + expects eiter a .properties file or a content with the + patter above. + type: string + required: + - rolesProperties + type: object + sso: + description: SSOAuthConfig Authentication configuration for + SSO + properties: + adminPassword: + description: RH-SSO Realm Admin Password used to create + the Client + format: password + type: string + adminUser: + description: RH-SSO Realm Admin Username used to create + the Client if it doesn't exist + type: string + disableSSLCertValidation: + description: RH-SSO Disable SSL Certificate Validation + type: boolean + principalAttribute: + description: RH-SSO Principal Attribute to use as username + type: string + realm: + description: RH-SSO Realm name + type: string + url: + description: RH-SSO URL + type: string + required: + - realm + - url + type: object + type: object + commonConfig: + description: CommonConfig variables used in the templates + properties: + adminPassword: + description: The password to use for the adminUser. + format: password + type: string + adminUser: + description: The user to use for the admin. + type: string + amqClusterPassword: + description: The password to use for amq cluster user. + format: password + type: string + amqPassword: + description: The password to use for amq user. + format: password + type: string + applicationName: + description: The name of the application deployment. + type: string + dbPassword: + description: The password to use for databases. + format: password + type: string + disableSsl: + description: If set to true, plain text routes will be configured + instead using SSL + type: boolean + keyStorePassword: + description: The password to use for keystore generation. + format: password + type: string + secretAdminCredentials: + description: Name of the secret containing admin's credentials, + the keys are username and password, if the adminUser and + adminPassword are provided the secretAdminCredentials will + be skipped + type: string + startupStrategy: + description: Startup strategy for Console and Kieserver + properties: + controllerTemplateCacheTTL: + description: Controller Template Cache TTL to use when + the OpenShiftStartupStrategy is choosed and Business + Central is deployed, default is 5000 + type: integer + strategyName: + description: StartupStrategy to use. When set to OpenShiftStartupStrategy, + allows KIE server to start up independently used shared + state from OpenShift API service, option is ControllerBasedStartupStrategy, + default is OpenShiftStartupStrategy + type: string + type: object + type: object + environment: + description: The name of the environment used as a baseline + enum: + - rhdm-authoring-ha + - rhdm-authoring + - rhdm-production-immutable + - rhdm-trial + - rhpam-authoring-ha + - rhpam-authoring + - rhpam-production-immutable + - rhpam-production + - rhpam-standalone-dashbuilder + - rhpam-trial + type: string + imageRegistry: + description: If required imagestreams are missing in both the + 'openshift' and local namespaces, the operator will create said + imagestreams locally using the registry specified here. + properties: + insecure: + description: A flag used to indicate the specified registry + is insecure. Defaults to 'false'. + type: boolean + registry: + description: Image registry's base 'url:port'. e.g. registry.example.com:5000. + Defaults to 'registry.redhat.io'. + type: string + type: object + objects: + description: Configuration of the RHPAM components + properties: + console: + description: ConsoleObject configuration of the RHPAM workbench + properties: + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + dataGridAuth: + description: DataGridAuth + properties: + password: + description: The password to use for datagrid user + format: password + type: string + username: + description: The user to use for datagrid + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gitHooks: + description: GitHooksVolume GitHooks volume configuration + properties: + from: + description: ObjRef contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ConfigMap + - Secret + - PersistentVolumeClaim + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + mountPath: + description: Absolute path where the gitHooks folder + will be mounted. + type: string + sshSecret: + description: 'Secret to use for ssh key and known + hosts file. The secret must contain two files: id_rsa + and known_hosts.' + type: string + type: object + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + pvSize: + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + dashbuilder: + description: DashbuilderObject configuration of the RHPAM + Dashbuilder + properties: + config: + description: DashbuilderConfig holds all configurations + that can be applied to the Dashbuilder env + properties: + allowExternalFileRegister: + description: Allow download of external (remote) files + into runtime. Default value is false + type: boolean + componentEnable: + description: When set to true enables external components. + type: boolean + componentPartition: + description: Components will be partitioned by the + Runtime Model ID. Default value is true + type: boolean + configMapProps: + description: Properties file with Dashbuilder configurations, + if set, uniq properties will be appended and, if + a property is set mode than once, the one from this + property file will be used. + type: string + dataSetPartition: + description: Datasets IDs will partitioned by the + Runtime Model ID. Default value is true + type: boolean + enableBusinessCentral: + description: Enables integration with Business Central + type: boolean + enableKieServer: + description: Enables integration with KIE Server + type: boolean + externalCompDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ExternalCompDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/components directory + will be used. + type: string + importFileLocation: + description: Set a static dashboard to run with runtime. + When this property is set no new imports are allowed. + type: string + importsBaseDir: + description: Base Directory where dashboards ZIPs + are stored. If PersistentConfigs is enabled and + ImportsBaseDir is not pointing to a already existing + PV the /opt/kie/dashbuilder/imports directory will + be used. If ImportFileLocation is set ImportsBaseDir + will be ignored. + type: string + kieServerDataSets: + description: Defines the KIE Server Datasets access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + kieServerTemplates: + description: Defines the KIE Server Templates access + configurations + items: + properties: + location: + type: string + name: + type: string + password: + type: string + replaceQuery: + type: string + token: + type: string + user: + type: string + type: object + type: array + modelFileRemoval: + description: When enabled will also remove actual + model file from file system. Default value is false. + type: boolean + modelUpdate: + description: Allows Runtime to check model last update + in FS to update its content. Default value is true. + type: boolean + persistentConfigs: + description: Make Dashbuilder not ephemeral. If ImportFileLocation + is set PersistentConfigs will be ignored. Default + value is true. + type: boolean + runtimeMultipleImport: + description: Runtime will always allow use of new + imports (multi tenancy). Default value is false. + type: boolean + uploadSize: + description: Limits the size of uploaded dashboards + (in kb). Default value is 10485760 kb. + format: int64 + type: integer + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, POST, + OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + processMigration: + description: ProcessMigrationObject configuration of the RHPAM + PIM + properties: + database: + description: ProcessMigrationDatabaseObject Defines how + a Process Migration server will manage and create a + new Database or connect to an existing one + properties: + externalConfig: + description: CommonExtDBObjectRequiredURL common configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method to + background-validation, if set to false the validate-on-match + method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + jdbcURL: + description: Database JDBC URL. For example, jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for the + configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for the + configured datasource. + type: string + password: + description: External database password + format: password + type: string + username: + description: External database username + type: string + required: + - driver + - jdbcURL + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraClassPath: + description: ExtraClassPath Allows to add extra jars to + the application classpath separated by colon. Needs + to be mounted on the image before. + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + password: + description: If empty the CommonConfig.AdminPassword will + be used + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + username: + description: If empty the CommonConfig.AdminUser will + be used + type: string + type: object + servers: + description: Configuration of the each individual KIE server + items: + description: KieServerSet KIE Server configuration for a + single set, or for multiple sets if deployments is set + to >1 + properties: + build: + description: KieAppBuildObject Data to define how to + build an application from source + properties: + artifactDir: + description: List of directories from which archives + will be copied into the deployment folder. If + unspecified, all archives in /target will be copied. + type: string + disableKCVerification: + description: Disable Maven KIE Jar verification. + It is recommended to test the kjar manually before + disabling this verification. + type: boolean + disablePullDeps: + description: Disable Maven pull dependencies for + immutable KIE Server configurations for S2I and + pre built kjars. Useful for pre-compiled kjar. + type: boolean + env: + description: Env set environment variables for BuildConfigs + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extensionImageInstallDir: + description: Full path to the directory within the + extensions image where the extensions are located + (e.g. install.sh, modules/, etc.). Defaults to + '/extension'. Do not change it unless it is necessary. + type: string + extensionImageStreamTag: + description: ImageStreamTag definition for the image + containing the drivers and configuration. For + example, custom-driver-image:7.7.0. + type: string + extensionImageStreamTagNamespace: + description: Namespace within which the ImageStream + definition for the image containing the drivers + and configuration is located. Defaults to openshift + namespace. + type: string + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an + object instead of an entire object, this string + should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to + a container within a pod, this would take + on a value like: "spec.containers{name}" (where + "name" refers to the name of the container + that triggered the event) or if no container + name is specified "spec.containers[2]" (container + with index 2 in this pod). This syntax is + chosen only to have some well-defined way + of referencing a part of an object. TODO: + this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + gitSource: + description: GitSource Git coordinates to locate + the source code to build + properties: + contextDir: + description: Context/subdirectory where the + code is located, relatively to repo root + type: string + reference: + description: Branch to use in the git repository + type: string + uri: + description: Git URI for the s2i source + type: string + required: + - reference + - uri + type: object + kieServerContainerDeployment: + description: The Maven GAV to deploy, e.g., rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.6.0-SNAPSHOT + type: string + mavenMirrorURL: + description: Maven mirror to use for S2I builds + type: string + webhooks: + items: + description: WebhookSecret Secret to use for a + given webhook + properties: + secret: + type: string + type: + description: WebhookType literal type to distinguish + between different types of Webhooks + enum: + - GitHub + - Generic + type: string + required: + - secret + - type + type: object + minItems: 1 + type: array + type: object + cors: + description: CORS Cross Origin Resource Sharing configuration + to be used by the KieApp for the KIE Server, workbench + and RHPAM Dashbuilder + properties: + allowCredentialsName: + description: 'Access Control Allow Credentials Filter + Header Name, default is: Access-Control-Allow-Credentials' + type: string + allowCredentialsValue: + description: 'Access Control Allow Credentials Filter + Header Value, default is: true' + type: boolean + allowHeadersName: + description: 'Access Control Allow Headers Filter + Header Name, default is: Access-Control-Allow-Headers' + type: string + allowHeadersValue: + description: 'Access Control Allow Headers Filter + Header Value, default is: Accept, Authorization, + Content-Type, X-Requested-With' + type: string + allowMethodsName: + description: 'Access Control Allow Methods Response + Header Filter Header Name, default is: Access-Control-Allow-Methods' + type: string + allowMethodsValue: + description: 'Access Control Allow Methods Response + Headers Filter Header Value, default is: GET, + POST, OPTIONS, PUT' + type: string + allowOriginName: + description: Access Control Origin Response Header + Filter Header Name, default is Access-Control-Allow-Origin + type: string + allowOriginValue: + description: 'Access Control Origin Response Header Filter + Header Value, default is: *' + type: string + default: + description: Enable CORS setting with the default + values, default is false + type: boolean + filters: + description: 'Access control Response Headers Filters + separated by comma, default is: AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE' + type: string + maxAgeName: + description: 'Access Control Max Age Filter Header + Name, default is: Access-Control-Max-Age' + type: string + maxAgeValue: + description: 'Access Control Max Age Filter Header + Value, default is: 1' + format: int32 + type: integer + type: object + database: + description: DatabaseObject Defines how a KieServer + will manage and create a new Database or connect to + an existing one + properties: + externalConfig: + description: ExternalDatabaseObject configuration + definition of an external database + properties: + backgroundValidation: + description: Sets the sql validation method + to background-validation, if set to false + the validate-on-match method will be used. + type: string + backgroundValidationMillis: + description: Defines the interval for the background-validation + check for the jdbc connections. + type: string + connectionChecker: + description: An org.jboss.jca.adapters.jdbc.ValidConnectionChecker + that provides a SQLException isValidConnection(Connection + e) method to validate if a connection is valid. + type: string + dialect: + description: Hibernate dialect class to use. + For example, org.hibernate.dialect.MySQL8Dialect + type: string + driver: + description: Driver name to use. For example, + mysql + type: string + exceptionSorter: + description: An org.jboss.jca.adapters.jdbc.ExceptionSorter + that provides a boolean isExceptionFatal(SQLException + e) method to validate if an exception should + be broadcast to all javax.resource.spi.ConnectionEventListener + as a connectionErrorOccurred. + type: string + host: + description: Database Host. For example, mydb.example.com. + Host is intended to be used with databases + running on OCP where the host will correspond + to the kubernetes added env *_SERVICE_HOST, + it is mostly likely used with PostgreSQL and + MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + jdbcURL: + description: Database JDBC URL. For example, + jdbc:mysql:mydb.example.com:3306/rhpam + type: string + maxPoolSize: + description: Sets xa-pool/max-pool-size for + the configured datasource. + type: string + minPoolSize: + description: Sets xa-pool/min-pool-size for + the configured datasource. + type: string + name: + description: Database Name. For example, rhpam + type: string + nonXA: + description: Sets the datasources type. It can + be XA or NONXA. For non XA set it to true. + Default value is false. + type: string + password: + description: External database password + format: password + type: string + port: + description: Database Port. For example, 3306. + Port is intended to be used with databases + running on OCP where the post will correspond + to the kubernetes added env *_SERVICE_PORT, + these are mostly likely used with PostgreSQL + and MySQL variants running on OCP. For Databases + Running outside OCP use jdbcUrl instead. + type: string + username: + description: External database username + type: string + required: + - dialect + - driver + - password + - username + type: object + size: + description: Size of the PersistentVolumeClaim to + create. For example, 100Gi + type: string + storageClassName: + description: The storageClassName to use for database + pvc's. + type: string + type: + description: Database type to use + enum: + - mysql + - postgresql + - external + - h2 + type: string + required: + - type + type: object + decisionsOnly: + description: When set to true will configure the KIE + Server image to disable all capabilities that are + not related to decisions, Default to true for RHDM + environments and false to RHPAM. + type: boolean + deployments: + description: Number of Server sets that will be deployed + format: int + type: integer + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + from: + description: ImageObjRef contains enough information + to let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + enum: + - ImageStreamTag + - DockerImage + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + required: + - kind + - name + type: object + id: + description: Server ID + type: string + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jbpmCluster: + description: JbpmCluster Enable the KIE Server Jbpm + clustering for processes fail-over, it could increase + the number of kieservers + type: boolean + jms: + description: KieAppJmsObject messaging specification + to be used by the KieApp + properties: + amqEnableSSL: + description: Not intended to be set by the user, + if will be set to true if all required SSL parameters + are set. + type: boolean + amqKeystoreName: + description: The name of the AMQ keystore file. + type: string + amqKeystorePassword: + description: The password for the AMQ keystore and + certificate. + format: password + type: string + amqQueues: + description: AMQ broker broker comma separated queues, + if empty the values from default queues will be + used. + type: string + amqSecretName: + description: The name of a secret containing AMQ + SSL related files. + type: string + amqTruststoreName: + description: The name of the AMQ SSL Trust Store + file. + type: string + amqTruststorePassword: + description: The password for the AMQ Trust Store. + format: password + type: string + auditTransacted: + description: Determines if JMS session is transacted + or not - default true. + type: boolean + enableAudit: + description: Enable the Audit logging through JMS. + Default is false. + type: boolean + enableIntegration: + description: When set to true will configure the + KIE Server with JMS integration, if no configuration + is added, the default will be used. + type: boolean + enableSignal: + description: Enable the Signal configuration through + JMS. Default is false. + type: boolean + executor: + description: Set false to disable the JMS executor, + it is enabled by default. + type: boolean + executorTransacted: + description: Enable transactions for JMS executor, + disabled by default. + type: boolean + password: + description: AMQ broker password to connect do the + AMQ, generated if empty. + format: password + type: string + queueAudit: + description: JNDI name of audit logging queue for + JMS, example queue/CUSTOM.KIE.SERVER.AUDIT, default + is queue/KIE.SERVER.AUDIT. + type: string + queueExecutor: + description: JNDI name of executor queue for JMS, + example queue/CUSTOM.KIE.SERVER.EXECUTOR, default + is queue/KIE.SERVER.EXECUTOR. + type: string + queueRequest: + description: JNDI name of request queue for JMS, + example queue/CUSTOM.KIE.SERVER.REQUEST, default + is queue/KIE.SERVER.REQUEST. + type: string + queueResponse: + description: JNDI name of response queue for JMS, + example queue/CUSTOM.KIE.SERVER.RESPONSE, default + is queue/KIE.SERVER.RESPONSE. + type: string + queueSignal: + description: JNDI name of signal queue for JMS, + example queue/CUSTOM.KIE.SERVER.SIGNAL, default + is queue/KIE.SERVER.SIGNAL. + type: string + username: + description: AMQ broker username to connect do the + AMQ, generated if empty. + type: string + required: + - enableIntegration + type: object + jvm: + description: JvmObject JVM specification to be used + by the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current + GC time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE + command-line options to specify the required GC, + which will override the default of '-XX:+UseParallelOldGC'. + e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega + bytes unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. + Disabled by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap + memory. If used in a container without any memory + constraints for the container then this option + has no effect. If there is a memory constraint + then '-Xms' is set to a ratio of the '-Xmx' memory + as set here. The default is '25' which means 25% + of the '-Xmx' is used as the initial heap size. + You can skip this mechanism by setting this value + to '0' in which case no '-Xms' option is added. + e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a + container without any memory constraints for the + container then this option has no effect. If there + is a memory constraint then '-Xms' is limited + to the value set here. The default is 4096Mb which + means the calculated value of '-Xms' never will + be greater than 4096Mb. The value of this variable + is expressed in MB. e.g. '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is + set to a ratio of the container available memory + as set here. The default is '50' which means 50% + of the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + kafka: + description: KafkaExtObject kafka configuration to be + used by the KieApp + properties: + acks: + description: The number of acknowledgments the producer + requires the leader to have received before considering + a request complete. + type: integer + autocreateTopics: + description: Allow automatic topic creation. + type: boolean + bootstrapServers: + description: A comma separated list of host/port + pairs to use for establishing the initial connection + to the Kafka cluster + type: string + clientID: + description: Identifier to pass to the server when + making requests + type: string + groupID: + description: Group identifier the group this consumer + belongs + type: string + maxBlockMs: + description: Number of milliseconds that indicates + how long publish method will bloc + format: int32 + type: integer + topics: + description: Contains the mapping message/signal=topicName + for every topic that needs to be mapped globally + items: + type: string + type: array + type: object + kafkaJbpmEventEmitters: + description: KafkaJBPMEventEmittersObject kafka configuration + to be used by the KieApp for jBPM Emitter + properties: + acks: + description: The number of acknowledgments that + the emitter requires the leader to have received + before considering a request to be complete, not + set by default. + type: integer + bootstrapServers: + description: Comma separated list of host/port pairs + to use for establishing the initial connection + to the Kafka cluster. + type: string + casesTopicName: + description: The topic name for cases event messages. + Set up to override the default value jbpm-cases-events. + type: string + clientID: + description: This configuration allows users to + set an ID to provide a logical application name + for logging purposes, not set by default. + type: string + dateFormat: + description: Date and time format to be sent to + Kafka. Default format is yyyy-MM-dd'T'HH:mm:ss.SSSZ + type: string + maxBlockMs: + description: Value in milliseconds that indicates + how long the 'publish' method will block the operation. + Default 2000 milliseconds (2 seconds). + format: int32 + type: integer + processesTopicName: + description: The topic name for processes event + messages. Set up to override the default value + jbpm-processes-events. + type: string + tasksTopicName: + description: The topic name for tasks event messages. + Set up to override the default value jbpm-tasks-events. + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + kieExecutorMDBMaxSession: + description: 'Number of max KIE Executor sessions, it + must be lower than the value of max-pool-size, by + default is max-pool-size set to 60. Max pool size + can be set by system property jboss.mdb.strict.max.pool.size + (using javaOptsAppend: "-Djboss.mdb.strict.max.pool.size=40"), + for more information see https://access.redhat.com/solutions/2955481.' + type: integer + name: + description: Server name + type: string + persistRepos: + description: Persist the Maven and KIE repositories + on ~/.m2/repository and ~/.kie/repository respectively. + The option persistRepos will be automatically set + to false when the Trial environment is set. + type: boolean + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + serversKiePvSize: + description: ServersKiePvSize the desired size of the + KIE local repository persistent volume. Defaults to + 10Mi + type: string + serversM2PvSize: + description: ServersM2PvSize the desired size of the + Maven persistent volume, the size of the files on + this directory can grow fast as all dependencies for + KIE Containers will be stored there. Defaults to 1Gi + type: string + ssoClient: + description: SSOAuthClient Auth client to use for the + SSO integration + properties: + hostnameHTTP: + description: Hostname to set as redirect URL + type: string + hostnameHTTPS: + description: Secure hostname to set as redirect + URL + type: string + name: + description: Client name + type: string + secret: + description: Client secret + format: password + type: string + type: object + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + type: object + type: array + smartRouter: + description: SmartRouterObject configuration of the RHPAM + smart router + properties: + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Image The image to use e.g. rhpam--rhel8, + this param is optional for custom image. + type: string + imageContext: + description: ImageContext The image context to use e.g. + rhpam-7, this param is optional for custom image. + type: string + imageTag: + description: ImageTag The image tag to use e.g. 7.9.0, + this param is optional for custom image. + type: string + jvm: + description: JvmObject JVM specification to be used by + the KieApp + properties: + gcAdaptiveSizePolicyWeight: + description: The weighting given to the current GC + time versus previous GC times when determining + the new heap size. e.g. '90' + format: int32 + type: integer + gcContainerOptions: + description: Specify Java GC to use. The value of + this variable should contain the necessary JRE command-line + options to specify the required GC, which will override + the default of '-XX:+UseParallelOldGC'. e.g. '-XX:+UseG1GC' + type: string + gcMaxHeapFreeRatio: + description: Maximum percentage of heap free after + GC to avoid shrinking. e.g. '40' + format: int32 + type: integer + gcMaxMetaspaceSize: + description: The maximum metaspace size in Mega bytes + unit e.g. 400 + format: int32 + type: integer + gcMinHeapFreeRatio: + description: Minimum percentage of heap free after + GC to avoid expansion. e.g. '20' + format: int32 + type: integer + gcTimeRatio: + description: Specifies the ratio of the time spent + outside the garbage collection (for example, the + time spent for application execution) to the time + spent in the garbage collection, it's desirable + that not more than 1 / (1 + n) e.g. 99 and means + 1% spent on gc, 4 means spent 20% on gc. + format: int32 + type: integer + javaDebug: + description: If set remote debugging will be switched + on. Disabled by default. e.g. 'true' + type: boolean + javaDebugPort: + description: Port used for remote debugging. Defaults + to 5005. e.g. '8787' + format: int32 + type: integer + javaDiagnostics: + description: Set this to get some diagnostics information + to standard output when things are happening. Disabled + by default. e.g. 'true' + type: boolean + javaInitialMemRatio: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate a default + initial heap memory based on the maximum heap memory. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xms' is set + to a ratio of the '-Xmx' memory as set here. The + default is '25' which means 25% of the '-Xmx' is + used as the initial heap size. You can skip this + mechanism by setting this value to '0' in which + case no '-Xms' option is added. e.g. '25' + format: int32 + type: integer + javaMaxInitialMem: + description: Is used when no '-Xms' option is given + in JAVA_OPTS. This is used to calculate the maximum + value of the initial heap memory. If used in a container + without any memory constraints for the container + then this option has no effect. If there is a memory + constraint then '-Xms' is limited to the value set + here. The default is 4096Mb which means the calculated + value of '-Xms' never will be greater than 4096Mb. + The value of this variable is expressed in MB. e.g. + '4096' + format: int32 + type: integer + javaMaxMemRatio: + description: Is used when no '-Xmx' option is given + in JAVA_OPTS. This is used to calculate a default + maximal heap memory based on a containers restriction. + If used in a container without any memory constraints + for the container then this option has no effect. + If there is a memory constraint then '-Xmx' is set + to a ratio of the container available memory as + set here. The default is '50' which means 50% of + the available memory is used as an upper boundary. + You can skip this mechanism by setting this value + to '0' in which case no '-Xmx' option is added. + format: int32 + type: integer + javaOptsAppend: + description: User specified Java options to be appended + to generated options in JAVA_OPTS. e.g. '-Dsome.property=foo' + type: string + type: object + keystoreSecret: + description: KeystoreSecret secret name + type: string + protocol: + description: Smart Router protocol, if no value is provided, + http is the default protocol. + enum: + - http + - https + type: string + replicas: + description: Replicas to set for the DeploymentConfig + format: int32 + type: integer + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + routeHostname: + description: RouteHostname will define the route.spec.host + value + type: string + storageClassName: + description: StorageClassName The storageClassName to + use for kie pvc's. + type: string + terminationRoute: + description: TerminationRoute configuration of the routes + used by RHPAM components + properties: + caCertificate: + description: CaCertificate if used on Edge termination + (optional) + type: string + certificate: + description: Certificate if used on Edge termination + (optional) + type: string + enableEdge: + description: Enable edge termination, it use http + type: boolean + key: + description: Private Key if used on Edge termination + (optional) + type: string + type: object + useExternalRoute: + description: If enabled, Business Central will use the + external smartrouter route to communicate with it. Note + that, valid SSL certificates should be used. + type: boolean + type: object + type: object + scheduledImportPolicy: + description: Set to true to enable scheduled import policy on + the ImageStream. This will work only if you are using ImageStreamTag + otherwise with image digests it will be ignored + type: boolean + truststore: + description: Defines which truststore is used by the console, + kieservers, smartrouter, and dashbuilder + properties: + openshiftCaBundle: + description: Set true to use Openshift's CA Bundle as a truststore, + instead of java's cacert. + type: boolean + type: object + upgrades: + description: Specify the level of product upgrade that should + be allowed when an older product version is detected + properties: + enabled: + description: Set true to enable automatic micro version product + upgrades, it is disabled by default. + type: boolean + minor: + description: Set true to enable automatic minor product version + upgrades, it is disabled by default. Requires spec.upgrades.enabled + to be true. + type: boolean + type: object + useImageTags: + description: Set true to enable image tags, disabled by default. + This will leverage image tags instead of the image digests. + type: boolean + version: + description: The version of the application deployment. + type: string + required: + - environment + type: object + conditions: + items: + description: Condition - The condition for the kie-cloud-operator + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ReasonType - type of reason + type: string + status: + type: string + type: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - status + - type + type: object + type: array + consoleHost: + type: string + deployments: + properties: + ready: + description: Deployments are ready to serve requests + items: + type: string + type: array + starting: + description: Deployments are starting, may or may not succeed + items: + type: string + type: array + stopped: + description: Deployments are not starting, unclear what next step + will be + items: + type: string + type: array + type: object + phase: + description: ConditionType - type of condition + type: string + version: + type: string + required: + - conditions + - deployments + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/olm-catalog/test/7.13.4-1/metadata/annotations.yaml b/deploy/olm-catalog/test/7.13.4-1/metadata/annotations.yaml new file mode 100644 index 000000000..724337620 --- /dev/null +++ b/deploy/olm-catalog/test/7.13.4-1/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: businessautomation-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.2 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/deploy/operator.yaml b/deploy/operator.yaml index c1d12acda..ed3ad140f 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -37,6 +37,30 @@ spec: value: "true" - name: DEBUG value: "false" + - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.4 + - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.4 + value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.4 + - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.4 + value: registry.redhat.io/openshift4/ose-cli:v4.12 + - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.4 + value: registry.redhat.io/rhscl/mysql-80-rhel7:latest + - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.4 + value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest + - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.4 + value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 + - name: RELATED_IMAGE_BROKER_IMAGE_7.13.4 + value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.3 value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.3 - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.3 @@ -61,30 +85,6 @@ spec: value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 - name: RELATED_IMAGE_BROKER_IMAGE_7.13.3 value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 - - name: RELATED_IMAGE_PAM_KIESERVER_IMAGE_7.13.2 - value: registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.13.2 - - name: RELATED_IMAGE_PAM_CONTROLLER_IMAGE_7.13.2 - value: registry.redhat.io/rhpam-7/rhpam-controller-rhel8:7.13.2 - - name: RELATED_IMAGE_PAM_BC_IMAGE_7.13.2 - value: registry.redhat.io/rhpam-7/rhpam-businesscentral-rhel8:7.13.2 - - name: RELATED_IMAGE_PAM_BC_MONITORING_IMAGE_7.13.2 - value: registry.redhat.io/rhpam-7/rhpam-businesscentral-monitoring-rhel8:7.13.2 - - name: RELATED_IMAGE_PAM_SMARTROUTER_IMAGE_7.13.2 - value: registry.redhat.io/rhpam-7/rhpam-smartrouter-rhel8:7.13.2 - - name: RELATED_IMAGE_PAM_PROCESS_MIGRATION_IMAGE_7.13.2 - value: registry.redhat.io/rhpam-7/rhpam-process-migration-rhel8:7.13.2 - - name: RELATED_IMAGE_PAM_DASHBUILDER_IMAGE_7.13.2 - value: registry.redhat.io/rhpam-7/rhpam-dashbuilder-rhel8:7.13.2 - - name: RELATED_IMAGE_OSE_CLI_IMAGE_7.13.2 - value: registry.redhat.io/openshift4/ose-cli:v4.12 - - name: RELATED_IMAGE_MYSQL_PROXY_IMAGE_7.13.2 - value: registry.redhat.io/rhscl/mysql-80-rhel7:latest - - name: RELATED_IMAGE_POSTGRESQL_PROXY_IMAGE_7.13.2 - value: registry.redhat.io/rhscl/postgresql-13-rhel7:latest - - name: RELATED_IMAGE_DATAGRID_IMAGE_7.13.2 - value: registry.redhat.io/datagrid/datagrid-8-rhel8:1.3 - - name: RELATED_IMAGE_BROKER_IMAGE_7.13.2 - value: registry.redhat.io/amq7/amq-broker-rhel8:7.9 - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_LATEST value: registry.redhat.io/openshift4/ose-oauth-proxy:latest - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.12 @@ -93,7 +93,7 @@ spec: value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.11 - name: RELATED_IMAGE_OAUTH_PROXY_IMAGE_4.10 value: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10 - image: quay.io/kiegroup/kie-cloud-operator:7.13.3 + image: quay.io/kiegroup/kie-cloud-operator:7.13.4 imagePullPolicy: Always name: business-automation-operator resources: {} diff --git a/pkg/controller/kieapp/constants/constants.go b/pkg/controller/kieapp/constants/constants.go index dbadee876..9a7c124d2 100644 --- a/pkg/controller/kieapp/constants/constants.go +++ b/pkg/controller/kieapp/constants/constants.go @@ -12,9 +12,9 @@ var Ocp4Versions = []string{"4.12", "4.11", "4.10"} const ( // CurrentVersion product version supported - CurrentVersion = "7.13.3" + CurrentVersion = "7.13.4" // PriorVersion product version supported - PriorVersion = "7.13.2" + PriorVersion = "7.13.3" ) // SupportedVersions - product versions this operator supports diff --git a/rhpam-config/7.13.2/common.yaml b/rhpam-config/7.13.4/common.yaml similarity index 100% rename from rhpam-config/7.13.2/common.yaml rename to rhpam-config/7.13.4/common.yaml diff --git a/rhpam-config/7.13.2/dashbuilder/rhpam-standalone-dashbuilder.yaml b/rhpam-config/7.13.4/dashbuilder/rhpam-standalone-dashbuilder.yaml similarity index 100% rename from rhpam-config/7.13.2/dashbuilder/rhpam-standalone-dashbuilder.yaml rename to rhpam-config/7.13.4/dashbuilder/rhpam-standalone-dashbuilder.yaml diff --git a/rhpam-config/7.13.2/dbs/mysql.yaml b/rhpam-config/7.13.4/dbs/mysql.yaml similarity index 100% rename from rhpam-config/7.13.2/dbs/mysql.yaml rename to rhpam-config/7.13.4/dbs/mysql.yaml diff --git a/rhpam-config/7.13.2/dbs/pim/external.yaml b/rhpam-config/7.13.4/dbs/pim/external.yaml similarity index 100% rename from rhpam-config/7.13.2/dbs/pim/external.yaml rename to rhpam-config/7.13.4/dbs/pim/external.yaml diff --git a/rhpam-config/7.13.2/dbs/pim/mysql.yaml b/rhpam-config/7.13.4/dbs/pim/mysql.yaml similarity index 100% rename from rhpam-config/7.13.2/dbs/pim/mysql.yaml rename to rhpam-config/7.13.4/dbs/pim/mysql.yaml diff --git a/rhpam-config/7.13.2/dbs/pim/postgresql.yaml b/rhpam-config/7.13.4/dbs/pim/postgresql.yaml similarity index 100% rename from rhpam-config/7.13.2/dbs/pim/postgresql.yaml rename to rhpam-config/7.13.4/dbs/pim/postgresql.yaml diff --git a/rhpam-config/7.13.2/dbs/postgresql.yaml b/rhpam-config/7.13.4/dbs/postgresql.yaml similarity index 100% rename from rhpam-config/7.13.2/dbs/postgresql.yaml rename to rhpam-config/7.13.4/dbs/postgresql.yaml diff --git a/rhpam-config/7.13.2/dbs/servers/external.yaml b/rhpam-config/7.13.4/dbs/servers/external.yaml similarity index 91% rename from rhpam-config/7.13.2/dbs/servers/external.yaml rename to rhpam-config/7.13.4/dbs/servers/external.yaml index 644459164..a8b987664 100644 --- a/rhpam-config/7.13.2/dbs/servers/external.yaml +++ b/rhpam-config/7.13.4/dbs/servers/external.yaml @@ -35,10 +35,17 @@ servers: value: "[[.Database.ExternalConfig.Password]]" - name: RHPAM_NONXA value: "[[.Database.ExternalConfig.NonXA]]" + #[[if .Database.ExternalConfig.JdbcURL]] - name: RHPAM_URL value: "[[.Database.ExternalConfig.JdbcURL]]" + #[[if or (contains .Database.ExternalConfig.Driver "postgresql") (contains .Database.ExternalConfig.Driver "mariadb") ]] + - name: RHPAM_XA_CONNECTION_PROPERTY_Url + value: "[[.Database.ExternalConfig.JdbcURL]]" + #[[ else ]] - name: RHPAM_XA_CONNECTION_PROPERTY_URL value: "[[.Database.ExternalConfig.JdbcURL]]" + #[[ end ]] + #[[ end ]] - name: RHPAM_MIN_POOL_SIZE value: "[[.Database.ExternalConfig.MinPoolSize]]" - name: RHPAM_MAX_POOL_SIZE diff --git a/rhpam-config/7.13.2/dbs/servers/h2.yaml b/rhpam-config/7.13.4/dbs/servers/h2.yaml similarity index 100% rename from rhpam-config/7.13.2/dbs/servers/h2.yaml rename to rhpam-config/7.13.4/dbs/servers/h2.yaml diff --git a/rhpam-config/7.13.2/dbs/servers/mysql.yaml b/rhpam-config/7.13.4/dbs/servers/mysql.yaml similarity index 100% rename from rhpam-config/7.13.2/dbs/servers/mysql.yaml rename to rhpam-config/7.13.4/dbs/servers/mysql.yaml diff --git a/rhpam-config/7.13.2/dbs/servers/postgresql.yaml b/rhpam-config/7.13.4/dbs/servers/postgresql.yaml similarity index 100% rename from rhpam-config/7.13.2/dbs/servers/postgresql.yaml rename to rhpam-config/7.13.4/dbs/servers/postgresql.yaml diff --git a/rhpam-config/7.13.2/envs/rhdm-authoring-ha.yaml b/rhpam-config/7.13.4/envs/rhdm-authoring-ha.yaml similarity index 100% rename from rhpam-config/7.13.2/envs/rhdm-authoring-ha.yaml rename to rhpam-config/7.13.4/envs/rhdm-authoring-ha.yaml diff --git a/rhpam-config/7.13.2/envs/rhdm-authoring.yaml b/rhpam-config/7.13.4/envs/rhdm-authoring.yaml similarity index 100% rename from rhpam-config/7.13.2/envs/rhdm-authoring.yaml rename to rhpam-config/7.13.4/envs/rhdm-authoring.yaml diff --git a/rhpam-config/7.13.2/envs/rhdm-production-immutable.yaml b/rhpam-config/7.13.4/envs/rhdm-production-immutable.yaml similarity index 100% rename from rhpam-config/7.13.2/envs/rhdm-production-immutable.yaml rename to rhpam-config/7.13.4/envs/rhdm-production-immutable.yaml diff --git a/rhpam-config/7.13.2/envs/rhdm-trial.yaml b/rhpam-config/7.13.4/envs/rhdm-trial.yaml similarity index 100% rename from rhpam-config/7.13.2/envs/rhdm-trial.yaml rename to rhpam-config/7.13.4/envs/rhdm-trial.yaml diff --git a/rhpam-config/7.13.2/envs/rhpam-authoring-ha.yaml b/rhpam-config/7.13.4/envs/rhpam-authoring-ha.yaml similarity index 100% rename from rhpam-config/7.13.2/envs/rhpam-authoring-ha.yaml rename to rhpam-config/7.13.4/envs/rhpam-authoring-ha.yaml diff --git a/rhpam-config/7.13.2/envs/rhpam-authoring.yaml b/rhpam-config/7.13.4/envs/rhpam-authoring.yaml similarity index 100% rename from rhpam-config/7.13.2/envs/rhpam-authoring.yaml rename to rhpam-config/7.13.4/envs/rhpam-authoring.yaml diff --git a/rhpam-config/7.13.2/envs/rhpam-production-immutable.yaml b/rhpam-config/7.13.4/envs/rhpam-production-immutable.yaml similarity index 100% rename from rhpam-config/7.13.2/envs/rhpam-production-immutable.yaml rename to rhpam-config/7.13.4/envs/rhpam-production-immutable.yaml diff --git a/rhpam-config/7.13.2/envs/rhpam-production.yaml b/rhpam-config/7.13.4/envs/rhpam-production.yaml similarity index 100% rename from rhpam-config/7.13.2/envs/rhpam-production.yaml rename to rhpam-config/7.13.4/envs/rhpam-production.yaml diff --git a/rhpam-config/7.13.2/envs/rhpam-standalone-dashbuilder.yaml b/rhpam-config/7.13.4/envs/rhpam-standalone-dashbuilder.yaml similarity index 100% rename from rhpam-config/7.13.2/envs/rhpam-standalone-dashbuilder.yaml rename to rhpam-config/7.13.4/envs/rhpam-standalone-dashbuilder.yaml diff --git a/rhpam-config/7.13.2/envs/rhpam-trial.yaml b/rhpam-config/7.13.4/envs/rhpam-trial.yaml similarity index 100% rename from rhpam-config/7.13.2/envs/rhpam-trial.yaml rename to rhpam-config/7.13.4/envs/rhpam-trial.yaml diff --git a/rhpam-config/7.13.2/jms/activemq-jms-config.yaml b/rhpam-config/7.13.4/jms/activemq-jms-config.yaml similarity index 100% rename from rhpam-config/7.13.2/jms/activemq-jms-config.yaml rename to rhpam-config/7.13.4/jms/activemq-jms-config.yaml diff --git a/rhpam-config/7.13.2/pim/process-migration.yaml b/rhpam-config/7.13.4/pim/process-migration.yaml similarity index 100% rename from rhpam-config/7.13.2/pim/process-migration.yaml rename to rhpam-config/7.13.4/pim/process-migration.yaml diff --git a/version/version.go b/version/version.go index ea5411abe..77d0ef23d 100644 --- a/version/version.go +++ b/version/version.go @@ -8,9 +8,9 @@ var ( // Version - current version Version = constants.CurrentVersion // CsvVersion - csv release - CsvVersion = Version + "-5" + CsvVersion = Version + "-1" // PriorVersion - prior version - PriorVersion = constants.CurrentVersion + PriorVersion = constants.PriorVersion // CsvPriorVersion - prior csv release - CsvPriorVersion = PriorVersion + "-4" + CsvPriorVersion = PriorVersion + "-5" ) From 46ceae80caf546281aa93f46a1c7a91690f41dd5 Mon Sep 17 00:00:00 2001 From: Spolti Date: Fri, 11 Aug 2023 11:01:52 -0300 Subject: [PATCH 08/10] [RHPAM-4754] - Unable to set direct-verification=true individually in LDAP realm by operator Signed-off-by: Spolti --- pkg/apis/app/v2/kieapp_types.go | 3 +++ .../7.13.3/dashbuilder/rhpam-standalone-dashbuilder.yaml | 2 ++ 2 files changed, 5 insertions(+) diff --git a/pkg/apis/app/v2/kieapp_types.go b/pkg/apis/app/v2/kieapp_types.go index 52ae0a30e..b7d32d863 100644 --- a/pkg/apis/app/v2/kieapp_types.go +++ b/pkg/apis/app/v2/kieapp_types.go @@ -427,6 +427,9 @@ type LDAPAuthConfig struct { // Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise. // Boolean flag, defaults to false. AllowEmptyPasswords bool `json:"allowEmptyPasswords,omitempty"` + // Does this realm support verification of credentials by directly connecting to LDAP as the account being + // authenticated? Boolean flag, defaults to false. + DirectVerification bool `json:"directVerification,omitempty"` // +kubebuilder:validation:Required // LDAP endpoint to connect for authentication. For failover set two or more LDAP endpoints separated by space URL string `json:"url"` diff --git a/rhpam-config/7.13.3/dashbuilder/rhpam-standalone-dashbuilder.yaml b/rhpam-config/7.13.3/dashbuilder/rhpam-standalone-dashbuilder.yaml index be8fc0034..073b1b9d8 100644 --- a/rhpam-config/7.13.3/dashbuilder/rhpam-standalone-dashbuilder.yaml +++ b/rhpam-config/7.13.3/dashbuilder/rhpam-standalone-dashbuilder.yaml @@ -212,6 +212,8 @@ dashbuilder: value: "[[.Auth.LDAP.BindCredential]]" - name: AUTH_LDAP_ALLOW_EMPTY_PASSWORDS value: "[[.Auth.LDAP.AllowEmptyPasswords]]" + - name: AUTH_LDAP_DIRECT_VERIFICATION + value: "[[$.Auth.LDAP.DirectVerification]]" - name: AUTH_LDAP_BASE_CTX_DN value: "[[.Auth.LDAP.BaseCtxDN]]" - name: AUTH_LDAP_BASE_FILTER From d3ae82406043e13480944f72375090ad24b4405b Mon Sep 17 00:00:00 2001 From: Spolti Date: Fri, 11 Aug 2023 12:18:04 -0300 Subject: [PATCH 09/10] [RHPAM-4754] - Unable to set direct-verification=true individually in LDAP realm by operator Signed-off-by: Spolti --- deploy/crds/kieapp.crd.yaml | 10 +++++++++ ...mation-operator.clusterserviceversion.yaml | 10 ++++----- .../dev/7.13.4-1/manifests/kieapp.crd.yaml | 10 +++++++++ ...mation-operator.clusterserviceversion.yaml | 2 +- .../prod/7.13.4-1/manifests/kieapp.crd.yaml | 10 +++++++++ ...mation-operator.clusterserviceversion.yaml | 10 ++++----- .../test/7.13.4-1/manifests/kieapp.crd.yaml | 10 +++++++++ pkg/controller/kieapp/defaults/auth_test.go | 22 +++++++++++++++++-- pkg/controller/kieapp/defaults/defaults.go | 3 +-- .../kieapp/defaults/upgrade_test.go | 12 +++++----- rhpam-config/7.13.4/common.yaml | 4 ++++ .../rhpam-standalone-dashbuilder.yaml | 2 ++ 12 files changed, 84 insertions(+), 21 deletions(-) diff --git a/deploy/crds/kieapp.crd.yaml b/deploy/crds/kieapp.crd.yaml index 09474bb77..d4e416eac 100644 --- a/deploy/crds/kieapp.crd.yaml +++ b/deploy/crds/kieapp.crd.yaml @@ -83,6 +83,11 @@ spec: defaultRole: description: A role included for all authenticated users type: string + directVerification: + description: Does this realm support verification of credentials + by directly connecting to LDAP as the account being authenticated? + Boolean flag, defaults to false. + type: boolean distinguishedNameAttribute: description: Deprecated - parameter not supported by Elytron The name of the attribute in the user entry that contains @@ -3058,6 +3063,11 @@ spec: defaultRole: description: A role included for all authenticated users type: string + directVerification: + description: Does this realm support verification of credentials + by directly connecting to LDAP as the account being + authenticated? Boolean flag, defaults to false. + type: boolean distinguishedNameAttribute: description: Deprecated - parameter not supported by Elytron The name of the attribute in the user entry that contains diff --git a/deploy/olm-catalog/dev/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/dev/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml index bfd45ef16..1ff87a5c4 100644 --- a/deploy/olm-catalog/dev/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/dev/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -7,7 +7,7 @@ metadata: categories: Integration & Delivery certified: "false" containerImage: quay.io/kiegroup/kie-cloud-operator:7.13.4 - createdAt: "2023-08-11 11:11:50" + createdAt: "2023-08-11 12:09:14" description: Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. operators.openshift.io/infrastructure-features: '["Disconnected"]' @@ -20,7 +20,7 @@ metadata: operator-businessautomation: "true" operatorframework.io/arch.amd64: supported operatorframework.io/os.linux: supported - name: businessautomation-operator.7.13.4-1-dev-vgv827tf24 + name: businessautomation-operator.7.13.4-1-dev-xz5dhdqdcf namespace: placeholder spec: apiservicedefinitions: {} @@ -403,7 +403,7 @@ spec: - operator labels: alm-owner-businessautomation: businessautomation-operator - operated-by: businessautomation-operator.7.13.4-1-dev-vgv827tf24 + operated-by: businessautomation-operator.7.13.4-1-dev-xz5dhdqdcf links: - name: Product Page url: https://access.redhat.com/products/red-hat-process-automation-manager @@ -419,5 +419,5 @@ spec: selector: matchLabels: alm-owner-businessautomation: businessautomation-operator - operated-by: businessautomation-operator.7.13.4-1-dev-vgv827tf24 - version: 7.13.4-1+vgv827tf24 + operated-by: businessautomation-operator.7.13.4-1-dev-xz5dhdqdcf + version: 7.13.4-1+xz5dhdqdcf diff --git a/deploy/olm-catalog/dev/7.13.4-1/manifests/kieapp.crd.yaml b/deploy/olm-catalog/dev/7.13.4-1/manifests/kieapp.crd.yaml index 09474bb77..d4e416eac 100644 --- a/deploy/olm-catalog/dev/7.13.4-1/manifests/kieapp.crd.yaml +++ b/deploy/olm-catalog/dev/7.13.4-1/manifests/kieapp.crd.yaml @@ -83,6 +83,11 @@ spec: defaultRole: description: A role included for all authenticated users type: string + directVerification: + description: Does this realm support verification of credentials + by directly connecting to LDAP as the account being authenticated? + Boolean flag, defaults to false. + type: boolean distinguishedNameAttribute: description: Deprecated - parameter not supported by Elytron The name of the attribute in the user entry that contains @@ -3058,6 +3063,11 @@ spec: defaultRole: description: A role included for all authenticated users type: string + directVerification: + description: Does this realm support verification of credentials + by directly connecting to LDAP as the account being + authenticated? Boolean flag, defaults to false. + type: boolean distinguishedNameAttribute: description: Deprecated - parameter not supported by Elytron The name of the attribute in the user entry that contains diff --git a/deploy/olm-catalog/prod/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/prod/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml index 57722c888..59d2b9ff3 100644 --- a/deploy/olm-catalog/prod/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/prod/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -7,7 +7,7 @@ metadata: categories: Integration & Delivery certified: "true" containerImage: registry.stage.redhat.io/rhpam-7/rhpam-rhel8-operator:7.13.4 - createdAt: "2023-08-11 11:11:50" + createdAt: "2023-08-11 12:09:14" description: Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. operators.openshift.io/infrastructure-features: '["Disconnected"]' diff --git a/deploy/olm-catalog/prod/7.13.4-1/manifests/kieapp.crd.yaml b/deploy/olm-catalog/prod/7.13.4-1/manifests/kieapp.crd.yaml index 09474bb77..d4e416eac 100644 --- a/deploy/olm-catalog/prod/7.13.4-1/manifests/kieapp.crd.yaml +++ b/deploy/olm-catalog/prod/7.13.4-1/manifests/kieapp.crd.yaml @@ -83,6 +83,11 @@ spec: defaultRole: description: A role included for all authenticated users type: string + directVerification: + description: Does this realm support verification of credentials + by directly connecting to LDAP as the account being authenticated? + Boolean flag, defaults to false. + type: boolean distinguishedNameAttribute: description: Deprecated - parameter not supported by Elytron The name of the attribute in the user entry that contains @@ -3058,6 +3063,11 @@ spec: defaultRole: description: A role included for all authenticated users type: string + directVerification: + description: Does this realm support verification of credentials + by directly connecting to LDAP as the account being + authenticated? Boolean flag, defaults to false. + type: boolean distinguishedNameAttribute: description: Deprecated - parameter not supported by Elytron The name of the attribute in the user entry that contains diff --git a/deploy/olm-catalog/test/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml b/deploy/olm-catalog/test/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml index 11a216e3a..1a1cafc58 100644 --- a/deploy/olm-catalog/test/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/test/7.13.4-1/manifests/businessautomation-operator.clusterserviceversion.yaml @@ -7,7 +7,7 @@ metadata: categories: Integration & Delivery certified: "true" containerImage: registry-proxy.engineering.redhat.com/rh-osbs/rhpam-7-rhpam-rhel8-operator:7.13.4 - createdAt: "2023-08-11 11:11:50" + createdAt: "2023-08-11 12:09:14" description: Deploys and manages Red Hat Process Automation Manager and Red Hat Decision Manager environments. operators.openshift.io/infrastructure-features: '["Disconnected"]' @@ -20,7 +20,7 @@ metadata: operator-businessautomation: "true" operatorframework.io/arch.amd64: supported operatorframework.io/os.linux: supported - name: businessautomation-operator.7.13.4-1-dev-nf729k4z9v + name: businessautomation-operator.7.13.4-1-dev-wwtq59qtff namespace: placeholder spec: apiservicedefinitions: {} @@ -403,7 +403,7 @@ spec: - operator labels: alm-owner-businessautomation: businessautomation-operator - operated-by: businessautomation-operator.7.13.4-1-dev-nf729k4z9v + operated-by: businessautomation-operator.7.13.4-1-dev-wwtq59qtff links: - name: Product Page url: https://access.redhat.com/products/red-hat-process-automation-manager @@ -419,5 +419,5 @@ spec: selector: matchLabels: alm-owner-businessautomation: businessautomation-operator - operated-by: businessautomation-operator.7.13.4-1-dev-nf729k4z9v - version: 7.13.4-1+nf729k4z9v + operated-by: businessautomation-operator.7.13.4-1-dev-wwtq59qtff + version: 7.13.4-1+wwtq59qtff diff --git a/deploy/olm-catalog/test/7.13.4-1/manifests/kieapp.crd.yaml b/deploy/olm-catalog/test/7.13.4-1/manifests/kieapp.crd.yaml index 09474bb77..d4e416eac 100644 --- a/deploy/olm-catalog/test/7.13.4-1/manifests/kieapp.crd.yaml +++ b/deploy/olm-catalog/test/7.13.4-1/manifests/kieapp.crd.yaml @@ -83,6 +83,11 @@ spec: defaultRole: description: A role included for all authenticated users type: string + directVerification: + description: Does this realm support verification of credentials + by directly connecting to LDAP as the account being authenticated? + Boolean flag, defaults to false. + type: boolean distinguishedNameAttribute: description: Deprecated - parameter not supported by Elytron The name of the attribute in the user entry that contains @@ -3058,6 +3063,11 @@ spec: defaultRole: description: A role included for all authenticated users type: string + directVerification: + description: Does this realm support verification of credentials + by directly connecting to LDAP as the account being + authenticated? Boolean flag, defaults to false. + type: boolean distinguishedNameAttribute: description: Deprecated - parameter not supported by Elytron The name of the attribute in the user entry that contains diff --git a/pkg/controller/kieapp/defaults/auth_test.go b/pkg/controller/kieapp/defaults/auth_test.go index a64ff9fb6..c10424e06 100644 --- a/pkg/controller/kieapp/defaults/auth_test.go +++ b/pkg/controller/kieapp/defaults/auth_test.go @@ -351,6 +351,14 @@ func TestAuthLDAPEmptyConfig(t *testing.T) { } func TestAuthLDAPConfig(t *testing.T) { + commonTestLDAPConfig(t, true, false) +} + +func TestAuthLDAPConfigWithDirectVerification(t *testing.T) { + commonTestLDAPConfig(t, false, true) +} + +func commonTestLDAPConfig(t *testing.T, emptyPass bool, directVerification bool) { cr := &api.KieApp{ ObjectMeta: metav1.ObjectMeta{ Name: "test", @@ -371,11 +379,16 @@ func TestAuthLDAPConfig(t *testing.T) { NewIdentityAttributes: "sn=BlankSurname;cn=BlankCommonName", LoginModule: "required", LoginFailover: true, - AllowEmptyPasswords: true, + AllowEmptyPasswords: emptyPass, }, }, }, } + + if directVerification { + cr.Spec.Auth.LDAP.DirectVerification = directVerification + } + env, err := GetEnvironment(cr, test.MockService()) assert.Nil(t, err, "Error getting trial environment") @@ -389,8 +402,13 @@ func TestAuthLDAPConfig(t *testing.T) { {Name: "AUTH_LDAP_NEW_IDENTITY_ATTRIBUTES", Value: "sn=BlankSurname;cn=BlankCommonName"}, {Name: "AUTH_LDAP_LOGIN_MODULE", Value: "required"}, {Name: "AUTH_LDAP_LOGIN_FAILOVER", Value: "true"}, - {Name: "AUTH_LDAP_ALLOW_EMPTY_PASSWORDS", Value: "true"}, + {Name: "AUTH_LDAP_ALLOW_EMPTY_PASSWORDS", Value: strconv.FormatBool(emptyPass)}, } + + if directVerification { + expectedEnvs = append(expectedEnvs, corev1.EnvVar{Name: "AUTH_LDAP_DIRECT_VERIFICATION", Value: "true"}) + } + for _, expectedEnv := range expectedEnvs { assert.Contains(t, env.Console.DeploymentConfigs[0].Spec.Template.Spec.Containers[0].Env, expectedEnv, "Console does not contain env %v", expectedEnv) for i := range env.Servers { diff --git a/pkg/controller/kieapp/defaults/defaults.go b/pkg/controller/kieapp/defaults/defaults.go index b49bc4977..83eb27f06 100644 --- a/pkg/controller/kieapp/defaults/defaults.go +++ b/pkg/controller/kieapp/defaults/defaults.go @@ -1360,8 +1360,7 @@ func parseTemplate(env api.EnvTemplate, objYaml string) ([]byte, error) { // template replacement err = tmpl.Execute(&b, env) if err != nil { - log.Error("Error applying Go template.") - + log.Error("Error applying Go template.", err) return []byte{}, err } diff --git a/pkg/controller/kieapp/defaults/upgrade_test.go b/pkg/controller/kieapp/defaults/upgrade_test.go index 0535b7282..d7c6b24fc 100644 --- a/pkg/controller/kieapp/defaults/upgrade_test.go +++ b/pkg/controller/kieapp/defaults/upgrade_test.go @@ -94,8 +94,8 @@ func TestCheckProductUpgrade(t *testing.T) { assert.True(t, micro) diffs = configDiffs(getConfigVersionLists(cr.Status.Applied.Version, constants.CurrentVersion)) - //assert.NotEmpty(t, diffs) - assert.Empty(t, diffs) + assert.NotEmpty(t, diffs) + //assert.Empty(t, diffs) // Past version, all upgrades true cr = &api.KieApp{ @@ -114,8 +114,8 @@ func TestCheckProductUpgrade(t *testing.T) { assert.True(t, micro) diffs = configDiffs(getConfigVersionLists(cr.Status.Applied.Version, constants.CurrentVersion)) - //assert.NotEmpty(t, diffs) - assert.Empty(t, diffs) + assert.NotEmpty(t, diffs) + //assert.Empty(t, diffs) // check upgrade against version in status section cr.Status.Applied.Version = constants.PriorVersion @@ -167,6 +167,6 @@ func TestCheckProductUpgrade(t *testing.T) { assert.False(t, micro) diffs = configDiffs(getConfigVersionLists(cr.Status.Applied.Version, constants.CurrentVersion)) - //assert.NotEmpty(t, diffs) - assert.Empty(t, diffs) + assert.NotEmpty(t, diffs) + //assert.Empty(t, diffs) } diff --git a/rhpam-config/7.13.4/common.yaml b/rhpam-config/7.13.4/common.yaml index 67d5be441..1cf2b49d5 100644 --- a/rhpam-config/7.13.4/common.yaml +++ b/rhpam-config/7.13.4/common.yaml @@ -196,6 +196,8 @@ console: value: "[[.Auth.LDAP.BindCredential]]" - name: AUTH_LDAP_ALLOW_EMPTY_PASSWORDS value: "[[.Auth.LDAP.AllowEmptyPasswords]]" + - name: AUTH_LDAP_DIRECT_VERIFICATION + value: "[[.Auth.LDAP.DirectVerification]]" - name: AUTH_LDAP_BASE_CTX_DN value: "[[.Auth.LDAP.BaseCtxDN]]" - name: AUTH_LDAP_BASE_FILTER @@ -974,6 +976,8 @@ servers: value: "[[$.Auth.LDAP.BindCredential]]" - name: AUTH_LDAP_ALLOW_EMPTY_PASSWORDS value: "[[$.Auth.LDAP.AllowEmptyPasswords]]" + - name: AUTH_LDAP_DIRECT_VERIFICATION + value: "[[$.Auth.LDAP.DirectVerification]]" - name: AUTH_LDAP_BASE_CTX_DN value: "[[$.Auth.LDAP.BaseCtxDN]]" - name: AUTH_LDAP_BASE_FILTER diff --git a/rhpam-config/7.13.4/dashbuilder/rhpam-standalone-dashbuilder.yaml b/rhpam-config/7.13.4/dashbuilder/rhpam-standalone-dashbuilder.yaml index be8fc0034..4cec11ab8 100644 --- a/rhpam-config/7.13.4/dashbuilder/rhpam-standalone-dashbuilder.yaml +++ b/rhpam-config/7.13.4/dashbuilder/rhpam-standalone-dashbuilder.yaml @@ -212,6 +212,8 @@ dashbuilder: value: "[[.Auth.LDAP.BindCredential]]" - name: AUTH_LDAP_ALLOW_EMPTY_PASSWORDS value: "[[.Auth.LDAP.AllowEmptyPasswords]]" + - name: AUTH_LDAP_DIRECT_VERIFICATION + value: "[[.Auth.LDAP.DirectVerification]]" - name: AUTH_LDAP_BASE_CTX_DN value: "[[.Auth.LDAP.BaseCtxDN]]" - name: AUTH_LDAP_BASE_FILTER From 7abe0fc1f46f7e80a5f304301356d171f2474ae4 Mon Sep 17 00:00:00 2001 From: Spolti Date: Mon, 14 Aug 2023 10:43:08 -0300 Subject: [PATCH 10/10] fix config test Signed-off-by: Spolti --- .../7.13.3/dashbuilder/rhpam-standalone-dashbuilder.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/rhpam-config/7.13.3/dashbuilder/rhpam-standalone-dashbuilder.yaml b/rhpam-config/7.13.3/dashbuilder/rhpam-standalone-dashbuilder.yaml index 073b1b9d8..be8fc0034 100644 --- a/rhpam-config/7.13.3/dashbuilder/rhpam-standalone-dashbuilder.yaml +++ b/rhpam-config/7.13.3/dashbuilder/rhpam-standalone-dashbuilder.yaml @@ -212,8 +212,6 @@ dashbuilder: value: "[[.Auth.LDAP.BindCredential]]" - name: AUTH_LDAP_ALLOW_EMPTY_PASSWORDS value: "[[.Auth.LDAP.AllowEmptyPasswords]]" - - name: AUTH_LDAP_DIRECT_VERIFICATION - value: "[[$.Auth.LDAP.DirectVerification]]" - name: AUTH_LDAP_BASE_CTX_DN value: "[[.Auth.LDAP.BaseCtxDN]]" - name: AUTH_LDAP_BASE_FILTER