Red Hat SummitChapter 2. What is new in JWS Operator 2.x?
JWS Operator 2.x provides level-2 Operator capabilities such as seamless integration. JWS Operator 2.x also supports Red Hat JBoss Web Server metering labels and includes some new or enhanced Custom Resource Definition (CRD) parameters.
2.1. What is new in the JWS Operator 2.1 release?
The JWS Operator 2.1 release includes the following new features and enhancements.
New webhookSecrets parameter
JWS Operator 2.1 introduces a webhookSecrets parameter under the webImageStream:webSources hierarchy in the CRD. This parameter specifies secret names for triggering a build through a generic, GitHub, or GitLab webhook.
The webhookSecrets parameter contains generic, github, and gitlab fields.
For more information, see JWS Operator CRD parameters.
New tlsConfig parameter
JWS Operator 2.1 introduces a tlsConfig parameter in the CRD. This parameter specifies the TLS configuration for a web server.
The tlsConfig parameter contains routeHostname, certificateVerification, tlsSecret, and tlsPassword fields.
For more information, see JWS Operator CRD parameters.
New environmentVariables parameter
JWS Operator 2.1 introduces an environmentVariables parameter in the CRD. This parameter specifies the environment variables for the deployment.
For more information, see JWS Operator CRD parameters.
New persistentLogs parameter
JWS Operator 2.1 introduces a persistentLogs parameter in the CRD. This parameter specifies persistent volume and logging configuration.
The persistentLogs parameter contains catalinaLogs, enableAccessLogs, volumeName, and storageClass fields.
For more information, see JWS Operator CRD parameters.
New podResources parameter
JWS Operator 2.1 introduces a podResources parameter in the CRD. This parameter specifies the configuration of the central processing unit (CPU) and memory resources that the web server uses.
For more information, see JWS Operator CRD parameters.
New securityContext parameter
JWS Operator 2.1 introduces a securityContext parameter in the CRD. This parameter defines the security capabilities that are required to run the application.
For more information, see JWS Operator CRD parameters.
New useInsightsClient parameter
JWS Operator 2.1 introduces a useInsightsClient parameter in the CRD. This parameter indicates whether to create a connection with the runtimes inventory operator that Red Hat provides.
You can enable debug logging for the Insights client by setting the INSIGHTS_DEBUG environment variable to true.
The useInsightsClient parameter requires use of a Red Hat JBoss Web Server 6.1 or later image.
This parameter is available as a Technology Preview only.
For more information, see JWS Operator CRD parameters.
Deprecated genericWebhookSecret parameter
JWS Operator 2.1 deprecates the genericWebhookSecret parameter that is under the webImageStream.webSources.webSourcesParams hierarchy in the CRD.
This parameter is superseded by the webImageStream.webSources.webhookSecrets.generic parameter.
For more information, see JWS Operator CRD parameters.
Deprecated githubWebhookSecret parameter
JWS Operator 2.1 deprecates the githubWebhookSecret parameter that is under the webImageStream.webSources.webSourcesParams hierarchy in the CRD.
This parameter is superseded by the webImageStream.webSources.webhookSecrets.github parameter.
For more information, see JWS Operator CRD parameters.
Enhanced format for default generated hostnames
JWS Operator 2.1 uses an enhanced format for default generated hostnames that can consist of an application name and a project name that are each up to 63 characters in length.
2.2. What is new in the JWS Operator 2.0 release?
The JWS Operator 2.0 release includes the following new features and enhancements.
Level-2 Operator capabilities
JWS Operator 2.0 provides the following level-2 Operator capability features:
- Enables seamless upgrades
- Supports patch and minor version upgrades
- Manages web servers deployed by the JWS Operator 1.1.x.
Enabling level-2 seamless integration for new images
The Deployment object definition includes a trigger that OpenShift uses to deploy new pods when a new image is pushed to the image stream. The image stream can monitor the repository for new images or you can instruct the image stream that a new image is available for use.
Procedure
In your project namespace, create an image stream by using the
oc import-imagecommand to import the tag and other information for an image.For example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc import-image <my-image>-imagestream:latest \ --from=quay.io/$user/<my-image>:latest \ --confirm
oc import-image <my-image>-imagestream:latest \ --from=quay.io/$user/<my-image>:latest \ --confirmIn the preceding example, replace each occurrence of
<my-image>with the name of the image that you want to import.The preceding command creates an image stream named
<my-image>-imagestreamby importing information for thequay.io/$user/<my-image>image. For more information about the format and management of image streams, see Managing image streams.Create a custom resource of the
WebServerkind for the web application that you want the JWS Operator to deploy whenever the image stream is updated. You can define the custom resource in YAML file format.For example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow apiVersion: web.servers.org/v1alpha1 kind: WebServer metadata: name: <my-image> spec: # Add fields here applicationName: my-app useSessionClustering: true replicas: 2 webImageStream: imageStreamNamespace: <project-name> imageStreamName: <my-image>-imagestreamapiVersion: web.servers.org/v1alpha1 kind: WebServer metadata: name: <my-image> spec: # Add fields here applicationName: my-app useSessionClustering: true replicas: 2 webImageStream: imageStreamNamespace: <project-name> imageStreamName: <my-image>-imagestreamTrigger an update to the image stream by using the
oc tagcommand.For example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc tag quay.io/$user/<my-image> <my-image>-imagestream:latest --scheduled
oc tag quay.io/$user/<my-image> <my-image>-imagestream:latest --scheduledThe preceding command causes OpenShift Container Platform to update the specified image stream tag periodically. This period is a cluster-wide setting that is set to 15 minutes by default.
Level-2 seamless integration for rebuilding existing images
The BuildConfig object definition includes a trigger for image stream updates and a webhook, which is a GitHub, GitLab, or Generic webhook, that enables the rebuilding of images when the webhook is triggered.
For more information about creating a secret for a webhook, see Creating a secret for a generic or GitHub webhook.
For more information about configuring a generic or GitHub webhook in a custom resource WebServer file, see JWS Operator CRD parameters.
Support for Red Hat JBoss Web Server metering labels
JWS Operator 2.0 supports the ability to add metering labels to the Red Hat JBoss Web Server pods that the JWS Operator creates.
Red Hat JBoss Web Server can use the following metering labels:
-
com.company: Red_Hat -
rht.prod_name: Red_Hat_Runtimes -
rht.prod_ver: 2025-Q2 -
rht.comp: JBoss_Web_Server -
rht.comp_ver: 6.1.0 -
rht.subcomp: Tomcat 10 -
rht.subcomp_t: application
You can add labels under the metadata section in the custom resource WebServer file for a web application that you want to deploy. For example:
---
apiVersion: web.servers.org/v1alpha1
kind: WebServer
metadata:
name: <my-image>
labels:
com.company: Red_Hat
rht.prod_name: Red_Hat_Runtimes
rht.prod_ver: 2025-Q2
rht.comp: JBoss_Web_Server
rht.comp_ver: 6.1.0
rht.subcomp: Tomcat 10
rht.subcomp_t: application
spec:
----
---
apiVersion: web.servers.org/v1alpha1
kind: WebServer
metadata:
name: <my-image>
labels:
com.company: Red_Hat
rht.prod_name: Red_Hat_Runtimes
rht.prod_ver: 2025-Q2
rht.comp: JBoss_Web_Server
rht.comp_ver: 6.1.0
rht.subcomp: Tomcat 10
rht.subcomp_t: application
spec:
----If you change any label key or label value for a deployed web server, the JWS Operator redeploys the web server application. If the deployed web server was built from source code, the JWS Operator also rebuilds the web server application.
Enhanced webImage parameter
In the JWS Operator 2.0 release, the webImage parameter in the CRD contains the following additional fields:
imagePullSecretThe secret that the JWS Operator uses to pull images from the repository
NoteThe secret must contain the key
.dockerconfigjson. The JWS Operator mounts and uses the secret (for example,--authfile /mount_point/.dockerconfigjson) to pull the images from the repository. TheSecretobject definition file might contain server username and password values or tokens to allow access to images in the image stream, the builder image, and images built by the JWS Operator.webAppA set of parameters that describe how the JWS Operator builds the web server application
Enhanced webApp parameter
In the JWS Operator 2.0 release, the webApp parameter in the CRD contains the following additional fields:
nameThe name of the web server application
sourceRepositoryURLThe URL where the application source files are located
sourceRepositoryRefThe branch of the source repository that the Operator uses
sourceRepositoryContextDirThe subdirectory where the
pom.xmlfile is located and where themvn installcommand must be runwebAppWarImageThe URL of the images where the JWS Operator pushes the built image
webAppWarImagePushSecretThe secret that the JWS Operator uses to push images to the repository
builderA set of parameters that contain all the information required to build the web application and create and push the image to the image repository
NoteTo ensure that the builder can operate successfully and run commands with different user IDs, the builder must have access to the
anyuidsecurity context constraint (SCC).To grant the builder access to the
anyuidSCC, enter the following command:oc adm policy add-scc-to-user anyuid -z builderThe
builderparameter contains the following fields:imageThe image of the container where the web application is built (for example,
quay.io/$user/tomcat10-buildah)imagePullSecretThe secret (if specified) that the JWS Operator uses to pull the builder image from the repository
applicationBuildScriptThe script that the builder image uses to build the application
.warfile and move it to the/mntdirectoryNoteIf you do not specify a value for this parameter, the builder image uses a default script that uses Maven and Buildah.
Additional resources
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}