Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 7. JWS Operator CRD parameters

The JWS Operator provides a set of custom resource definition (CRD) parameters. When you create a custom resource WebServer file for a web application, you can specify parameter values in a <key>: <value> format. The JWS Operator uses the information that you specify in the custom resource WebServer file to deploy the web application.

7.1. CRD parameter hierarchy
Link kopieren

The JWS Operator provides CRD parameters in the following hierarchical format: 

applicationName: <value>
replicas: <value>
useSessionClustering: <value>
webImage:
   applicationImage: <value>
   imagePullSecret: <value>
   webApp:
      name: <value>
      sourceRepositoryURL: <value>
      sourceRepositoryRef: <value>
      contextDir: <value>
      webAppWarImage: <value>
      webAppWarImagePushSecret: <value>
      builder:
        image: <value>
        imagePullSecret: <value>
        applicationBuildScript: <value>
   webServerHealthCheck:
      serverReadinessScript: <value>
      serverLivenessScript: <value>
webImageStream:
   imageStreamName: <value>
   imageStreamNamespace: <value>
   webSources:
      sourceRepositoryUrl: <value>
      sourceRepositoryRef: <value>
      contextDir: <value>
      webhookSecrets:
         generic: <value>
         github: <value>
         gitlab: <value>
      webSourcesParams:
         mavenMirrorUrl: <value>
         artifactDir: <value>
         genericWebhookSecret: <value>  [Deprecated in 2.1 release]
         githubWebhookSecret: <value>  [Deprecated in 2.1 release]
   webServerHealthCheck:
      serverReadinessScript: <value>
      serverLivenessScript: <value>
tlsConfig:
   routeHostname: <value>
   certificateVerification: <value>
   tlsSecret: <value>
   tlsPassword: <value>
environmentVariables
persistentLogs:
   catalinaLogs: <value>
   enableAccessLogs: <value>
   volumeName: <value>
   storageClass: <value>
podResources
securityContext
volumeSpec:
   persistentVolumeClaims:
      - <value1>
      - <value2>
      - ...
   secrets:
      - <value1>
      - <value2>
      - ...
   configMaps:
      - <value1>
      - <value2>
      - ...
   volumeClaimTemplates
useInsightsClient [Technology Preview only]
Copy to Clipboard Toggle word wrap
Note

When you create a custom resource WebServer file, specify parameter names and values in the same hierarchical format that the preceding example outlines. For more information about creating a custom resource WebServer file, see Deploying an existing JWS image.

The genericWebhookSecret and githubWebhookSecret parameters are deprecated in the JWS Operator 2.1 release. The useInsightsClient parameter is a Technology Preview feature only.

7.2. CRD parameter details
Link kopieren

The following table describes the CRD parameters that the JWS Operator provides. This table shows each parameter name in the context of any higher-level parameters that are above it in the hierarchy.

Expand
Parameter nameDescription

replicas

The number of pods of the JBoss Web Server image that you want to run

For example:
replicas: 2

applicationName

The name of the web application that you want the JWS Operator to deploy

The application name must be a unique value in the OpenShift namespace or project. The JWS Operator uses the application name that you specify to create the route to access the web application.

For example:
applicationName: my-app

useSessionClustering

Enables DNSping session clustering

This is set to false by default. If you set this parameter to true, the image must be based on JBoss Web Server images, because session clustering uses the ENV_FILES environment variable and a shell script to add the clustering in the server.xml file.

Note

In this release, the session clustering functionality is available as a Technology Preview feature only. The current Operator version uses the DNS Membership Provider, which is limited because of DNS limitations. InetAddress.getAllByName() results are cached, which means session replications might not work while scaling up.

For example:
useSessionClustering: true

webImage

A set of parameters that controls how the JWS Operator deploys pods from existing images

This parameter contains applicationImage, imagePullSecret, webApp, and webServerHealthCheck fields.

webImage:
      applicationImage

The full path to the name of the application image that you want to deploy

For example:
applicationImage: quay.io/$user/my-image-name

webImage:
      imagePullSecret

The name of the secret that the JWS Operator uses to pull images from the repository

The secret must contain the key .dockerconfigjson. The JWS Operator mounts the secret and uses it similar to --authfile /mount_point/.dockerconfigjson to pull the images from the repository.

The Secret object definition file might contain several username and password values or tokens to allow access to images in the image stream, the builder image, and images built by the JWS Operator.

For example:
imagePullSecret: mysecret

webImage:
      webApp

A set of parameters that describe how the JWS Operator builds the web application that you want to add to the application image

If you do not specify the webApp parameter, the JWS Operator deploys the web application without building the application.

This parameter contains name, sourceRepositoryURL, sourceRepositoryRef, contextDir, webAppWarImage, webAppWarImagePushSecret, and builder fields.

webImage:
      webApp:
           name

The name of the web application file

The default name is ROOT.war.

For example:
name: my-app.war

webImage:
      webApp:
           sourceRepositoryURL

The URL where the application source files are located

The source should contain a Maven pom.xml file to support a Maven build. When Maven generates a .war file for the application, the .war file is copied to the webapps directory of the image that the JWS Operator uses to deploy the application (for example, /opt/jws-5.x/tomcat/webapps).

For example:
sourceRepositoryUrl: 'https://github.com/$user/demo-webapp.git'

webImage:
      webApp:
           sourceRepositoryRef

The branch of the source repository that the JWS Operator uses

For example:
sourceRepositoryRef: main

webImage:
      webApp:
           contextDir

The subdirectory in the source repository where the pom.xml file is located and the mvn install command is run

For example:
contextDir: /

webImage:
      webApp:
           webAppWarImage

The URL of the images where the JWS Operator pushes the built image

webImage:
      webApp:
           webAppWarImagePushSecret

The name of the secret that the JWS Operator uses to push images to the repository

The secret must contain the key .dockerconfigjson. The JWS Operator mounts the secret and uses it similar to --authfile /mount_point/.dockerconfigjson to push the image to the repository.

If the JWS Operator uses a pull secret to pull images from the repository, you must specify the name of the pull secret as the value for the webAppWarImagePushSecret parameter. See imagePullSecret for more information.

For example:
imagePullSecret: mysecret

webImage:
      webApp:
           builder

A set of parameters that describe how the JWS Operator builds the web application and creates and pushes the image to the image repository

Note

To ensure that the builder can operate successfully and run commands with different user IDs, the builder must have access to the anyuid SCC (security context constraint). To grant the builder access to the anyuid SCC, enter the following command:

oc adm policy add-scc-to-user anyuid -z builder

This parameter contains image, imagePullSecret, and applicationBuildScript fields.

webImage:
      webApp:
           builder:
                image

The image of the container where the JWS Operator builds the web application

For example:
image: quay.io/$user/tomcat10-buildah

webImage:
      webApp:
           builder:
                imagePullSecret

The name of the secret (if specified) that the JWS Operator uses to pull the builder image from the repository

The secret must contain the key .dockerconfigjson. The JWS Operator mounts the secret and uses it similar to --authfile /mount_point/.dockerconfigjson to pull the images from the repository.

The Secret object definition file might contain several username and password values or tokens to allow access to images in the image stream, the builder image, and images built by the JWS Operator.

For example:
imagePullSecret: mysecret

webImage:
      webApp:
           builder:
                applicationBuildScript

The script that the builder image uses to build the application .war file and move it to the /mnt directory

If you do not specify a value for this parameter, the builder image uses a default script that uses Maven and Buildah.

webImage:
      webServerHealthCheck

The health check that the JWS Operator uses

The default behavior is to use the health valve, which does not require any parameters.

This parameter contains serverReadinessScript and serverLivenessScript fields.

webImage:
      webServerHealthCheck:
           serverReadinessScript

A string that specifies the logic for the pod readiness health check

If this parameter is not specified, the JWS Operator uses the default health check by using the OpenShift internal registry to check http://localhost:8080/health.

For example:
serverReadinessScript: /bin/bash -c " /usr/bin/curl --noproxy '*' -s 'http://localhost:8080/health' | /usr/bin/grep -i 'status.*UP'"

webImage:
      webServerHealthCheck:
           serverLivenessScript

A string that specifies the logic for the pod liveness health check

This parameter is optional.

webImageStream

A set of parameters that control how the JWS Operator uses an image stream that provides images to run or to build upon

The JWS Operator uses the latest image in the image stream.

This parameter contains applicationImage, imagePullSecret, webApp, and webServerHealthCheck fields.

webImageStream:
      imageStreamName

The name of the image stream that you have created to allow the JWS Operator to find the base images

For example:
imageStreamName: my-image-name-imagestream:latest

webImageStream:
      imageStreamNamespace

The namespace or project where you have created the image stream

For example:
imageStreamNamespace: my-namespace

webImageStream:
      webSources

A set of parameters that describe where the application source files are located and how to build them

If you do not specify the webSources parameter, the JWS Operator deploys the latest image in the image stream.

This parameter contains sourceRepositoryUrl, sourceRepositoryRef, contextDir, and webSourcesParams fields.

webImageStream:
      webSources:
           sourceRepositoryUrl

The URL where the application source files are located

The source should contain a Maven pom.xml file to support a Maven build. When Maven generates a .war file for the application, the .war file is copied to the webapps directory of the image that the JWS Operator uses to deploy the application (for example, /opt/jws-5.x/tomcat/webapps).

For example:
sourceRepositoryUrl: 'https://github.com/$user/demo-webapp.git'

webImageStream:
      webSources:
           sourceRepositoryRef

The branch of the source repository that the JWS Operator uses

For example:
sourceRepositoryRef: main

webImageStream:
      webSources:
           contextDir

The subdirectory in the source repository where the pom.xml file is located and the mvn install command is run

For example:
contextDir: /

webImageStream:
      webSources:
           webhookSecrets

A set of parameters that specify secret names for triggering a build through a webhook

This parameter contains generic, github, and gitlab fields.

webImageStream:
      webSources:
           webhookSecrets:
                generic

The name of a secret for a generic webhook that can trigger a build

For more information about creating a secret, see Creating a secret for a webhook.

For more information about using generic webhooks, see Webhook Triggers.

For example:
generic: jws-secret

webImageStream:
      webSources:
           webhookSecrets:
                github

The name of a secret for a GitHub webhook that can trigger a build

For more information about creating a secret, see Creating a secret for a webhook.

For more information about using GitHub webhooks, see Webhook Triggers.

For example:
github: jws-secret

webImageStream:
      webSources:
           webhookSecrets:
                gitlab

The name of a secret for a GitLab webhook that can trigger a build

For more information about creating a secret, see Creating a secret for a webhook.

For more information about using GitLab webhooks, see Webhook Triggers.

For example:
gitlab: jws-secret

webImageStream:
      webSources:
           webSourcesParams

A set of parameters that describe how to build the application images

This parameter is optional.

This parameter contains mavenMirrorUrl, artifactDir, genericWebhookSecret, and githubWebhookSecret fields.

Note

The genericWebhookSecret and githubWebhookSecret fields are deprecated in the JWS Operator 2.1 release.

webImageStream:
      webSources:
           webSourcesParams:
                mavenMirrorUrl

The Maven proxy URL that Maven uses to build the web application

This parameter is required if the cluster does not have internet access.

webImageStream:
      webSources:
           webSourcesParams:
                artifactDir

The directory where Maven stores the .war file that Maven generates for the web application

The contents of this directory are copied to the webapps directory of the image that the JWS Operator uses to deploy the application (for example, /opt/jws-5.x/tomcat/webapps).

The default value is target.

webImageStream:
      webSources:
           webSourcesParams:
                genericWebHookSecret

Important

This parameter is deprecated in the 2.1 release. Use the webhookSecrets:generic parameter instead.

A webhook secret string

For more information about creating a secret, see Creating a secret for a webhook.

For more information about using generic webhooks, see Webhook Triggers.

For example:
genericWebhookSecret: qwerty

webImageStream:
      webSources:
           webSourcesParams:
                githubWebhookSecret

Important

This parameter is deprecated in the 2.1 release. Use the webhookSecrets:github parameter instead.

A webhook secret string specific to GitHub

For more information about creating a secret, see Creating a secret for a webhook.

For more information about using GitHub webhooks, see Webhook Triggers.

Note

You cannot perform manual tests of a GitHub webhook. GitHub generates the payload and it is not empty.

webImageStream:
      webServerHealthCheck

The health check that the JWS Operator uses

The default behavior is to use the health valve, which does not require any parameters.

This parameter contains serverReadinessScript and serverLivenessScript fields.

webImageStream:
      webServerHealthCheck:
           serverReadinessScript

A string that specifies the logic for the pod readiness health check

If this parameter is not specified, the JWS Operator uses the default health check by using the OpenShift internal registry to check http://localhost:8080/health.

For example:
serverReadinessScript: /bin/bash -c " /usr/bin/curl --noproxy '*' -s 'http://localhost:8080/health' | /usr/bin/grep -i 'status.*UP'"

webImageStream:
      webServerHealthCheck:
           serverLivenessScript

A string that specifies the logic for the pod liveness health check

This parameter is optional.

tlsConfig

A set of parameters that specify the TLS configuration for a web server

This parameter contains routeHostname, certificateVerification, tlsSecret, and tlsPassword fields.

tlsConfig:
      routeHostname

Indicates whether the Operator should create a route or whether the route uses TLS

Supported values are NONE and tls:

  • If you specify NONE, the Operator does not create the route. In this situation, you must create the route manually.
  • If you specify tls, the Operator creates a passthrough route to the web server.

For example:
routeHostname: NONE

tlsConfig:
      certificateVerification

Indicates whether the Operator should use the TLS connector with a client certificate

Supported values are required, optional, or empty.

For more information, see the Apache Tomcat HTTP Connector documentation about the certificateVerification attribute.

For example:
certificateVerification: required

tlsConfig:
      tlsSecret

The secret to use for the server certificate (server.cert) and server key (server.key) and the optional CA certificate for the client certificates (ca.cert)

For example:
tlsSecret: tlssecret

tlsConfig:
      tlsPassword

The passphrase used to protect the server key (server.key)

For example:
tlsPassword: changeit

environmentVariables

Environment variables for deployment

persistentLogs

A set of parameters that specify persistent volume and logging configuration

This parameter contains catalinaLogs, enableAccessLogs, volumeName, and storageClass fields.

persistentLogs:
      catalinaLogs

Indicates whether the catalina.out log file for every pod is saved in a persistent volume, to remain available after a possible pod failure.

Supported values are true or false.

For example:
catalinaLogs: true

persistentLogs:
      enableAccessLogs

Indicates whether the access_log log file for every pod is saved in a persistent volume, to remain available after a possible pod failure.

Supported values are true or false.

For example:
enableAccessLogs: true

persistentLogs:
      volumeName

Name of the persistent volume that is used to store the log files

For example:
volumeName: pv0000

persistentLogs:
      storageClass

Name of the storage class of the persistent volume that is used to store the log files

For example:
storageClass: nfs-client

podResources

Specifies the configuration of the CPU and memory resources that the web server uses

These values must be categorized under limits and requests.

For example:

resources:
   limits:
      cpu: 500m
   requests:
      cpu: 200m

These values are used for autoscaling. For more information about autoscaling, see Automatically scaling pods with the horizontal pod autoscaler.

securityContext

Defines the security capabilities that are required to run the application

volumeSpec

A set of parameters that specify the volumes to be mounted

This parameter contains persistentVolumeClaims, secrets, configMaps, and volumeClaimTemplates fields.

volumeSpec:
      persistentVolumeClaims

A list of the names of persistent volume claims (PVCs) that are to be mounted to the /volumes directory

For example:
persistentVolumeClaims:
      - <pvc1>
      - <pvc2>

volumeSpec:
      secrets

A list of the names of secrets that are to be mounted to the /secrets directory

For example:
secrets:
      - <secret1>
      - <secret2>

volumeSpec:
      configMaps

A list of the names of config maps that are to be mounted to the /configmaps directory

For example:
configMaps:
      - <configmap1>
      - <configmap2>

volumeSpec:
      volumeClaimTemplates

A list of PersistentVolumeClaimSpec properties for stateful applications

For more information about PersistentVolumeClaimSpec, see Storage APIs: PersistentVolumeClaim [v1].

useInsightsClient

Indicates whether to create a connection with the runtimes inventory operator that Red Hat provides

Supported values are true or false.

For example:
useInsightsClient: true

You can enable debug logging for the Insights client by setting the INSIGHTS_DEBUG environment variable to true.

Note

The useInsightsClient parameter requires use of a Red Hat JBoss Web Server 6.1 or later image. This parameter is a Technology Preview feature only.

Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat