此内容没有您所选择的语言版本。

Chapter 4. OpenShift template reference information

Red Hat Process Automation Manager provides the following OpenShift templates. To access the templates, download and extract the rhpam-7.1.0-openshift-templates.zip product deliverable file from the Software Downloads page of the Red Hat customer portal.

rhpam71-prod-immutable-monitor.yaml provides a Business Central Monitoring instance and a Smart Router that you can use with immutable Process Servers. When you deploy this template, OpenShift displays the settings that you must then use for deploying the rhpam71-prod-immutable-kieserver.yaml template. For details about this template, see Section 4.1, “rhpam71-prod-immutable-monitor”.
rhpam71-prod-immutable-kieserver.yaml provides an immutable Process Server. When you deploy this template, a source-to-image (S2I) build is triggered for one or several services that are to run on the Process Server. The Process Server can optionally be configured to connect to the Business Central Monitoring and Smart Router provided by rhpam71-prod-immutable-monitor.yaml. For details about this template, see Section 4.2, “rhpam71-prod-immutable-kieserver”.
rhpam71-kieserver-externaldb.yaml provides a Process Server that uses an external database. You can configure the Process Server to connect to a Business Central. Also, you can copy sections from this template into another template to configure a Process Server in the other template to use an external database. For details about this template, see Section 4.3, “rhpam71-kieserver-externaldb”.
rhpam71-kieserver-mysql.yaml provides a Process Server and a MySQL instance that the Process Server uses. You can configure the Process Server to connect to a Business Central. Also, you can copy sections from this template into another template to configure a Process Server in the other template to use MySQL and to provide the MySQL instance. For details about this template, see Section 4.4, “rhpam71-kieserver-mysql”.
rhpam71-kieserver-postgresql.yaml provides a Process Server and a PostgreSQL instance that the Process Server uses. You can configure the Process Server to connect to a Business Central. Also, you can copy sections from this template into another template to configure a Process Server in the other template to use PostgreSQL and to provide the PostgreSQL instance. For details about this template, see Section 4.4, “rhpam71-kieserver-mysql”.

4.1. rhpam71-prod-immutable-monitor
复制链接

Application template for a router and monitoring console in a production environment, for Red Hat Process Automation Manager 7.1

4.1.1. Parameters
复制链接

Templates allow you to define parameters which take on a value. That value is then substituted wherever the parameter is referenced. References can be defined in any text field in the objects list field. Refer to the Openshift documentation for more information.

Expand

Variable name	Image Environment Variable	Description	Example value	Required
`APPLICATION_NAME`	—	The name for the application.	myapp	True
`MAVEN_REPO_ID`	`EXTERNAL_MAVEN_REPO_ID`	The id to use for the maven repository, if set. Default is generated randomly.	`${MAVEN_REPO_ID}`	False
`MAVEN_REPO_URL`	`EXTERNAL_MAVEN_REPO_URL`	Fully qualified URL to a Maven repository or service.	`${MAVEN_REPO_URL}`	False
`MAVEN_REPO_USERNAME`	`RHPAMCENTR_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_USERNAME}`	False
`MAVEN_REPO_PASSWORD`	`RHPAMCENTR_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_PASSWORD}`	False
`BUSINESS_CENTRAL_MAVEN_SERVICE`	—	The service name for the optional business central, where it can be reached, to allow service lookups (for maven repo usage), if required	—	False
`BUSINESS_CENTRAL_MAVEN_USERNAME`	—	Username to access the Maven service hosted by Business Central inside EAP.	—	False
`BUSINESS_CENTRAL_MAVEN_PASSWORD`	—	Password to access the Maven service hosted by Business Central inside EAP.	—	False
`KIE_ADMIN_USER`	`KIE_ADMIN_USER`	KIE administrator username	adminUser	False
`KIE_ADMIN_PWD`	`KIE_ADMIN_PWD`	KIE administrator password	`${KIE_ADMIN_PWD}`	False
`KIE_SERVER_USER`	`KIE_SERVER_USER`	KIE server username (Sets the org.kie.server.user system property)	executionUser	False
`KIE_SERVER_PWD`	`KIE_SERVER_PWD`	KIE server password, used to connect to KIE servers. Generated value can be a suggestion to use for thew s2i various (Sets the org.kie.server.pwd system property)	`${KIE_SERVER_PWD}`	False
`IMAGE_STREAM_NAMESPACE`	—	Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you’ve installed the ImageStreams in a different namespace/project.	openshift	True
`IMAGE_STREAM_TAG`	—	A named pointer to an image in an image stream. Default is "1.1".	1.1	False
`SMART_ROUTER_HOSTNAME_HTTP`	`HOSTNAME_HTTP`	Custom hostname for http service route. Leave blank for default hostname, e.g. <application-name>-smartrouter-<project>.<default-domain-suffix>'	`${BUSINESS_CENTRAL_HOSTNAME_HTTP}`	False
`KIE_SERVER_ROUTER_ID`	`KIE_SERVER_ROUTER_ID`	Router ID used when connecting to the controller (router property org.kie.server.router.id)	kie-server-router	True
`KIE_SERVER_ROUTER_PROTOCOL`	`KIE_SERVER_ROUTER_PROTOCOL`	KIE server router protocol (Used to build the org.kie.server.router.url.external property)	`${KIE_SERVER_ROUTER_PROTOCOL}`	False
`KIE_SERVER_ROUTER_URL_EXTERNAL`	`KIE_SERVER_ROUTER_URL_EXTERNAL`	Public URL where the router can be found. Format http://<host>:<port> (router property org.kie.server.router.url.external)	`${KIE_SERVER_ROUTER_URL_EXTERNAL}`	False
`KIE_SERVER_ROUTER_NAME`	`KIE_SERVER_ROUTER_NAME`	Router name used when connecting to the controller (router property org.kie.server.router.name)	KIE Server Router	True
`KIE_SERVER_MONITOR_USER`	—	KIE server monitor username (Sets the org.kie.server.controller.user system property)	monitorUser	False
`KIE_SERVER_MONITOR_PWD`	—	KIE server monitor password (Sets the org.kie.server.controller.pwd system property)	—	False
`KIE_SERVER_MONITOR_TOKEN`	—	KIE server monitor token for bearer authentication (Sets the org.kie.server.controller.token system property)	—	False
`BUSINESS_CENTRAL_HOSTNAME_HTTP`	`HOSTNAME_HTTP`	Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-rhpamcentrmon-<project>.<default-domain-suffix>	`${BUSINESS_CENTRAL_HOSTNAME_HTTP}`	False
`BUSINESS_CENTRAL_HOSTNAME_HTTPS`	`HOSTNAME_HTTP`	Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-rhpamcentrmon-<project>.<default-domain-suffix>	`${BUSINESS_CENTRAL_HOSTNAME_HTTP}`	False
`BUSINESS_CENTRAL_HTTPS_SECRET`	—	The name of the secret containing the keystore file	—	True
`BUSINESS_CENTRAL_HTTPS_KEYSTORE`	`HTTPS_KEYSTORE`	The name of the keystore file within the secret	keystore.jks	False
`BUSINESS_CENTRAL_HTTPS_NAME`	`HTTPS_NAME`	The name associated with the server certificate	jboss	False
`BUSINESS_CENTRAL_HTTPS_PASSWORD`	`HTTPS_PASSWORD`	The password for the keystore and certificate	mykeystorepass	False
`SMART_ROUTER_HOSTNAME_HTTP`	`HOSTNAME_HTTP`	Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-rhpamcentrmon-<project>.<default-domain-suffix>	`${BUSINESS_CENTRAL_HOSTNAME_HTTP}`	False
`BUSINESS_CENTRAL_MEMORY_LIMIT`	—	Business Central Container memory limit	2Gi	False
`SMART_ROUTER_MEMORY_LIMIT`	—	Smart Router Container memory limit	512Mi	False
`SSO_URL`	`SSO_URL`	RH-SSO URL	`${SSO_URL}`	False
`SSO_REALM`	`SSO_REALM`	RH-SSO Realm name	`${SSO_REALM}`	False
`BUSINESS_CENTRAL_SSO_CLIENT`	`SSO_CLIENT`	Business Central Monitoring RH-SSO Client name	`${BUSINESS_CENTRAL_SSO_CLIENT}`	False
`BUSINESS_CENTRAL_SSO_SECRET`	`SSO_SECRET`	Business Central Monitoring RH-SSO Client Secret	`${BUSINESS_CENTRAL_SSO_SECRET}`	False
`SSO_USERNAME`	`SSO_USERNAME`	RH-SSO Realm Admin Username used to create the Client if it doesn’t exist	`${SSO_USERNAME}`	False
`SSO_PASSWORD`	`SSO_PASSWORD`	RH-SSO Realm Admin Password used to create the Client	`${SSO_PASSWORD}`	False
`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	RH-SSO Disable SSL Certificate Validation	false	False
`SSO_PRINCIPAL_ATTRIBUTE`	`SSO_PRINCIPAL_ATTRIBUTE`	RH-SSO Principal Attribute to use as username.	preferred_username	False
`AUTH_LDAP_URL`	`AUTH_LDAP_URL`	LDAP Endpoint to connect for authentication	`${AUTH_LDAP_URL}`	False
`AUTH_LDAP_BIND_DN`	`AUTH_LDAP_BIND_DN`	Bind DN used for authentication	`${AUTH_LDAP_BIND_DN}`	False
`AUTH_LDAP_BIND_CREDENTIAL`	`AUTH_LDAP_BIND_CREDENTIAL`	LDAP Credentials used for authentication	`${AUTH_LDAP_BIND_CREDENTIAL}`	False
`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.	`${AUTH_LDAP_JAAS_SECURITY_DOMAIN}`	False
`AUTH_LDAP_BASE_CTX_DN`	`AUTH_LDAP_BASE_CTX_DN`	LDAP Base DN of the top-level context to begin the user search.	`${AUTH_LDAP_BASE_CTX_DN}`	False
`AUTH_LDAP_BASE_FILTER`	`AUTH_LDAP_BASE_FILTER`	LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).	`${AUTH_LDAP_BASE_FILTER}`	False
`AUTH_LDAP_SEARCH_SCOPE`	`AUTH_LDAP_SEARCH_SCOPE`	The search scope to use.	`${AUTH_LDAP_SEARCH_SCOPE}`	False
`AUTH_LDAP_SEARCH_TIME_LIMIT`	`AUTH_LDAP_SEARCH_TIME_LIMIT`	The timeout in milliseconds for user or role searches.	`${AUTH_LDAP_SEARCH_TIME_LIMIT}`	False
`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.	`${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}`	False
`AUTH_LDAP_PARSE_USERNAME`	`AUTH_LDAP_PARSE_USERNAME`	A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString.	`${AUTH_LDAP_PARSE_USERNAME}`	False
`AUTH_LDAP_USERNAME_BEGIN_STRING`	`AUTH_LDAP_USERNAME_BEGIN_STRING`	Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_BEGIN_STRING}`	False
`AUTH_LDAP_USERNAME_END_STRING`	`AUTH_LDAP_USERNAME_END_STRING`	Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_END_STRING}`	False
`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	Name of the attribute containing the user roles.	`${AUTH_LDAP_ROLE_ATTRIBUTE_ID}`	False
`AUTH_LDAP_ROLES_CTX_DN`	`AUTH_LDAP_ROLES_CTX_DN`	The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.	`${AUTH_LDAP_ROLES_CTX_DN}`	False
`AUTH_LDAP_ROLE_FILTER`	`AUTH_LDAP_ROLE_FILTER`	A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).	`${AUTH_LDAP_ROLE_FILTER}`	False
`AUTH_LDAP_ROLE_RECURSION`	`AUTH_LDAP_ROLE_RECURSION`	The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.	`${AUTH_LDAP_ROLE_RECURSION}`	False
`AUTH_LDAP_DEFAULT_ROLE`	`AUTH_LDAP_DEFAULT_ROLE`	A role included for all authenticated users	`${AUTH_LDAP_DEFAULT_ROLE}`	False
`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.	`${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}`	False
`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.	`${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}`	False
`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.	`${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}`	False
`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.	`${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}`	False

4.1.2. Objects
复制链接

The CLI supports various object types. A list of these object types as well as their abbreviations can be found in the Openshift documentation.

4.1.2.1. Services
复制链接

A service is an abstraction which defines a logical set of pods and a policy by which to access them. Refer to the container-engine documentation for more information.

Expand

Service	Port	Name	Description
`${APPLICATION_NAME}-rhpamcentrmon`	8080	http	All the Business Central Monitoring web server’s ports.
`${APPLICATION_NAME}-rhpamcentrmon`	8443	https	All the Business Central Monitoring web server’s ports.
`${APPLICATION_NAME}-rhpamcentrmon-ping`	8888	ping	The JGroups ping port for clustering.
`${APPLICATION_NAME}-smartrouter`	9000	—	The smart router server http port.

4.1.2.2. Routes
复制链接

A route is a way to expose a service by giving it an externally-reachable hostname such as www.example.com. A defined route and the endpoints identified by its service can be consumed by a router to provide named connectivity from external clients to your applications. Each route consists of a route name, service selector, and (optionally) security configuration. Refer to the Openshift documentation for more information.

Expand

Service	Security	Hostname
`${APPLICATION_NAME}-rhpamcentrmon-http`	none	`${BUSINESS_CENTRAL_HOSTNAME_HTTP}`
`${APPLICATION_NAME}-rhpamcentrmon-https`	TLS passthrough	`${BUSINESS_CENTRAL_HOSTNAME_HTTPS}`
`${APPLICATION_NAME}-smartrouter-http`	none	`${SMART_ROUTER_HOSTNAME_HTTP}`

4.1.2.3. Deployment Configurations
复制链接

A deployment in OpenShift is a replication controller based on a user defined template called a deployment configuration. Deployments are created manually or in response to triggered events. Refer to the Openshift documentation for more information.

4.1.2.3.1. Triggers
复制链接

A trigger drives the creation of new deployments in response to events, both inside and outside OpenShift. Refer to the Openshift documentation for more information.

Expand

Deployment	Triggers
`${APPLICATION_NAME}-rhpamcentrmon`	ImageChange
`${APPLICATION_NAME}-smartrouter`	ImageChange

4.1.2.3.2. Replicas
复制链接

A replication controller ensures that a specified number of pod "replicas" are running at any one time. If there are too many, the replication controller kills some pods. If there are too few, it starts more. Refer to the container-engine documentation for more information.

Expand

Deployment	Replicas
`${APPLICATION_NAME}-rhpamcentrmon`	1
`${APPLICATION_NAME}-smartrouter`	2

4.1.2.3.3. Pod Template
复制链接

4.1.2.3.3.1. Image
复制链接

Expand

Deployment	Image
`${APPLICATION_NAME}-rhpamcentrmon`	rhpam71-businesscentral-monitoring-openshift
`${APPLICATION_NAME}-smartrouter`	rhpam71-smartrouter-openshift

4.1.2.3.3.2. Readiness Probe
复制链接

${APPLICATION_NAME}-rhpamcentrmon

/bin/bash -c curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp

4.1.2.3.3.3. Liveness Probe
复制链接

${APPLICATION_NAME}-rhpamcentrmon

/bin/bash -c curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp

4.1.2.3.3.4. Exposed Ports
复制链接

Expand

Deployments	Name	Port	Protocol
`${APPLICATION_NAME}-rhpamcentrmon`	jolokia	8778	`TCP`
	http	8080	`TCP`
	https	8443	`TCP`
	ping	8888	`TCP`
`${APPLICATION_NAME}-smartrouter`	http	9000	`TCP`

4.1.2.3.3.5. Image Environment Variables
复制链接

Expand

Deployment	Variable name	Description	Example value
`${APPLICATION_NAME}-rhpamcentrmon`	`KIE_ADMIN_PWD`	KIE administrator password	`${KIE_ADMIN_PWD}`
	`KIE_ADMIN_USER`	KIE administrator username	`${KIE_ADMIN_USER}`
	`KIE_SERVER_PWD`	KIE server password, used to connect to KIE servers. Generated value can be a suggestion to use for thew s2i various (Sets the org.kie.server.pwd system property)	`${KIE_SERVER_PWD}`
	`KIE_SERVER_USER`	KIE server username (Sets the org.kie.server.user system property)	`${KIE_SERVER_USER}`
	`MAVEN_REPOS`	—	RHPAMCENTR,EXTERNAL
	`RHPAMCENTR_MAVEN_REPO_SERVICE`	—	`${BUSINESS_CENTRAL_MAVEN_SERVICE}`
	`RHPAMCENTR_MAVEN_REPO_PATH`	—	`/maven2/`
	`RHPAMCENTR_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_USERNAME}`
	`RHPAMCENTR_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_PASSWORD}`
	`EXTERNAL_MAVEN_REPO_ID`	The id to use for the maven repository, if set. Default is generated randomly.	`${MAVEN_REPO_ID}`
	`EXTERNAL_MAVEN_REPO_URL`	Fully qualified URL to a Maven repository or service.	`${MAVEN_REPO_URL}`
	`EXTERNAL_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${MAVEN_REPO_USERNAME}`
	`EXTERNAL_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${MAVEN_REPO_PASSWORD}`
	`KIE_SERVER_CONTROLLER_USER`	—	`${KIE_SERVER_MONITOR_USER}`
	`KIE_SERVER_CONTROLLER_PWD`	—	`${KIE_SERVER_MONITOR_PWD}`
	`KIE_SERVER_CONTROLLER_TOKEN`	—	`${KIE_SERVER_MONITOR_TOKEN}`
	`HTTPS_KEYSTORE_DIR`	—	`/etc/businesscentral-secret-volume`
	`HTTPS_KEYSTORE`	The name of the keystore file within the secret	`${BUSINESS_CENTRAL_HTTPS_KEYSTORE}`
	`HTTPS_NAME`	The name associated with the server certificate	`${BUSINESS_CENTRAL_HTTPS_NAME}`
	`HTTPS_PASSWORD`	The password for the keystore and certificate	`${BUSINESS_CENTRAL_HTTPS_PASSWORD}`
	`JGROUPS_PING_PROTOCOL`	—	openshift.DNS_PING
	`OPENSHIFT_DNS_PING_SERVICE_NAME`	—	`${APPLICATION_NAME}-rhpamcentrmon-ping`
	`OPENSHIFT_DNS_PING_SERVICE_PORT`	—	8888
	`SSO_URL`	RH-SSO URL	`${SSO_URL}`
	`SSO_OPENIDCONNECT_DEPLOYMENTS`	—	ROOT.war
	`SSO_REALM`	RH-SSO Realm name	`${SSO_REALM}`
	`SSO_SECRET`	Business Central Monitoring RH-SSO Client Secret	`${BUSINESS_CENTRAL_SSO_SECRET}`
	`SSO_CLIENT`	Business Central Monitoring RH-SSO Client name	`${BUSINESS_CENTRAL_SSO_CLIENT}`
	`SSO_USERNAME`	RH-SSO Realm Admin Username used to create the Client if it doesn’t exist	`${SSO_USERNAME}`
	`SSO_PASSWORD`	RH-SSO Realm Admin Password used to create the Client	`${SSO_PASSWORD}`
	`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	RH-SSO Disable SSL Certificate Validation	`${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}`
	`SSO_PRINCIPAL_ATTRIBUTE`	RH-SSO Principal Attribute to use as username.	`${SSO_PRINCIPAL_ATTRIBUTE}`
	`HOSTNAME_HTTP`	Custom hostname for http service route. Leave blank for default hostname, e.g. <application-name>-smartrouter-<project>.<default-domain-suffix>'	`${BUSINESS_CENTRAL_HOSTNAME_HTTP}`
	`HOSTNAME_HTTPS`	Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-rhpamcentrmon-<project>.<default-domain-suffix>	`${BUSINESS_CENTRAL_HOSTNAME_HTTPS}`
	`AUTH_LDAP_URL`	LDAP Endpoint to connect for authentication	`${AUTH_LDAP_URL}`
	`AUTH_LDAP_BIND_DN`	Bind DN used for authentication	`${AUTH_LDAP_BIND_DN}`
	`AUTH_LDAP_BIND_CREDENTIAL`	LDAP Credentials used for authentication	`${AUTH_LDAP_BIND_CREDENTIAL}`
	`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.	`${AUTH_LDAP_JAAS_SECURITY_DOMAIN}`
	`AUTH_LDAP_BASE_CTX_DN`	LDAP Base DN of the top-level context to begin the user search.	`${AUTH_LDAP_BASE_CTX_DN}`
	`AUTH_LDAP_BASE_FILTER`	LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).	`${AUTH_LDAP_BASE_FILTER}`
	`AUTH_LDAP_SEARCH_SCOPE`	The search scope to use.	`${AUTH_LDAP_SEARCH_SCOPE}`
	`AUTH_LDAP_SEARCH_TIME_LIMIT`	The timeout in milliseconds for user or role searches.	`${AUTH_LDAP_SEARCH_TIME_LIMIT}`
	`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.	`${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}`
	`AUTH_LDAP_PARSE_USERNAME`	A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString.	`${AUTH_LDAP_PARSE_USERNAME}`
	`AUTH_LDAP_USERNAME_BEGIN_STRING`	Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_BEGIN_STRING}`
	`AUTH_LDAP_USERNAME_END_STRING`	Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_END_STRING}`
	`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	Name of the attribute containing the user roles.	`${AUTH_LDAP_ROLE_ATTRIBUTE_ID}`
	`AUTH_LDAP_ROLES_CTX_DN`	The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.	`${AUTH_LDAP_ROLES_CTX_DN}`
	`AUTH_LDAP_ROLE_FILTER`	A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).	`${AUTH_LDAP_ROLE_FILTER}`
	`AUTH_LDAP_ROLE_RECURSION`	The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.	`${AUTH_LDAP_ROLE_RECURSION}`
	`AUTH_LDAP_DEFAULT_ROLE`	A role included for all authenticated users	`${AUTH_LDAP_DEFAULT_ROLE}`
	`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.	`${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}`
	`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.	`${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}`
	`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.	`${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}`
	`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.	`${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}`
`${APPLICATION_NAME}-smartrouter`	`KIE_SERVER_ROUTER_HOST`	—	—
	`KIE_SERVER_ROUTER_PORT`	—	9000
	`KIE_SERVER_ROUTER_URL_EXTERNAL`	Public URL where the router can be found. Format http://<host>:<port> (router property org.kie.server.router.url.external)	`${KIE_SERVER_ROUTER_URL_EXTERNAL}`
	`KIE_SERVER_ROUTER_ID`	Router ID used when connecting to the controller (router property org.kie.server.router.id)	`${KIE_SERVER_ROUTER_ID}`
	`KIE_SERVER_ROUTER_NAME`	Router name used when connecting to the controller (router property org.kie.server.router.name)	`${KIE_SERVER_ROUTER_NAME}`
	`KIE_SERVER_ROUTER_PROTOCOL`	KIE server router protocol (Used to build the org.kie.server.router.url.external property)	`${KIE_SERVER_ROUTER_PROTOCOL}`
	`KIE_SERVER_CONTROLLER_USER`	—	`${KIE_SERVER_MONITOR_USER}`
	`KIE_SERVER_CONTROLLER_PWD`	—	`${KIE_SERVER_MONITOR_PWD}`
	`KIE_SERVER_CONTROLLER_TOKEN`	—	`${KIE_SERVER_MONITOR_TOKEN}`
	`KIE_SERVER_CONTROLLER_SERVICE`	—	`${APPLICATION_NAME}-rhpamcentrmon`
	`KIE_SERVER_CONTROLLER_PROTOCOL`	—	ws
	`KIE_SERVER_ROUTER_REPO`	—	`/opt/rhpam-smartrouter/data`
	`KIE_SERVER_ROUTER_CONFIG_WATCHER_ENABLED`	—	true

4.1.2.3.3.6. Volumes
复制链接

Expand

Deployment	Name	mountPath	Purpose	readOnly
`${APPLICATION_NAME}-rhpamcentrmon`	businesscentral-keystore-volume	`/etc/businesscentral-secret-volume`	ssl certs	True
`${APPLICATION_NAME}-smartrouter`	`${APPLICATION_NAME}-smartrouter`	`/opt/rhpam-smartrouter/data`	—	false

4.1.2.4. External Dependencies
复制链接

4.1.2.4.1. Volume Claims
复制链接

A PersistentVolume object is a storage resource in an OpenShift cluster. Storage is provisioned by an administrator by creating PersistentVolume objects from sources such as GCE Persistent Disks, AWS Elastic Block Stores (EBS), and NFS mounts. Refer to the Openshift documentation for more information.

Expand

Name	Access Mode
`${APPLICATION_NAME}-smartrouter-claim`	ReadWriteMany
`${APPLICATION_NAME}-rhpamcentr-claim`	ReadWriteMany

4.2. rhpam71-prod-immutable-kieserver
复制链接

Application template for an immultable KIE server in a production environment, for Red Hat Process Automation Manager 7.1

4.2.1. Parameters
复制链接

Expand

Variable name	Image Environment Variable	Description	Example value	Required
`APPLICATION_NAME`	—	The name for the application.	myapp	True
`KIE_ADMIN_USER`	`KIE_ADMIN_USER`	KIE administrator username	adminUser	False
`KIE_ADMIN_PWD`	`KIE_ADMIN_PWD`	KIE administrator password	`${KIE_ADMIN_PWD}`	False
`KIE_SERVER_USER`	`KIE_SERVER_USER`	KIE server username (Sets the org.kie.server.user system property)	executionUser	False
`KIE_SERVER_PWD`	`KIE_SERVER_PWD`	KIE server password, used to connect to KIE servers. Generated value can be a suggestion to use for thew s2i various (Sets the org.kie.server.pwd system property)	`${KIE_SERVER_PWD}`	False
`IMAGE_STREAM_NAMESPACE`	—	Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you’ve installed the ImageStreams in a different namespace/project.	openshift	True
`KIE_SERVER_IMAGE_STREAM_NAME`	—	The name of the image stream to use for KIE server. Default is "rhpam71-kieserver-openshift".	rhpam71-kieserver-openshift	True
`IMAGE_STREAM_TAG`	—	A named pointer to an image in an image stream. Default is "1.1".	1.1	True
`KIE_SERVER_MONITOR_USER`	—	KIE server monitor username, for optional use of the business-central-monitor (Sets the org.kie.server.controller.user system property)	monitorUser	False
`KIE_SERVER_MONITOR_PWD`	—	KIE server monitor password, for optional use of the business-central-monitor (Sets the org.kie.server.controller.pwd system property)	—	False
`KIE_SERVER_MONITOR_TOKEN`	—	KIE server monitor token for bearer authentication (Sets the org.kie.server.controller.token system property)	—	False
`KIE_SERVER_MONITOR_SERVICE`	—	The service name for the optional business central monitor, where it can be reached to allow service lookup, and registered with to allow monitoring console functionality (If set, will be used to discover host and port)	—	False
`KIE_SERVER_ROUTER_SERVICE`	`KIE_SERVER_ROUTER_SERVICE`	The service name for the optional smart router, where it can be reached, to allow smart routing	`${KIE_SERVER_ROUTER_SERVICE}`	False
`KIE_SERVER_ROUTER_HOST`	`KIE_SERVER_ROUTER_HOST`	The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name	`${KIE_SERVER_ROUTER_HOST}`	False
`KIE_SERVER_ROUTER_PORT`	`KIE_SERVER_ROUTER_PORT`	Port in which the smart router server listens (router property org.kie.server.router.port)	`${KIE_SERVER_ROUTER_PORT}`	False
`KIE_SERVER_ROUTER_PROTOCOL`	`KIE_SERVER_ROUTER_PROTOCOL`	KIE server router protocol (Used to build the org.kie.server.router.url.external property)	`${KIE_SERVER_ROUTER_PROTOCOL}`	False
`KIE_SERVER_PERSISTENCE_DS`	`KIE_SERVER_PERSISTENCE_DS`	KIE server persistence datasource (Sets the org.kie.server.persistence.ds system property)	java:/jboss/datasources/rhpam	False
`POSTGRESQL_IMAGE_STREAM_NAMESPACE`	—	Namespace in which the ImageStream for the PostgreSQL image is installed. The ImageStream is already installed in the openshift namespace. You should only need to modify this if you’ve installed the ImageStream in a different namespace/project. Default is "openshift".	openshift	False
`POSTGRESQL_IMAGE_STREAM_TAG`	—	The PostgreSQL image version, which is intended to correspond to the PostgreSQL version. Default is "9.6".	9.6	False
`KIE_SERVER_POSTGRESQL_USER`	`POSTGRESQL_USER`	KIE server PostgreSQL database username	rhpam	False
`KIE_SERVER_POSTGRESQL_PWD`	—	KIE server PostgreSQL database password	—	False
`KIE_SERVER_POSTGRESQL_DB`	—	KIE server PostgreSQL database name	rhpam7	False
`POSTGRESQL_MAX_PREPARED_TRANSACTIONS`	`POSTGRESQL_MAX_PREPARED_TRANSACTIONS`	Allows the PostgreSQL to handle XA transactions.	100	True
`DB_VOLUME_CAPACITY`	—	Size of persistent storage for database volume.	1Gi	True
`DROOLS_SERVER_FILTER_CLASSES`	`DROOLS_SERVER_FILTER_CLASSES`	KIE server class filtering (Sets the org.drools.server.filter.classes system property)	true	False
`KIE_MBEANS`	`KIE_MBEANS`	KIE server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)	enabled	False
`KIE_SERVER_HOSTNAME_HTTP`	`KIE_SERVER_HOST`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`	False
`KIE_SERVER_HOSTNAME_HTTPS`	`KIE_SERVER_HOST`	Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`	False
`KIE_SERVER_USE_SECURE_ROUTE_NAME`	`KIE_SERVER_USE_SECURE_ROUTE_NAME`	Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value.	false	False
`KIE_SERVER_HTTPS_SECRET`	—	The name of the secret containing the keystore file	—	True
`KIE_SERVER_HTTPS_KEYSTORE`	`HTTPS_KEYSTORE`	The name of the keystore file within the secret	keystore.jks	False
`KIE_SERVER_HTTPS_NAME`	`HTTPS_NAME`	The name associated with the server certificate	jboss	False
`KIE_SERVER_HTTPS_PASSWORD`	`HTTPS_PASSWORD`	The password for the keystore and certificate	mykeystorepass	False
`KIE_SERVER_BYPASS_AUTH_USER`	`KIE_SERVER_BYPASS_AUTH_USER`	KIE server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)	false	False
`KIE_SERVER_CONTAINER_DEPLOYMENT`	`KIE_SERVER_CONTAINER_DEPLOYMENT`	KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version\|c2=g2:a2:v2	`${KIE_SERVER_CONTAINER_DEPLOYMENT}`	True
`SOURCE_REPOSITORY_URL`	—	Git source URI for application	—	True
`SOURCE_REPOSITORY_REF`	—	Git branch/tag reference	—	False
`CONTEXT_DIR`	—	Path within Git project to build; empty for root project directory.	—	False
`GITHUB_WEBHOOK_SECRET`	—	GitHub trigger secret	—	True
`GENERIC_WEBHOOK_SECRET`	—	Generic build trigger secret	—	True
`MAVEN_MIRROR_URL`	—	Maven mirror to use for S2I builds	—	False
`MAVEN_REPO_ID`	`EXTERNAL_MAVEN_REPO_ID`	The id to use for the maven repository, if set. Default is generated randomly.	`${MAVEN_REPO_ID}`	False
`MAVEN_REPO_URL`	`EXTERNAL_MAVEN_REPO_URL`	Fully qualified URL to a Maven repository.	`${MAVEN_REPO_URL}`	False
`MAVEN_REPO_USERNAME`	`RHPAMCENTR_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_USERNAME}`	False
`MAVEN_REPO_PASSWORD`	`RHPAMCENTR_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_PASSWORD}`	False
`BUSINESS_CENTRAL_MAVEN_SERVICE`	—	The service name for the optional business central, where it can be reached, to allow service lookups (for maven repo usage), if required	—	False
`BUSINESS_CENTRAL_MAVEN_USERNAME`	—	Username to access the Maven service hosted by Business Central inside EAP.	—	False
`BUSINESS_CENTRAL_MAVEN_PASSWORD`	—	Password to access the Maven service hosted by Business Central inside EAP.	—	False
`ARTIFACT_DIR`	—	List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.	—	False
`TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL`	`TIMER_SERVICE_DATA_STORE`	Sets refresh-interval for the EJB timer service database-data-store.	30000	False
`KIE_SERVER_MEMORY_LIMIT`	—	KIE server Container memory limit	1Gi	False
`KIE_SERVER_MGMT_DISABLED`	`KIE_SERVER_MGMT_DISABLED`	Disable management api and don’t allow KIE containers to be deployed/undeployed or started/stopped sets the property org.kie.server.mgmt.api.disabled to true and org.kie.server.startup.strategy to LocalContainersStartupStrategy.	true	True
`KIE_SERVER_STARTUP_STRATEGY`	`KIE_SERVER_STARTUP_STRATEGY`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable.	LocalContainersStartupStrategy	True
`SSO_URL`	`SSO_URL`	RH-SSO URL	`${SSO_URL}`	False
`SSO_REALM`	`SSO_REALM`	RH-SSO Realm name	`${SSO_REALM}`	False
`KIE_SERVER_SSO_CLIENT`	`SSO_CLIENT`	KIE Server RH-SSO Client name	`${KIE_SERVER_SSO_CLIENT}`	False
`KIE_SERVER_SSO_SECRET`	`SSO_SECRET`	KIE Server RH-SSO Client Secret	`${KIE_SERVER_SSO_SECRET}`	False
`SSO_USERNAME`	`SSO_USERNAME`	RH-SSO Realm Admin Username used to create the Client if it doesn’t exist	`${SSO_USERNAME}`	False
`SSO_PASSWORD`	`SSO_PASSWORD`	RH-SSO Realm Admin Password used to create the Client	`${SSO_PASSWORD}`	False
`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	RH-SSO Disable SSL Certificate Validation	false	False
`SSO_PRINCIPAL_ATTRIBUTE`	`SSO_PRINCIPAL_ATTRIBUTE`	RH-SSO Principal Attribute to use as username.	preferred_username	False
`AUTH_LDAP_URL`	`AUTH_LDAP_URL`	LDAP Endpoint to connect for authentication	`${AUTH_LDAP_URL}`	False
`AUTH_LDAP_BIND_DN`	`AUTH_LDAP_BIND_DN`	Bind DN used for authentication	`${AUTH_LDAP_BIND_DN}`	False
`AUTH_LDAP_BIND_CREDENTIAL`	`AUTH_LDAP_BIND_CREDENTIAL`	LDAP Credentials used for authentication	`${AUTH_LDAP_BIND_CREDENTIAL}`	False
`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.	`${AUTH_LDAP_JAAS_SECURITY_DOMAIN}`	False
`AUTH_LDAP_BASE_CTX_DN`	`AUTH_LDAP_BASE_CTX_DN`	LDAP Base DN of the top-level context to begin the user search.	`${AUTH_LDAP_BASE_CTX_DN}`	False
`AUTH_LDAP_BASE_FILTER`	`AUTH_LDAP_BASE_FILTER`	LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).	`${AUTH_LDAP_BASE_FILTER}`	False
`AUTH_LDAP_SEARCH_SCOPE`	`AUTH_LDAP_SEARCH_SCOPE`	The search scope to use.	`${AUTH_LDAP_SEARCH_SCOPE}`	False
`AUTH_LDAP_SEARCH_TIME_LIMIT`	`AUTH_LDAP_SEARCH_TIME_LIMIT`	The timeout in milliseconds for user or role searches.	`${AUTH_LDAP_SEARCH_TIME_LIMIT}`	False
`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.	`${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}`	False
`AUTH_LDAP_PARSE_USERNAME`	`AUTH_LDAP_PARSE_USERNAME`	A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString.	`${AUTH_LDAP_PARSE_USERNAME}`	False
`AUTH_LDAP_USERNAME_BEGIN_STRING`	`AUTH_LDAP_USERNAME_BEGIN_STRING`	Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_BEGIN_STRING}`	False
`AUTH_LDAP_USERNAME_END_STRING`	`AUTH_LDAP_USERNAME_END_STRING`	Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_END_STRING}`	False
`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	Name of the attribute containing the user roles.	`${AUTH_LDAP_ROLE_ATTRIBUTE_ID}`	False
`AUTH_LDAP_ROLES_CTX_DN`	`AUTH_LDAP_ROLES_CTX_DN`	The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.	`${AUTH_LDAP_ROLES_CTX_DN}`	False
`AUTH_LDAP_ROLE_FILTER`	`AUTH_LDAP_ROLE_FILTER`	A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).	`${AUTH_LDAP_ROLE_FILTER}`	False
`AUTH_LDAP_ROLE_RECURSION`	`AUTH_LDAP_ROLE_RECURSION`	The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.	`${AUTH_LDAP_ROLE_RECURSION}`	False
`AUTH_LDAP_DEFAULT_ROLE`	`AUTH_LDAP_DEFAULT_ROLE`	A role included for all authenticated users	`${AUTH_LDAP_DEFAULT_ROLE}`	False
`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.	`${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}`	False
`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.	`${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}`	False
`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.	`${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}`	False
`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.	`${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}`	False

4.2.2. Objects
复制链接

The CLI supports various object types. A list of these object types as well as their abbreviations can be found in the Openshift documentation.

4.2.2.1. Services
复制链接

A service is an abstraction which defines a logical set of pods and a policy by which to access them. Refer to the container-engine documentation for more information.

Expand

Service	Port	Name	Description
`${APPLICATION_NAME}-kieserver`	8080	http	All the KIE server web server’s ports.
`${APPLICATION_NAME}-kieserver`	8443	https	All the KIE server web server’s ports.
`${APPLICATION_NAME}-kieserver-ping`	8888	ping	The JGroups ping port for clustering.
`${APPLICATION_NAME}-postgresql`	5432	—	The database server’s port.

4.2.2.2. Routes
复制链接

Expand

Service	Security	Hostname
`${APPLICATION_NAME}-kieserver-http`	none	`${KIE_SERVER_HOSTNAME_HTTP}`
`${APPLICATION_NAME}-kieserver-https`	TLS passthrough	`${KIE_SERVER_HOSTNAME_HTTPS}`

4.2.2.3. Build Configurations
复制链接

A buildConfig describes a single build definition and a set of triggers for when a new build should be created. A buildConfig is a REST object, which can be used in a POST to the API server to create a new instance. Refer to the Openshift documentation for more information.

Expand

S2I image	link	Build output	BuildTriggers and Settings
rhpam71-kieserver-openshift:1.1	`rhpam-7/rhpam71-kieserver-openshift`	`${APPLICATION_NAME}-kieserver:latest`	GitHub, Generic, ImageChange, ConfigChange

4.2.2.4. Deployment Configurations
复制链接

4.2.2.4.1. Triggers
复制链接

A trigger drives the creation of new deployments in response to events, both inside and outside OpenShift. Refer to the Openshift documentation for more information.

Expand

Deployment	Triggers
`${APPLICATION_NAME}-kieserver`	ImageChange
`${APPLICATION_NAME}-postgresql`	ImageChange

4.2.2.4.2. Replicas
复制链接

Expand

Deployment	Replicas
`${APPLICATION_NAME}-kieserver`	2
`${APPLICATION_NAME}-postgresql`	1

4.2.2.4.3. Pod Template
复制链接

4.2.2.4.3.1. Service Accounts
复制链接

Service accounts are API objects that exist within each project. They can be created or deleted like any other API object. Refer to the Openshift documentation for more information.

Expand

Deployment	Service Account
`${APPLICATION_NAME}-kieserver`	`${APPLICATION_NAME}-kieserver`

4.2.2.4.3.2. Image
复制链接

Expand

Deployment	Image
`${APPLICATION_NAME}-kieserver`	`${APPLICATION_NAME}-kieserver`
`${APPLICATION_NAME}-postgresql`	postgresql

4.2.2.4.3.3. Readiness Probe
复制链接

${APPLICATION_NAME}-kieserver

/bin/bash -c curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck

${APPLICATION_NAME}-postgresql

/usr/libexec/check-container

4.2.2.4.3.4. Liveness Probe
复制链接

${APPLICATION_NAME}-kieserver

/bin/bash -c curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck

${APPLICATION_NAME}-postgresql

/usr/libexec/check-container

4.2.2.4.3.5. Exposed Ports
复制链接

Expand

Deployments	Name	Port	Protocol
`${APPLICATION_NAME}-kieserver`	jolokia	8778	`TCP`
	http	8080	`TCP`
	https	8443	`TCP`
	ping	8888	`TCP`
`${APPLICATION_NAME}-postgresql`	—	5432	`TCP`

4.2.2.4.3.6. Image Environment Variables
复制链接

Expand

Deployment	Variable name	Description	Example value
`${APPLICATION_NAME}-kieserver`	`DROOLS_SERVER_FILTER_CLASSES`	KIE server class filtering (Sets the org.drools.server.filter.classes system property)	`${DROOLS_SERVER_FILTER_CLASSES}`
	`KIE_ADMIN_USER`	KIE administrator username	`${KIE_ADMIN_USER}`
	`KIE_ADMIN_PWD`	KIE administrator password	`${KIE_ADMIN_PWD}`
	`KIE_MBEANS`	KIE server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)	`${KIE_MBEANS}`
	`KIE_SERVER_BYPASS_AUTH_USER`	KIE server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)	`${KIE_SERVER_BYPASS_AUTH_USER}`
	`KIE_SERVER_CONTROLLER_USER`	—	`${KIE_SERVER_MONITOR_USER}`
	`KIE_SERVER_CONTROLLER_PWD`	—	`${KIE_SERVER_MONITOR_PWD}`
	`KIE_SERVER_CONTROLLER_TOKEN`	—	`${KIE_SERVER_MONITOR_TOKEN}`
	`KIE_SERVER_CONTROLLER_SERVICE`	—	`${KIE_SERVER_MONITOR_SERVICE}`
	`KIE_SERVER_CONTROLLER_PROTOCOL`	—	ws
	`KIE_SERVER_ID`	—	`${APPLICATION_NAME}-kieserver`
	`KIE_SERVER_HOST`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`
	`KIE_SERVER_ROUTE_NAME`	—	`${APPLICATION_NAME}-kieserver`
	`KIE_SERVER_USE_SECURE_ROUTE_NAME`	Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value.	`${KIE_SERVER_USE_SECURE_ROUTE_NAME}`
	`KIE_SERVER_USER`	KIE server username (Sets the org.kie.server.user system property)	`${KIE_SERVER_USER}`
	`KIE_SERVER_PWD`	KIE server password, used to connect to KIE servers. Generated value can be a suggestion to use for thew s2i various (Sets the org.kie.server.pwd system property)	`${KIE_SERVER_PWD}`
	`KIE_SERVER_CONTAINER_DEPLOYMENT`	KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version\|c2=g2:a2:v2	`${KIE_SERVER_CONTAINER_DEPLOYMENT}`
	`MAVEN_REPOS`	—	RHPAMCENTR,EXTERNAL
	`RHPAMCENTR_MAVEN_REPO_SERVICE`	—	`${BUSINESS_CENTRAL_MAVEN_SERVICE}`
	`RHPAMCENTR_MAVEN_REPO_PATH`	—	`/maven2/`
	`RHPAMCENTR_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_USERNAME}`
	`RHPAMCENTR_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_PASSWORD}`
	`EXTERNAL_MAVEN_REPO_ID`	The id to use for the maven repository, if set. Default is generated randomly.	`${MAVEN_REPO_ID}`
	`EXTERNAL_MAVEN_REPO_URL`	Fully qualified URL to a Maven repository.	`${MAVEN_REPO_URL}`
	`EXTERNAL_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${MAVEN_REPO_USERNAME}`
	`EXTERNAL_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${MAVEN_REPO_PASSWORD}`
	`KIE_SERVER_ROUTER_SERVICE`	The service name for the optional smart router, where it can be reached, to allow smart routing	`${KIE_SERVER_ROUTER_SERVICE}`
	`KIE_SERVER_ROUTER_HOST`	The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name	`${KIE_SERVER_ROUTER_HOST}`
	`KIE_SERVER_ROUTER_PORT`	Port in which the smart router server listens (router property org.kie.server.router.port)	`${KIE_SERVER_ROUTER_PORT}`
	`KIE_SERVER_ROUTER_PROTOCOL`	KIE server router protocol (Used to build the org.kie.server.router.url.external property)	`${KIE_SERVER_ROUTER_PROTOCOL}`
	`KIE_SERVER_PERSISTENCE_DS`	KIE server persistence datasource (Sets the org.kie.server.persistence.ds system property)	`${KIE_SERVER_PERSISTENCE_DS}`
	`DATASOURCES`	—	`RHPAM`
	`RHPAM_DATABASE`	—	`${KIE_SERVER_POSTGRESQL_DB}`
	`RHPAM_JNDI`	—	`${KIE_SERVER_PERSISTENCE_DS}`
	`RHPAM_JTA`	—	true
	`RHPAM_DRIVER`	—	postgresql
	`KIE_SERVER_PERSISTENCE_DIALECT`	—	org.hibernate.dialect.PostgreSQLDialect
	`RHPAM_USERNAME`	—	`${KIE_SERVER_POSTGRESQL_USER}`
	`RHPAM_PASSWORD`	—	`${KIE_SERVER_POSTGRESQL_PWD}`
	`RHPAM_SERVICE_HOST`	—	`${APPLICATION_NAME}-postgresql`
	`RHPAM_SERVICE_PORT`	—	5432
	`TIMER_SERVICE_DATA_STORE`	Sets refresh-interval for the EJB timer service database-data-store.	`${APPLICATION_NAME}-postgresql`
	`TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL`	Sets refresh-interval for the EJB timer service database-data-store.	`${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}`
	`HTTPS_KEYSTORE_DIR`	—	`/etc/kieserver-secret-volume`
	`HTTPS_KEYSTORE`	The name of the keystore file within the secret	`${KIE_SERVER_HTTPS_KEYSTORE}`
	`HTTPS_NAME`	The name associated with the server certificate	`${KIE_SERVER_HTTPS_NAME}`
	`HTTPS_PASSWORD`	The password for the keystore and certificate	`${KIE_SERVER_HTTPS_PASSWORD}`
	`KIE_SERVER_MGMT_DISABLED`	Disable management api and don’t allow KIE containers to be deployed/undeployed or started/stopped sets the property org.kie.server.mgmt.api.disabled to true and org.kie.server.startup.strategy to LocalContainersStartupStrategy.	`${KIE_SERVER_MGMT_DISABLED}`
	`KIE_SERVER_STARTUP_STRATEGY`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable.	`${KIE_SERVER_STARTUP_STRATEGY}`
	`JGROUPS_PING_PROTOCOL`	—	openshift.DNS_PING
	`OPENSHIFT_DNS_PING_SERVICE_NAME`	—	`${APPLICATION_NAME}-kieserver-ping`
	`OPENSHIFT_DNS_PING_SERVICE_PORT`	—	8888
	`SSO_URL`	RH-SSO URL	`${SSO_URL}`
	`SSO_OPENIDCONNECT_DEPLOYMENTS`	—	ROOT.war
	`SSO_REALM`	RH-SSO Realm name	`${SSO_REALM}`
	`SSO_SECRET`	KIE Server RH-SSO Client Secret	`${KIE_SERVER_SSO_SECRET}`
	`SSO_CLIENT`	KIE Server RH-SSO Client name	`${KIE_SERVER_SSO_CLIENT}`
	`SSO_USERNAME`	RH-SSO Realm Admin Username used to create the Client if it doesn’t exist	`${SSO_USERNAME}`
	`SSO_PASSWORD`	RH-SSO Realm Admin Password used to create the Client	`${SSO_PASSWORD}`
	`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	RH-SSO Disable SSL Certificate Validation	`${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}`
	`SSO_PRINCIPAL_ATTRIBUTE`	RH-SSO Principal Attribute to use as username.	`${SSO_PRINCIPAL_ATTRIBUTE}`
	`HOSTNAME_HTTP`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`
	`HOSTNAME_HTTPS`	Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTPS}`
	`AUTH_LDAP_URL`	LDAP Endpoint to connect for authentication	`${AUTH_LDAP_URL}`
`AUTH_LDAP_BIND_DN`	Bind DN used for authentication	`${AUTH_LDAP_BIND_DN}`
`AUTH_LDAP_BIND_CREDENTIAL`	LDAP Credentials used for authentication	`${AUTH_LDAP_BIND_CREDENTIAL}`
`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.	`${AUTH_LDAP_JAAS_SECURITY_DOMAIN}`
`AUTH_LDAP_BASE_CTX_DN`	LDAP Base DN of the top-level context to begin the user search.	`${AUTH_LDAP_BASE_CTX_DN}`
`AUTH_LDAP_BASE_FILTER`	LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).	`${AUTH_LDAP_BASE_FILTER}`
`AUTH_LDAP_SEARCH_SCOPE`	The search scope to use.	`${AUTH_LDAP_SEARCH_SCOPE}`
`AUTH_LDAP_SEARCH_TIME_LIMIT`	The timeout in milliseconds for user or role searches.	`${AUTH_LDAP_SEARCH_TIME_LIMIT}`
`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.	`${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}`
`AUTH_LDAP_PARSE_USERNAME`	A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString.	`${AUTH_LDAP_PARSE_USERNAME}`
`AUTH_LDAP_USERNAME_BEGIN_STRING`	Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_BEGIN_STRING}`
`AUTH_LDAP_USERNAME_END_STRING`	Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_END_STRING}`
`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	Name of the attribute containing the user roles.	`${AUTH_LDAP_ROLE_ATTRIBUTE_ID}`
`AUTH_LDAP_ROLES_CTX_DN`	The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.	`${AUTH_LDAP_ROLES_CTX_DN}`
`AUTH_LDAP_ROLE_FILTER`	A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).	`${AUTH_LDAP_ROLE_FILTER}`
`AUTH_LDAP_ROLE_RECURSION`	The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.	`${AUTH_LDAP_ROLE_RECURSION}`
`AUTH_LDAP_DEFAULT_ROLE`	A role included for all authenticated users	`${AUTH_LDAP_DEFAULT_ROLE}`
`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.	`${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}`
`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.	`${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}`
`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.	`${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}`
`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.	`${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}`
`${APPLICATION_NAME}-postgresql`	`POSTGRESQL_USER`	KIE server PostgreSQL database username	`${KIE_SERVER_POSTGRESQL_USER}`
	`POSTGRESQL_PASSWORD`	—	`${KIE_SERVER_POSTGRESQL_PWD}`
	`POSTGRESQL_DATABASE`	—	`${KIE_SERVER_POSTGRESQL_DB}`
	`POSTGRESQL_MAX_PREPARED_TRANSACTIONS`	Allows the PostgreSQL to handle XA transactions.	`${POSTGRESQL_MAX_PREPARED_TRANSACTIONS}`

4.2.2.4.3.7. Volumes
复制链接

Expand

Deployment	Name	mountPath	Purpose	readOnly
`${APPLICATION_NAME}-kieserver`	kieserver-keystore-volume	`/etc/kieserver-secret-volume`	ssl certs	True
`${APPLICATION_NAME}-postgresql`	`${APPLICATION_NAME}-postgresql-pvol`	`/var/lib/pgsql/data`	postgresql	false

4.2.2.5. External Dependencies
复制链接

4.2.2.5.1. Volume Claims
复制链接

Expand

Name	Access Mode
`${APPLICATION_NAME}-postgresql-claim`	ReadWriteOnce

4.2.2.5.2. Secrets
复制链接

This template requires the following secrets to be installed for the application to run.

kieserver-app-secret

4.3. rhpam71-kieserver-externaldb
复制链接

Application template for a managed KIE Server with an external database, for Red Hat Process Automation Manager 7.1

4.3.1. Parameters
复制链接

Expand

Variable name	Image Environment Variable	Description	Example value	Required
`APPLICATION_NAME`	—	The name for the application.	myapp	True
`MAVEN_REPO_ID`	`EXTERNAL_MAVEN_REPO_ID`	The id to use for the maven repository, if set. Default is generated randomly.	`${MAVEN_REPO_ID}`	False
`MAVEN_REPO_URL`	`EXTERNAL_MAVEN_REPO_URL`	Fully qualified URL to a Maven repository or service.	`${MAVEN_REPO_URL}`	True
`MAVEN_REPO_USERNAME`	`RHPAMCENTR_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_USERNAME}`	False
`MAVEN_REPO_PASSWORD`	`RHPAMCENTR_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_PASSWORD}`	False
`BUSINESS_CENTRAL_MAVEN_SERVICE`	—	The service name for the optional business central, where it can be reached, to allow service lookups (for maven repo usage), if required	—	False
`BUSINESS_CENTRAL_MAVEN_USERNAME`	—	Username to access the Maven service hosted by Business Central inside EAP.	—	False
`BUSINESS_CENTRAL_MAVEN_PASSWORD`	—	Password to access the Maven service hosted by Business Central inside EAP.	—	False
`KIE_ADMIN_USER`	`KIE_ADMIN_USER`	KIE administrator username	adminUser	False
`KIE_ADMIN_PWD`	`KIE_ADMIN_PWD`	KIE administrator password	`${KIE_ADMIN_PWD}`	False
`KIE_SERVER_USER`	`KIE_SERVER_USER`	KIE server username (Sets the org.kie.server.user system property)	executionUser	False
`KIE_SERVER_PWD`	`KIE_SERVER_PWD`	KIE server password (Sets the org.kie.server.pwd system property)	`${KIE_SERVER_PWD}`	False
`IMAGE_STREAM_NAMESPACE`	—	Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you’ve installed the ImageStreams in a different namespace/project.	openshift	True
`KIE_SERVER_IMAGE_STREAM_NAME`	—	The name of the image stream to use for KIE server. Default is "rhpam71-kieserver-openshift".	rhpam71-kieserver-openshift	True
`IMAGE_STREAM_TAG`	—	A named pointer to an image in an image stream. Default is "1.1".	1.1	True
`KIE_SERVER_ROUTER_SERVICE`	`KIE_SERVER_ROUTER_SERVICE`	The service name for the optional smart router, where it can be reached, to allow smart routing	`${KIE_SERVER_ROUTER_SERVICE}`	False
`KIE_SERVER_ROUTER_HOST`	`KIE_SERVER_ROUTER_HOST`	The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name	`${KIE_SERVER_ROUTER_HOST}`	False
`KIE_SERVER_ROUTER_PORT`	`KIE_SERVER_ROUTER_PORT`	Port in which the smart router server listens (router property org.kie.server.router.port)	`${KIE_SERVER_ROUTER_PORT}`	False
`KIE_SERVER_ROUTER_PROTOCOL`	`KIE_SERVER_ROUTER_PROTOCOL`	KIE server router protocol (Used to build the org.kie.server.router.url.external property)	`${KIE_SERVER_ROUTER_PROTOCOL}`	False
`KIE_SERVER_CONTROLLER_USER`	`KIE_SERVER_CONTROLLER_USER`	KIE server controller username (Sets the org.kie.server.controller.user system property)	controllerUser	False
`KIE_SERVER_CONTROLLER_PWD`	`KIE_SERVER_CONTROLLER_PWD`	KIE server controller password (Sets the org.kie.server.controller.pwd system property)	`${KIE_SERVER_CONTROLLER_PWD}`	False
`KIE_SERVER_CONTROLLER_TOKEN`	`KIE_SERVER_CONTROLLER_TOKEN`	KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property)	`${KIE_SERVER_CONTROLLER_TOKEN}`	False
`KIE_SERVER_CONTROLLER_SERVICE`	`KIE_SERVER_CONTROLLER_SERVICE`	The service name for the optional business central monitor, where it can be reached to allow service lookup, and registered with to allow monitoring console functionality (If set, will be used to discover host and port)	`${KIE_SERVER_CONTROLLER_SERVICE}`	False
`KIE_SERVER_CONTROLLER_HOST`	`KIE_SERVER_CONTROLLER_HOST`	KIE server controller host (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_HOST}`	False
`KIE_SERVER_CONTROLLER_PORT`	`KIE_SERVER_CONTROLLER_PORT`	KIE server controller port (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_PORT}`	False
`KIE_SERVER_PERSISTENCE_DS`	`KIE_SERVER_PERSISTENCE_DS`	KIE server persistence datasource (Sets the org.kie.server.persistence.ds system property)	java:/jboss/datasources/rhpam	False
`KIE_SERVER_EXTERNALDB_DRIVER`	—	KIE server external database driver	—	True
`KIE_SERVER_EXTERNALDB_DRIVER_TYPE`	—	KIE server external database driver type, applicable only for DB2, possible values are 4 (default) or 2	—	False
`KIE_SERVER_EXTERNALDB_USER`	—	KIE server external database username	—	True
`KIE_SERVER_EXTERNALDB_PWD`	—	KIE server external database password	—	True
`KIE_SERVER_EXTERNALDB_URL`	—	KIE server external database JDBC URL	—	False
`KIE_SERVER_EXTERNALDB_DIALECT`	—	KIE server external database Hibernate dialect	—	True
`KIE_SERVER_EXTERNALDB_HOST`	—	KIE server external database host, for ejb_timer datasource configuration	—	True
`KIE_SERVER_EXTERNALDB_PORT`	—	KIE server external database port, for ejb_timer datasource configuration	—	True
`KIE_SERVER_EXTERNALDB_DB`	—	KIE server external database name, for ejb_timer datasource configuration	rhpam	False
`DROOLS_SERVER_FILTER_CLASSES`	`DROOLS_SERVER_FILTER_CLASSES`	KIE server class filtering (Sets the org.drools.server.filter.classes system property)	true	False
`KIE_MBEANS`	`KIE_MBEANS`	KIE server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)	enabled	False
`KIE_SERVER_HOSTNAME_HTTP`	`KIE_SERVER_HOST`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`	False
`KIE_SERVER_HOSTNAME_HTTPS`	`KIE_SERVER_HOST`	Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`	False
`KIE_SERVER_USE_SECURE_ROUTE_NAME`	`KIE_SERVER_USE_SECURE_ROUTE_NAME`	Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value.	false	False
`KIE_SERVER_HTTPS_SECRET`	—	The name of the secret containing the keystore file	—	True
`KIE_SERVER_HTTPS_KEYSTORE`	`HTTPS_KEYSTORE`	The name of the keystore file within the secret	keystore.jks	False
`KIE_SERVER_HTTPS_NAME`	`HTTPS_NAME`	The name associated with the server certificate	jboss	False
`KIE_SERVER_HTTPS_PASSWORD`	`HTTPS_PASSWORD`	The password for the keystore and certificate	mykeystorepass	False
`KIE_SERVER_BYPASS_AUTH_USER`	`KIE_SERVER_BYPASS_AUTH_USER`	KIE server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)	false	False
`TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL`	`TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL`	Sets refresh-interval for the EJB timer database data-store service.	30000	False
`KIE_SERVER_MEMORY_LIMIT`	—	KIE server Container memory limit	1Gi	False
`KIE_SERVER_CONTAINER_DEPLOYMENT`	`KIE_SERVER_CONTAINER_DEPLOYMENT`	KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version\|c2=g2:a2:v2	`${KIE_SERVER_CONTAINER_DEPLOYMENT}`	False
`KIE_SERVER_MGMT_DISABLED`	`KIE_SERVER_MGMT_DISABLED`	Disable management api and don’t allow KIE containers to be deployed/undeployed or started/stopped sets the property org.kie.server.mgmt.api.disabled to true and org.kie.server.startup.strategy to LocalContainersStartupStrategy.	`${KIE_SERVER_MGMT_DISABLED}`	False
`KIE_SERVER_STARTUP_STRATEGY`	`KIE_SERVER_STARTUP_STRATEGY`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable.	`${KIE_SERVER_STARTUP_STRATEGY}`	False
`SSO_URL`	`SSO_URL`	RH-SSO URL	`${SSO_URL}`	False
`SSO_REALM`	`SSO_REALM`	RH-SSO Realm name	`${SSO_REALM}`	False
`KIE_SERVER_SSO_CLIENT`	`SSO_CLIENT`	KIE Server RH-SSO Client name	`${KIE_SERVER_SSO_CLIENT}`	False
`KIE_SERVER_SSO_SECRET`	`SSO_SECRET`	KIE Server RH-SSO Client Secret	`${KIE_SERVER_SSO_SECRET}`	False
`SSO_USERNAME`	`SSO_USERNAME`	RH-SSO Realm Admin Username used to create the Client if it doesn’t exist	`${SSO_USERNAME}`	False
`SSO_PASSWORD`	`SSO_PASSWORD`	RH-SSO Realm Admin Password used to create the Client	`${SSO_PASSWORD}`	False
`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	RH-SSO Disable SSL Certificate Validation	false	False
`SSO_PRINCIPAL_ATTRIBUTE`	`SSO_PRINCIPAL_ATTRIBUTE`	RH-SSO Principal Attribute to use as username.	preferred_username	False
`AUTH_LDAP_URL`	`AUTH_LDAP_URL`	LDAP Endpoint to connect for authentication	`${AUTH_LDAP_URL}`	False
`AUTH_LDAP_BIND_DN`	`AUTH_LDAP_BIND_DN`	Bind DN used for authentication	`${AUTH_LDAP_BIND_DN}`	False
`AUTH_LDAP_BIND_CREDENTIAL`	`AUTH_LDAP_BIND_CREDENTIAL`	LDAP Credentials used for authentication	`${AUTH_LDAP_BIND_CREDENTIAL}`	False
`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.	`${AUTH_LDAP_JAAS_SECURITY_DOMAIN}`	False
`AUTH_LDAP_BASE_CTX_DN`	`AUTH_LDAP_BASE_CTX_DN`	LDAP Base DN of the top-level context to begin the user search.	`${AUTH_LDAP_BASE_CTX_DN}`	False
`AUTH_LDAP_BASE_FILTER`	`AUTH_LDAP_BASE_FILTER`	LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).	`${AUTH_LDAP_BASE_FILTER}`	False
`AUTH_LDAP_SEARCH_SCOPE`	`AUTH_LDAP_SEARCH_SCOPE`	The search scope to use.	`${AUTH_LDAP_SEARCH_SCOPE}`	False
`AUTH_LDAP_SEARCH_TIME_LIMIT`	`AUTH_LDAP_SEARCH_TIME_LIMIT`	The timeout in milliseconds for user or role searches.	`${AUTH_LDAP_SEARCH_TIME_LIMIT}`	False
`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.	`${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}`	False
`AUTH_LDAP_PARSE_USERNAME`	`AUTH_LDAP_PARSE_USERNAME`	A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString.	`${AUTH_LDAP_PARSE_USERNAME}`	False
`AUTH_LDAP_USERNAME_BEGIN_STRING`	`AUTH_LDAP_USERNAME_BEGIN_STRING`	Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_BEGIN_STRING}`	False
`AUTH_LDAP_USERNAME_END_STRING`	`AUTH_LDAP_USERNAME_END_STRING`	Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_END_STRING}`	False
`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	Name of the attribute containing the user roles.	`${AUTH_LDAP_ROLE_ATTRIBUTE_ID}`	False
`AUTH_LDAP_ROLES_CTX_DN`	`AUTH_LDAP_ROLES_CTX_DN`	The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.	`${AUTH_LDAP_ROLES_CTX_DN}`	False
`AUTH_LDAP_ROLE_FILTER`	`AUTH_LDAP_ROLE_FILTER`	A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).	`${AUTH_LDAP_ROLE_FILTER}`	False
`AUTH_LDAP_ROLE_RECURSION`	`AUTH_LDAP_ROLE_RECURSION`	The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.	`${AUTH_LDAP_ROLE_RECURSION}`	False
`AUTH_LDAP_DEFAULT_ROLE`	`AUTH_LDAP_DEFAULT_ROLE`	A role included for all authenticated users	`${AUTH_LDAP_DEFAULT_ROLE}`	False
`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.	`${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}`	False
`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.	`${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}`	False
`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.	`${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}`	False
`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.	`${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}`	False

4.3.2. Objects
复制链接

The CLI supports various object types. A list of these object types as well as their abbreviations can be found in the Openshift documentation.

4.3.2.1. Services
复制链接

A service is an abstraction which defines a logical set of pods and a policy by which to access them. Refer to the container-engine documentation for more information.

Expand

Service	Port	Name	Description
`${APPLICATION_NAME}-kieserver`	8080	http	All the KIE server web server’s ports.
`${APPLICATION_NAME}-kieserver`	8443	https	All the KIE server web server’s ports.
`${APPLICATION_NAME}-kieserver-ping`	8888	ping	The JGroups ping port for clustering.

4.3.2.2. Routes
复制链接

Expand

Service	Security	Hostname
`${APPLICATION_NAME}-kieserver-http`	none	`${KIE_SERVER_HOSTNAME_HTTP}`
`${APPLICATION_NAME}-kieserver-https`	TLS passthrough	`${KIE_SERVER_HOSTNAME_HTTPS}`

4.3.2.3. Deployment Configurations
复制链接

4.3.2.3.1. Triggers
复制链接

A trigger drives the creation of new deployments in response to events, both inside and outside OpenShift. Refer to the Openshift documentation for more information.

Expand

Deployment	Triggers
`${APPLICATION_NAME}-kieserver`	ImageChange

4.3.2.3.2. Replicas
复制链接

Expand

Deployment	Replicas
`${APPLICATION_NAME}-kieserver`	1

4.3.2.3.3. Pod Template
复制链接

4.3.2.3.3.1. Service Accounts
复制链接

Service accounts are API objects that exist within each project. They can be created or deleted like any other API object. Refer to the Openshift documentation for more information.

Expand

Deployment	Service Account
`${APPLICATION_NAME}-kieserver`	`${APPLICATION_NAME}-kieserver`

4.3.2.3.3.2. Image
复制链接

Expand

Deployment	Image
`${APPLICATION_NAME}-kieserver`	`${KIE_SERVER_IMAGE_STREAM_NAME}`

4.3.2.3.3.3. Readiness Probe
复制链接

${APPLICATION_NAME}-kieserver

/bin/bash -c curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck

4.3.2.3.3.4. Liveness Probe
复制链接

${APPLICATION_NAME}-kieserver

/bin/bash -c curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck

4.3.2.3.3.5. Exposed Ports
复制链接

Expand

Deployments	Name	Port	Protocol
`${APPLICATION_NAME}-kieserver`	jolokia	8778	`TCP`
	http	8080	`TCP`
	https	8443	`TCP`
	ping	8888	`TCP`

4.3.2.3.3.6. Image Environment Variables
复制链接

Expand

Deployment	Variable name	Description	Example value
`${APPLICATION_NAME}-kieserver`	`DROOLS_SERVER_FILTER_CLASSES`	KIE server class filtering (Sets the org.drools.server.filter.classes system property)	`${DROOLS_SERVER_FILTER_CLASSES}`
	`KIE_ADMIN_USER`	KIE administrator username	`${KIE_ADMIN_USER}`
	`KIE_ADMIN_PWD`	KIE administrator password	`${KIE_ADMIN_PWD}`
	`KIE_MBEANS`	KIE server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)	`${KIE_MBEANS}`
	`KIE_SERVER_BYPASS_AUTH_USER`	KIE server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)	`${KIE_SERVER_BYPASS_AUTH_USER}`
	`KIE_SERVER_CONTROLLER_USER`	KIE server controller username (Sets the org.kie.server.controller.user system property)	`${KIE_SERVER_CONTROLLER_USER}`
	`KIE_SERVER_CONTROLLER_PWD`	KIE server controller password (Sets the org.kie.server.controller.pwd system property)	`${KIE_SERVER_CONTROLLER_PWD}`
	`KIE_SERVER_CONTROLLER_TOKEN`	KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property)	`${KIE_SERVER_CONTROLLER_TOKEN}`
	`KIE_SERVER_CONTROLLER_SERVICE`	The service name for the optional business central monitor, where it can be reached to allow service lookup, and registered with to allow monitoring console functionality (If set, will be used to discover host and port)	`${KIE_SERVER_CONTROLLER_SERVICE}`
	`KIE_SERVER_CONTROLLER_PROTOCOL`	—	ws
	`KIE_SERVER_CONTROLLER_HOST`	KIE server controller host (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_HOST}`
	`KIE_SERVER_CONTROLLER_PORT`	KIE server controller port (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_PORT}`
	`KIE_SERVER_ID`	—	`${APPLICATION_NAME}-kieserver`
	`KIE_SERVER_HOST`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`
	`KIE_SERVER_ROUTE_NAME`	—	`${APPLICATION_NAME}-kieserver`
	`KIE_SERVER_USE_SECURE_ROUTE_NAME`	Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value.	`${KIE_SERVER_USE_SECURE_ROUTE_NAME}`
	`KIE_SERVER_USER`	KIE server username (Sets the org.kie.server.user system property)	`${KIE_SERVER_USER}`
	`KIE_SERVER_PWD`	KIE server password (Sets the org.kie.server.pwd system property)	`${KIE_SERVER_PWD}`
	`KIE_SERVER_CONTAINER_DEPLOYMENT`	KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version\|c2=g2:a2:v2	`${KIE_SERVER_CONTAINER_DEPLOYMENT}`
	`MAVEN_REPOS`	—	RHPAMCENTR,EXTERNAL
	`RHPAMCENTR_MAVEN_REPO_SERVICE`	—	`${BUSINESS_CENTRAL_MAVEN_SERVICE}`
	`RHPAMCENTR_MAVEN_REPO_PATH`	—	`/maven2/`
	`RHPAMCENTR_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_USERNAME}`
	`RHPAMCENTR_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_PASSWORD}`
	`EXTERNAL_MAVEN_REPO_ID`	The id to use for the maven repository, if set. Default is generated randomly.	`${MAVEN_REPO_ID}`
	`EXTERNAL_MAVEN_REPO_URL`	Fully qualified URL to a Maven repository or service.	`${MAVEN_REPO_URL}`
	`EXTERNAL_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${MAVEN_REPO_USERNAME}`
	`EXTERNAL_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${MAVEN_REPO_PASSWORD}`
	`KIE_SERVER_ROUTER_SERVICE`	The service name for the optional smart router, where it can be reached, to allow smart routing	`${KIE_SERVER_ROUTER_SERVICE}`
	`KIE_SERVER_ROUTER_HOST`	The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name	`${KIE_SERVER_ROUTER_HOST}`
	`KIE_SERVER_ROUTER_PORT`	Port in which the smart router server listens (router property org.kie.server.router.port)	`${KIE_SERVER_ROUTER_PORT}`
	`KIE_SERVER_ROUTER_PROTOCOL`	KIE server router protocol (Used to build the org.kie.server.router.url.external property)	`${KIE_SERVER_ROUTER_PROTOCOL}`
	`KIE_SERVER_MGMT_DISABLED`	Disable management api and don’t allow KIE containers to be deployed/undeployed or started/stopped sets the property org.kie.server.mgmt.api.disabled to true and org.kie.server.startup.strategy to LocalContainersStartupStrategy.	`${KIE_SERVER_MGMT_DISABLED}`
	`KIE_SERVER_STARTUP_STRATEGY`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable.	`${KIE_SERVER_STARTUP_STRATEGY}`
	`KIE_SERVER_PERSISTENCE_DS`	KIE server persistence datasource (Sets the org.kie.server.persistence.ds system property)	`${KIE_SERVER_PERSISTENCE_DS}`
	`DATASOURCES`	—	`RHPAM`
	`RHPAM_JNDI`	—	`${KIE_SERVER_PERSISTENCE_DS}`
	`KIE_SERVER_PERSISTENCE_DIALECT`	—	`${KIE_SERVER_EXTERNALDB_DIALECT}`
	`RHPAM_DRIVER`	—	`${KIE_SERVER_EXTERNALDB_DRIVER}`
	`RHPAM_DRIVER_TYPE`	—	`${KIE_SERVER_EXTERNALDB_DRIVER_TYPE}`
	`RHPAM_USERNAME`	—	`${KIE_SERVER_EXTERNALDB_USER}`
	`RHPAM_PASSWORD`	—	`${KIE_SERVER_EXTERNALDB_PWD}`
	`RHPAM_XA_CONNECTION_PROPERTY_URL`	—	`${KIE_SERVER_EXTERNALDB_URL}`
	`RHPAM_SERVICE_HOST`	—	`${KIE_SERVER_EXTERNALDB_HOST}`
	`RHPAM_SERVICE_PORT`	—	`${KIE_SERVER_EXTERNALDB_PORT}`
	`RHPAM_DATABASE`	—	`${KIE_SERVER_EXTERNALDB_DB}`
	`RHPAM_JTA`	—	true
	`TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL`	Sets refresh-interval for the EJB timer database data-store service.	`${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}`
	`HTTPS_KEYSTORE_DIR`	—	`/etc/kieserver-secret-volume`
	`HTTPS_KEYSTORE`	The name of the keystore file within the secret	`${KIE_SERVER_HTTPS_KEYSTORE}`
	`HTTPS_NAME`	The name associated with the server certificate	`${KIE_SERVER_HTTPS_NAME}`
	`HTTPS_PASSWORD`	The password for the keystore and certificate	`${KIE_SERVER_HTTPS_PASSWORD}`
	`JGROUPS_PING_PROTOCOL`	—	openshift.DNS_PING
	`OPENSHIFT_DNS_PING_SERVICE_NAME`	—	`${APPLICATION_NAME}-kieserver-ping`
	`OPENSHIFT_DNS_PING_SERVICE_PORT`	—	8888
	`SSO_URL`	RH-SSO URL	`${SSO_URL}`
	`SSO_OPENIDCONNECT_DEPLOYMENTS`	—	ROOT.war
	`SSO_REALM`	RH-SSO Realm name	`${SSO_REALM}`
	`SSO_SECRET`	KIE Server RH-SSO Client Secret	`${KIE_SERVER_SSO_SECRET}`
	`SSO_CLIENT`	KIE Server RH-SSO Client name	`${KIE_SERVER_SSO_CLIENT}`
	`SSO_USERNAME`	RH-SSO Realm Admin Username used to create the Client if it doesn’t exist	`${SSO_USERNAME}`
	`SSO_PASSWORD`	RH-SSO Realm Admin Password used to create the Client	`${SSO_PASSWORD}`
	`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	RH-SSO Disable SSL Certificate Validation	`${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}`
	`SSO_PRINCIPAL_ATTRIBUTE`	RH-SSO Principal Attribute to use as username.	`${SSO_PRINCIPAL_ATTRIBUTE}`
`HOSTNAME_HTTP`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`
`HOSTNAME_HTTPS`	Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTPS}`
`AUTH_LDAP_URL`	LDAP Endpoint to connect for authentication	`${AUTH_LDAP_URL}`
`AUTH_LDAP_BIND_DN`	Bind DN used for authentication	`${AUTH_LDAP_BIND_DN}`
`AUTH_LDAP_BIND_CREDENTIAL`	LDAP Credentials used for authentication	`${AUTH_LDAP_BIND_CREDENTIAL}`
`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.	`${AUTH_LDAP_JAAS_SECURITY_DOMAIN}`
`AUTH_LDAP_BASE_CTX_DN`	LDAP Base DN of the top-level context to begin the user search.	`${AUTH_LDAP_BASE_CTX_DN}`
`AUTH_LDAP_BASE_FILTER`	LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).	`${AUTH_LDAP_BASE_FILTER}`
`AUTH_LDAP_SEARCH_SCOPE`	The search scope to use.	`${AUTH_LDAP_SEARCH_SCOPE}`
`AUTH_LDAP_SEARCH_TIME_LIMIT`	The timeout in milliseconds for user or role searches.	`${AUTH_LDAP_SEARCH_TIME_LIMIT}`
`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.	`${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}`
`AUTH_LDAP_PARSE_USERNAME`	A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString.	`${AUTH_LDAP_PARSE_USERNAME}`
`AUTH_LDAP_USERNAME_BEGIN_STRING`	Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_BEGIN_STRING}`
`AUTH_LDAP_USERNAME_END_STRING`	Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_END_STRING}`
`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	Name of the attribute containing the user roles.	`${AUTH_LDAP_ROLE_ATTRIBUTE_ID}`
`AUTH_LDAP_ROLES_CTX_DN`	The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.	`${AUTH_LDAP_ROLES_CTX_DN}`
`AUTH_LDAP_ROLE_FILTER`	A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).	`${AUTH_LDAP_ROLE_FILTER}`
`AUTH_LDAP_ROLE_RECURSION`	The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.	`${AUTH_LDAP_ROLE_RECURSION}`
`AUTH_LDAP_DEFAULT_ROLE`	A role included for all authenticated users	`${AUTH_LDAP_DEFAULT_ROLE}`
`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.	`${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}`
`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.	`${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}`
`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.	`${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}`
`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.	`${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}`

4.3.2.3.3.7. Volumes
复制链接

Expand

Deployment	Name	mountPath	Purpose	readOnly
`${APPLICATION_NAME}-kieserver`	kieserver-keystore-volume	`/etc/kieserver-secret-volume`	ssl certs	True

4.3.2.4. External Dependencies
复制链接

4.3.2.4.1. Secrets
复制链接

This template requires the following secrets to be installed for the application to run.

kieserver-app-secret

4.4. rhpam71-kieserver-mysql
复制链接

Application template for a managed KIE Server with a MySQL database, for Red Hat Process Automation Manager 7.1

4.4.1. Parameters
复制链接

Expand

Variable name	Image Environment Variable	Description	Example value	Required
`APPLICATION_NAME`	—	The name for the application.	myapp	True
`MAVEN_REPO_ID`	`EXTERNAL_MAVEN_REPO_ID`	The id to use for the maven repository, if set. Default is generated randomly.	`${MAVEN_REPO_ID}`	False
`MAVEN_REPO_URL`	`EXTERNAL_MAVEN_REPO_URL`	Fully qualified URL to a Maven repository or service.	`${MAVEN_REPO_URL}`	True
`MAVEN_REPO_USERNAME`	`RHPAMCENTR_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_USERNAME}`	False
`MAVEN_REPO_PASSWORD`	`RHPAMCENTR_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_PASSWORD}`	False
`BUSINESS_CENTRAL_MAVEN_SERVICE`	—	The service name for the optional business central, where it can be reached, to allow service lookups (for maven repo usage), if required	—	False
`BUSINESS_CENTRAL_MAVEN_USERNAME`	—	Username to access the Maven service hosted by Business Central inside EAP.	—	False
`BUSINESS_CENTRAL_MAVEN_PASSWORD`	—	Password to access the Maven service hosted by Business Central inside EAP.	—	False
`KIE_ADMIN_USER`	`KIE_ADMIN_USER`	KIE administrator username	adminUser	False
`KIE_ADMIN_PWD`	`KIE_ADMIN_PWD`	KIE administrator password	`${KIE_ADMIN_PWD}`	False
`KIE_SERVER_USER`	`KIE_SERVER_USER`	KIE server username (Sets the org.kie.server.user system property)	executionUser	False
`KIE_SERVER_PWD`	`KIE_SERVER_PWD`	KIE server password (Sets the org.kie.server.pwd system property)	`${KIE_SERVER_PWD}`	False
`IMAGE_STREAM_NAMESPACE`	—	Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you’ve installed the ImageStreams in a different namespace/project.	openshift	True
`KIE_SERVER_IMAGE_STREAM_NAME`	—	The name of the image stream to use for KIE server. Default is "rhpam71-kieserver-openshift".	rhpam71-kieserver-openshift	True
`IMAGE_STREAM_TAG`	—	A named pointer to an image in an image stream. Default is "1.1".	1.1	True
`KIE_SERVER_ROUTER_SERVICE`	`KIE_SERVER_ROUTER_SERVICE`	The service name for the optional smart router, where it can be reached, to allow smart routing	`${KIE_SERVER_ROUTER_SERVICE}`	False
`KIE_SERVER_ROUTER_HOST`	`KIE_SERVER_ROUTER_HOST`	The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name	`${KIE_SERVER_ROUTER_HOST}`	False
`KIE_SERVER_ROUTER_PORT`	`KIE_SERVER_ROUTER_PORT`	Port in which the smart router server listens (router property org.kie.server.router.port)	`${KIE_SERVER_ROUTER_PORT}`	False
`KIE_SERVER_ROUTER_PROTOCOL`	`KIE_SERVER_ROUTER_PROTOCOL`	KIE server router protocol (Used to build the org.kie.server.router.url.external property)	`${KIE_SERVER_ROUTER_PROTOCOL}`	False
`KIE_SERVER_CONTROLLER_USER`	`KIE_SERVER_CONTROLLER_USER`	KIE server controller username (Sets the org.kie.server.controller.user system property)	controllerUser	False
`KIE_SERVER_CONTROLLER_PWD`	`KIE_SERVER_CONTROLLER_PWD`	KIE server controller password (Sets the org.kie.server.controller.pwd system property)	`${KIE_SERVER_CONTROLLER_PWD}`	False
`KIE_SERVER_CONTROLLER_TOKEN`	`KIE_SERVER_CONTROLLER_TOKEN`	KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property)	`${KIE_SERVER_CONTROLLER_TOKEN}`	False
`KIE_SERVER_CONTROLLER_SERVICE`	`KIE_SERVER_CONTROLLER_SERVICE`	The service name for the optional business central monitor, where it can be reached to allow service lookup, and registered with to allow monitoring console functionality (If set, will be used to discover host and port)	`${KIE_SERVER_CONTROLLER_SERVICE}`	False
`KIE_SERVER_CONTROLLER_HOST`	`KIE_SERVER_CONTROLLER_HOST`	KIE server controller host (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_HOST}`	False
`KIE_SERVER_CONTROLLER_PORT`	`KIE_SERVER_CONTROLLER_PORT`	KIE server controller port (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_PORT}`	False
`KIE_SERVER_PERSISTENCE_DS`	`KIE_SERVER_PERSISTENCE_DS`	KIE server persistence datasource (Sets the org.kie.server.persistence.ds system property)	java:/jboss/datasources/rhpam	False
`MYSQL_IMAGE_STREAM_NAMESPACE`	—	Namespace in which the ImageStream for the MySQL image is installed. The ImageStream is already installed in the openshift namespace. You should only need to modify this if you’ve installed the ImageStream in a different namespace/project. Default is "openshift".	openshift	False
`MYSQL_IMAGE_STREAM_TAG`	—	The MySQL image version, which is intended to correspond to the MySQL version. Default is "5.7".	5.7	False
`KIE_SERVER_MYSQL_USER`	`MYSQL_USER`	KIE server MySQL database username	rhpam	False
`KIE_SERVER_MYSQL_PWD`	—	KIE server MySQL database password	—	False
`KIE_SERVER_MYSQL_DB`	—	KIE server MySQL database name	rhpam7	False
`DB_VOLUME_CAPACITY`	—	Size of persistent storage for database volume.	1Gi	True
`DROOLS_SERVER_FILTER_CLASSES`	`DROOLS_SERVER_FILTER_CLASSES`	KIE server class filtering (Sets the org.drools.server.filter.classes system property)	true	False
`KIE_MBEANS`	`KIE_MBEANS`	KIE server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)	enabled	False
`KIE_SERVER_HOSTNAME_HTTP`	`KIE_SERVER_HOST`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`	False
`KIE_SERVER_HOSTNAME_HTTPS`	`KIE_SERVER_HOST`	Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`	False
`KIE_SERVER_USE_SECURE_ROUTE_NAME`	`KIE_SERVER_USE_SECURE_ROUTE_NAME`	Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value.	false	False
`KIE_SERVER_HTTPS_SECRET`	—	The name of the secret containing the keystore file	—	True
`KIE_SERVER_HTTPS_KEYSTORE`	`HTTPS_KEYSTORE`	The name of the keystore file within the secret	keystore.jks	False
`KIE_SERVER_HTTPS_NAME`	`HTTPS_NAME`	The name associated with the server certificate	jboss	False
`KIE_SERVER_HTTPS_PASSWORD`	`HTTPS_PASSWORD`	The password for the keystore and certificate	mykeystorepass	False
`KIE_SERVER_BYPASS_AUTH_USER`	`KIE_SERVER_BYPASS_AUTH_USER`	KIE server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)	false	False
`TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL`	`TIMER_SERVICE_DATA_STORE`	Sets refresh-interval for the EJB timer database data-store service.	30000	False
`KIE_SERVER_MEMORY_LIMIT`	—	KIE server Container memory limit	1Gi	False
`KIE_SERVER_CONTAINER_DEPLOYMENT`	`KIE_SERVER_CONTAINER_DEPLOYMENT`	KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version\|c2=g2:a2:v2	`${KIE_SERVER_CONTAINER_DEPLOYMENT}`	False
`KIE_SERVER_MGMT_DISABLED`	`KIE_SERVER_MGMT_DISABLED`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable.	`${KIE_SERVER_MGMT_DISABLED}`	False
`KIE_SERVER_STARTUP_STRATEGY`	`KIE_SERVER_STARTUP_STRATEGY`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable.	`${KIE_SERVER_STARTUP_STRATEGY}`	False
`SSO_URL`	`SSO_URL`	RH-SSO URL	`${SSO_URL}`	False
`SSO_REALM`	`SSO_REALM`	RH-SSO Realm name	`${SSO_REALM}`	False
`KIE_SERVER_SSO_CLIENT`	`SSO_CLIENT`	KIE Server RH-SSO Client name	`${KIE_SERVER_SSO_CLIENT}`	False
`KIE_SERVER_SSO_SECRET`	`SSO_SECRET`	KIE Server RH-SSO Client Secret	`${KIE_SERVER_SSO_SECRET}`	False
`SSO_USERNAME`	`SSO_USERNAME`	RH-SSO Realm Admin Username used to create the Client if it doesn’t exist	`${SSO_USERNAME}`	False
`SSO_PASSWORD`	`SSO_PASSWORD`	RH-SSO Realm Admin Password used to create the Client	`${SSO_PASSWORD}`	False
`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	RH-SSO Disable SSL Certificate Validation	false	False
`SSO_PRINCIPAL_ATTRIBUTE`	`SSO_PRINCIPAL_ATTRIBUTE`	RH-SSO Principal Attribute to use as username.	preferred_username	False
`AUTH_LDAP_URL`	`AUTH_LDAP_URL`	LDAP Endpoint to connect for authentication	`${AUTH_LDAP_URL}`	False
`AUTH_LDAP_BIND_DN`	`AUTH_LDAP_BIND_DN`	Bind DN used for authentication	`${AUTH_LDAP_BIND_DN}`	False
`AUTH_LDAP_BIND_CREDENTIAL`	`AUTH_LDAP_BIND_CREDENTIAL`	LDAP Credentials used for authentication	`${AUTH_LDAP_BIND_CREDENTIAL}`	False
`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.	`${AUTH_LDAP_JAAS_SECURITY_DOMAIN}`	False
`AUTH_LDAP_BASE_CTX_DN`	`AUTH_LDAP_BASE_CTX_DN`	LDAP Base DN of the top-level context to begin the user search.	`${AUTH_LDAP_BASE_CTX_DN}`	False
`AUTH_LDAP_BASE_FILTER`	`AUTH_LDAP_BASE_FILTER`	LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).	`${AUTH_LDAP_BASE_FILTER}`	False
`AUTH_LDAP_SEARCH_SCOPE`	`AUTH_LDAP_SEARCH_SCOPE`	The search scope to use.	`${AUTH_LDAP_SEARCH_SCOPE}`	False
`AUTH_LDAP_SEARCH_TIME_LIMIT`	`AUTH_LDAP_SEARCH_TIME_LIMIT`	The timeout in milliseconds for user or role searches.	`${AUTH_LDAP_SEARCH_TIME_LIMIT}`	False
`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.	`${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}`	False
`AUTH_LDAP_PARSE_USERNAME`	`AUTH_LDAP_PARSE_USERNAME`	A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString.	`${AUTH_LDAP_PARSE_USERNAME}`	False
`AUTH_LDAP_USERNAME_BEGIN_STRING`	`AUTH_LDAP_USERNAME_BEGIN_STRING`	Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_BEGIN_STRING}`	False
`AUTH_LDAP_USERNAME_END_STRING`	`AUTH_LDAP_USERNAME_END_STRING`	Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_END_STRING}`	False
`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	Name of the attribute containing the user roles.	`${AUTH_LDAP_ROLE_ATTRIBUTE_ID}`	False
`AUTH_LDAP_ROLES_CTX_DN`	`AUTH_LDAP_ROLES_CTX_DN`	The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.	`${AUTH_LDAP_ROLES_CTX_DN}`	False
`AUTH_LDAP_ROLE_FILTER`	`AUTH_LDAP_ROLE_FILTER`	A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).	`${AUTH_LDAP_ROLE_FILTER}`	False
`AUTH_LDAP_ROLE_RECURSION`	`AUTH_LDAP_ROLE_RECURSION`	The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.	`${AUTH_LDAP_ROLE_RECURSION}`	False
`AUTH_LDAP_DEFAULT_ROLE`	`AUTH_LDAP_DEFAULT_ROLE`	A role included for all authenticated users	`${AUTH_LDAP_DEFAULT_ROLE}`	False
`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.	`${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}`	False
`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.	`${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}`	False
`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.	`${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}`	False
`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.	`${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}`	False

4.4.2. Objects
复制链接

The CLI supports various object types. A list of these object types as well as their abbreviations can be found in the Openshift documentation.

4.4.2.1. Services
复制链接

A service is an abstraction which defines a logical set of pods and a policy by which to access them. Refer to the container-engine documentation for more information.

Expand

Service	Port	Name	Description
`${APPLICATION_NAME}-kieserver`	8080	http	All the KIE server web server’s ports.
`${APPLICATION_NAME}-kieserver`	8443	https	All the KIE server web server’s ports.
`${APPLICATION_NAME}-kieserver-ping`	8888	ping	The JGroups ping port for clustering.
`${APPLICATION_NAME}-mysql`	3306	—	The database server’s port.

4.4.2.2. Routes
复制链接

Expand

Service	Security	Hostname
`${APPLICATION_NAME}-kieserver-http`	none	`${KIE_SERVER_HOSTNAME_HTTP}`
`${APPLICATION_NAME}-kieserver-https`	TLS passthrough	`${KIE_SERVER_HOSTNAME_HTTPS}`

4.4.2.3. Deployment Configurations
复制链接

4.4.2.3.1. Triggers
复制链接

A trigger drives the creation of new deployments in response to events, both inside and outside OpenShift. Refer to the Openshift documentation for more information.

Expand

Deployment	Triggers
`${APPLICATION_NAME}-kieserver`	ImageChange
`${APPLICATION_NAME}-mysql`	ImageChange

4.4.2.3.2. Replicas
复制链接

Expand

Deployment	Replicas
`${APPLICATION_NAME}-kieserver`	1
`${APPLICATION_NAME}-mysql`	1

4.4.2.3.3. Pod Template
复制链接

4.4.2.3.3.1. Service Accounts
复制链接

Service accounts are API objects that exist within each project. They can be created or deleted like any other API object. Refer to the Openshift documentation for more information.

Expand

Deployment	Service Account
`${APPLICATION_NAME}-kieserver`	`${APPLICATION_NAME}-kieserver`

4.4.2.3.3.2. Image
复制链接

Expand

Deployment	Image
`${APPLICATION_NAME}-kieserver`	`${KIE_SERVER_IMAGE_STREAM_NAME}`
`${APPLICATION_NAME}-mysql`	mysql

4.4.2.3.3.3. Readiness Probe
复制链接

${APPLICATION_NAME}-kieserver

/bin/bash -c curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck

${APPLICATION_NAME}-mysql

/bin/sh -i -c MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'

4.4.2.3.3.4. Liveness Probe
复制链接

${APPLICATION_NAME}-kieserver

/bin/bash -c curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck

4.4.2.3.3.5. Exposed Ports
复制链接

Expand

Deployments	Name	Port	Protocol
`${APPLICATION_NAME}-kieserver`	jolokia	8778	`TCP`
	http	8080	`TCP`
	https	8443	`TCP`
	ping	8888	`TCP`
`${APPLICATION_NAME}-mysql`	—	3306	`TCP`

4.4.2.3.3.6. Image Environment Variables
复制链接

Expand

Deployment	Variable name	Description	Example value
`${APPLICATION_NAME}-kieserver`	`DROOLS_SERVER_FILTER_CLASSES`	KIE server class filtering (Sets the org.drools.server.filter.classes system property)	`${DROOLS_SERVER_FILTER_CLASSES}`
	`KIE_ADMIN_USER`	KIE administrator username	`${KIE_ADMIN_USER}`
	`KIE_ADMIN_PWD`	KIE administrator password	`${KIE_ADMIN_PWD}`
	`KIE_MBEANS`	KIE server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)	`${KIE_MBEANS}`
	`KIE_SERVER_BYPASS_AUTH_USER`	KIE server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)	`${KIE_SERVER_BYPASS_AUTH_USER}`
	`KIE_SERVER_CONTROLLER_USER`	KIE server controller username (Sets the org.kie.server.controller.user system property)	`${KIE_SERVER_CONTROLLER_USER}`
	`KIE_SERVER_CONTROLLER_PWD`	KIE server controller password (Sets the org.kie.server.controller.pwd system property)	`${KIE_SERVER_CONTROLLER_PWD}`
	`KIE_SERVER_CONTROLLER_TOKEN`	KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property)	`${KIE_SERVER_CONTROLLER_TOKEN}`
	`KIE_SERVER_CONTROLLER_SERVICE`	The service name for the optional business central monitor, where it can be reached to allow service lookup, and registered with to allow monitoring console functionality (If set, will be used to discover host and port)	`${KIE_SERVER_CONTROLLER_SERVICE}`
	`KIE_SERVER_CONTROLLER_PROTOCOL`	—	ws
	`KIE_SERVER_CONTROLLER_HOST`	KIE server controller host (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_HOST}`
	`KIE_SERVER_CONTROLLER_PORT`	KIE server controller port (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_PORT}`
	`KIE_SERVER_ID`	—	`${APPLICATION_NAME}-kieserver`
	`KIE_SERVER_HOST`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`
	`KIE_SERVER_ROUTE_NAME`	—	`${APPLICATION_NAME}-kieserver`
	`KIE_SERVER_USE_SECURE_ROUTE_NAME`	Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value.	`${KIE_SERVER_USE_SECURE_ROUTE_NAME}`
	`KIE_SERVER_USER`	KIE server username (Sets the org.kie.server.user system property)	`${KIE_SERVER_USER}`
	`KIE_SERVER_PWD`	KIE server password (Sets the org.kie.server.pwd system property)	`${KIE_SERVER_PWD}`
	`KIE_SERVER_CONTAINER_DEPLOYMENT`	KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version\|c2=g2:a2:v2	`${KIE_SERVER_CONTAINER_DEPLOYMENT}`
	`MAVEN_REPOS`	—	RHPAMCENTR,EXTERNAL
	`RHPAMCENTR_MAVEN_REPO_SERVICE`	—	`${BUSINESS_CENTRAL_MAVEN_SERVICE}`
	`RHPAMCENTR_MAVEN_REPO_PATH`	—	`/maven2/`
	`RHPAMCENTR_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_USERNAME}`
	`RHPAMCENTR_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_PASSWORD}`
	`EXTERNAL_MAVEN_REPO_ID`	The id to use for the maven repository, if set. Default is generated randomly.	`${MAVEN_REPO_ID}`
	`EXTERNAL_MAVEN_REPO_URL`	Fully qualified URL to a Maven repository or service.	`${MAVEN_REPO_URL}`
	`EXTERNAL_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${MAVEN_REPO_USERNAME}`
	`EXTERNAL_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${MAVEN_REPO_PASSWORD}`
	`KIE_SERVER_ROUTER_SERVICE`	The service name for the optional smart router, where it can be reached, to allow smart routing	`${KIE_SERVER_ROUTER_SERVICE}`
	`KIE_SERVER_ROUTER_HOST`	The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name	`${KIE_SERVER_ROUTER_HOST}`
	`KIE_SERVER_ROUTER_PORT`	Port in which the smart router server listens (router property org.kie.server.router.port)	`${KIE_SERVER_ROUTER_PORT}`
	`KIE_SERVER_ROUTER_PROTOCOL`	KIE server router protocol (Used to build the org.kie.server.router.url.external property)	`${KIE_SERVER_ROUTER_PROTOCOL}`
	`KIE_SERVER_MGMT_DISABLED`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable.	`${KIE_SERVER_MGMT_DISABLED}`
	`KIE_SERVER_STARTUP_STRATEGY`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable.	`${KIE_SERVER_STARTUP_STRATEGY}`
	`KIE_SERVER_PERSISTENCE_DS`	KIE server persistence datasource (Sets the org.kie.server.persistence.ds system property)	`${KIE_SERVER_PERSISTENCE_DS}`
	`DATASOURCES`	—	`RHPAM`
	`RHPAM_JNDI`	—	`${KIE_SERVER_PERSISTENCE_DS}`
	`RHPAM_DATABASE`	—	`${KIE_SERVER_MYSQL_DB}`
	`RHPAM_DRIVER`	—	mysql
	`KIE_SERVER_PERSISTENCE_DIALECT`	—	org.hibernate.dialect.MySQL5Dialect
	`RHPAM_USERNAME`	—	`${KIE_SERVER_MYSQL_USER}`
	`RHPAM_PASSWORD`	—	`${KIE_SERVER_MYSQL_PWD}`
	`RHPAM_SERVICE_HOST`	—	`${APPLICATION_NAME}-mysql`
	`RHPAM_SERVICE_PORT`	—	3306
	`TIMER_SERVICE_DATA_STORE`	Sets refresh-interval for the EJB timer database data-store service.	`${APPLICATION_NAME}-mysql`
	`RHPAM_JTA`	—	true
	`TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL`	Sets refresh-interval for the EJB timer database data-store service.	`${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}`
	`HTTPS_KEYSTORE_DIR`	—	`/etc/kieserver-secret-volume`
	`HTTPS_KEYSTORE`	The name of the keystore file within the secret	`${KIE_SERVER_HTTPS_KEYSTORE}`
	`HTTPS_NAME`	The name associated with the server certificate	`${KIE_SERVER_HTTPS_NAME}`
	`HTTPS_PASSWORD`	The password for the keystore and certificate	`${KIE_SERVER_HTTPS_PASSWORD}`
	`JGROUPS_PING_PROTOCOL`	—	openshift.DNS_PING
	`OPENSHIFT_DNS_PING_SERVICE_NAME`	—	`${APPLICATION_NAME}-kieserver-ping`
	`OPENSHIFT_DNS_PING_SERVICE_PORT`	—	8888
	`SSO_URL`	RH-SSO URL	`${SSO_URL}`
	`SSO_OPENIDCONNECT_DEPLOYMENTS`	—	ROOT.war
	`SSO_REALM`	RH-SSO Realm name	`${SSO_REALM}`
	`SSO_SECRET`	KIE Server RH-SSO Client Secret	`${KIE_SERVER_SSO_SECRET}`
	`SSO_CLIENT`	KIE Server RH-SSO Client name	`${KIE_SERVER_SSO_CLIENT}`
	`SSO_USERNAME`	RH-SSO Realm Admin Username used to create the Client if it doesn’t exist	`${SSO_USERNAME}`
	`SSO_PASSWORD`	RH-SSO Realm Admin Password used to create the Client	`${SSO_PASSWORD}`
	`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	RH-SSO Disable SSL Certificate Validation	`${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}`
	`SSO_PRINCIPAL_ATTRIBUTE`	RH-SSO Principal Attribute to use as username.	`${SSO_PRINCIPAL_ATTRIBUTE}`
	`HOSTNAME_HTTP`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`
`HOSTNAME_HTTPS`	Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTPS}`
`AUTH_LDAP_URL`	LDAP Endpoint to connect for authentication	`${AUTH_LDAP_URL}`
`AUTH_LDAP_BIND_DN`	Bind DN used for authentication	`${AUTH_LDAP_BIND_DN}`
`AUTH_LDAP_BIND_CREDENTIAL`	LDAP Credentials used for authentication	`${AUTH_LDAP_BIND_CREDENTIAL}`
`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.	`${AUTH_LDAP_JAAS_SECURITY_DOMAIN}`
`AUTH_LDAP_BASE_CTX_DN`	LDAP Base DN of the top-level context to begin the user search.	`${AUTH_LDAP_BASE_CTX_DN}`
`AUTH_LDAP_BASE_FILTER`	LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).	`${AUTH_LDAP_BASE_FILTER}`
`AUTH_LDAP_SEARCH_SCOPE`	The search scope to use.	`${AUTH_LDAP_SEARCH_SCOPE}`
`AUTH_LDAP_SEARCH_TIME_LIMIT`	The timeout in milliseconds for user or role searches.	`${AUTH_LDAP_SEARCH_TIME_LIMIT}`
`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.	`${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}`
`AUTH_LDAP_PARSE_USERNAME`	A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString.	`${AUTH_LDAP_PARSE_USERNAME}`
`AUTH_LDAP_USERNAME_BEGIN_STRING`	Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_BEGIN_STRING}`
`AUTH_LDAP_USERNAME_END_STRING`	Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_END_STRING}`
`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	Name of the attribute containing the user roles.	`${AUTH_LDAP_ROLE_ATTRIBUTE_ID}`
`AUTH_LDAP_ROLES_CTX_DN`	The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.	`${AUTH_LDAP_ROLES_CTX_DN}`
`AUTH_LDAP_ROLE_FILTER`	A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).	`${AUTH_LDAP_ROLE_FILTER}`
`AUTH_LDAP_ROLE_RECURSION`	The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.	`${AUTH_LDAP_ROLE_RECURSION}`
`AUTH_LDAP_DEFAULT_ROLE`	A role included for all authenticated users	`${AUTH_LDAP_DEFAULT_ROLE}`
`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.	`${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}`
`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.	`${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}`
`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.	`${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}`
`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.	`${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}`
`${APPLICATION_NAME}-mysql`	`MYSQL_USER`	KIE server MySQL database username	`${KIE_SERVER_MYSQL_USER}`
	`MYSQL_PASSWORD`	—	`${KIE_SERVER_MYSQL_PWD}`
	`MYSQL_DATABASE`	—	`${KIE_SERVER_MYSQL_DB}`

4.4.2.3.3.7. Volumes
复制链接

Expand

Deployment	Name	mountPath	Purpose	readOnly
`${APPLICATION_NAME}-kieserver`	kieserver-keystore-volume	`/etc/kieserver-secret-volume`	ssl certs	True
`${APPLICATION_NAME}-mysql`	`${APPLICATION_NAME}-mysql-pvol`	`/var/lib/mysql/data`	mysql	false

4.4.2.4. External Dependencies
复制链接

4.4.2.4.1. Volume Claims
复制链接

Expand

Name	Access Mode
`${APPLICATION_NAME}-mysql-claim`	ReadWriteOnce

4.4.2.4.2. Secrets
复制链接

This template requires the following secrets to be installed for the application to run.

kieserver-app-secret

4.5. rhpam71-kieserver-postgresql
复制链接

Application template for a managed KIE Server with a PostgreSQL database, for Red Hat Process Automation Manager 7.1

4.5.1. Parameters
复制链接

Expand

Variable name	Image Environment Variable	Description	Example value	Required
`APPLICATION_NAME`	—	The name for the application.	myapp	True
`MAVEN_REPO_ID`	`EXTERNAL_MAVEN_REPO_ID`	The id to use for the maven repository, if set. Default is generated randomly.	`${MAVEN_REPO_ID}`	False
`MAVEN_REPO_URL`	`EXTERNAL_MAVEN_REPO_URL`	Fully qualified URL to a Maven repository or service.	`${MAVEN_REPO_URL}`	True
`MAVEN_REPO_USERNAME`	`RHPAMCENTR_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_USERNAME}`	False
`MAVEN_REPO_PASSWORD`	`RHPAMCENTR_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_PASSWORD}`	False
`BUSINESS_CENTRAL_MAVEN_SERVICE`	—	The service name for the optional business central, where it can be reached, to allow service lookups (for maven repo usage), if required	—	False
`BUSINESS_CENTRAL_MAVEN_USERNAME`	—	Username to access the Maven service hosted by Business Central inside EAP.	—	False
`BUSINESS_CENTRAL_MAVEN_PASSWORD`	—	Password to access the Maven service hosted by Business Central inside EAP.	—	False
`KIE_ADMIN_USER`	`KIE_ADMIN_USER`	KIE administrator username	adminUser	False
`KIE_ADMIN_PWD`	`KIE_ADMIN_PWD`	KIE administrator password	`${KIE_ADMIN_PWD}`	False
`KIE_SERVER_USER`	`KIE_SERVER_USER`	KIE server username (Sets the org.kie.server.user system property)	executionUser	False
`KIE_SERVER_PWD`	`KIE_SERVER_PWD`	KIE server password (Sets the org.kie.server.pwd system property)	`${KIE_SERVER_PWD}`	False
`IMAGE_STREAM_NAMESPACE`	—	Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you’ve installed the ImageStreams in a different namespace/project.	openshift	True
`KIE_SERVER_IMAGE_STREAM_NAME`	—	The name of the image stream to use for KIE server. Default is "rhpam71-kieserver-openshift".	rhpam71-kieserver-openshift	True
`IMAGE_STREAM_TAG`	—	A named pointer to an image in an image stream. Default is "1.1".	1.1	True
`KIE_SERVER_ROUTER_SERVICE`	`KIE_SERVER_ROUTER_SERVICE`	The service name for the optional smart router, where it can be reached, to allow smart routing	`${KIE_SERVER_ROUTER_SERVICE}`	False
`KIE_SERVER_ROUTER_HOST`	`KIE_SERVER_ROUTER_HOST`	The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name	`${KIE_SERVER_ROUTER_HOST}`	False
`KIE_SERVER_ROUTER_PORT`	`KIE_SERVER_ROUTER_PORT`	Port in which the smart router server listens (router property org.kie.server.router.port)	`${KIE_SERVER_ROUTER_PORT}`	False
`KIE_SERVER_ROUTER_PROTOCOL`	`KIE_SERVER_ROUTER_PROTOCOL`	KIE server router protocol (Used to build the org.kie.server.router.url.external property)	`${KIE_SERVER_ROUTER_PROTOCOL}`	False
`KIE_SERVER_CONTROLLER_USER`	`KIE_SERVER_CONTROLLER_USER`	KIE server controller username (Sets the org.kie.server.controller.user system property)	controllerUser	False
`KIE_SERVER_CONTROLLER_PWD`	`KIE_SERVER_CONTROLLER_PWD`	KIE server controller password (Sets the org.kie.server.controller.pwd system property)	`${KIE_SERVER_CONTROLLER_PWD}`	False
`KIE_SERVER_CONTROLLER_TOKEN`	`KIE_SERVER_CONTROLLER_TOKEN`	KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property)	`${KIE_SERVER_CONTROLLER_TOKEN}`	False
`KIE_SERVER_CONTROLLER_SERVICE`	`KIE_SERVER_CONTROLLER_SERVICE`	The service name for the optional business central monitor, where it can be reached to allow service lookup, and registered with to allow monitoring console functionality (If set, will be used to discover host and port)	`${KIE_SERVER_CONTROLLER_SERVICE}`	False
`KIE_SERVER_CONTROLLER_HOST`	`KIE_SERVER_CONTROLLER_HOST`	KIE server controller host (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_HOST}`	False
`KIE_SERVER_CONTROLLER_PORT`	`KIE_SERVER_CONTROLLER_PORT`	KIE server controller port (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_PORT}`	False
`KIE_SERVER_PERSISTENCE_DS`	`KIE_SERVER_PERSISTENCE_DS`	KIE server persistence datasource (Sets the org.kie.server.persistence.ds system property)	java:/jboss/datasources/rhpam	False
`KIE_SERVER_POSTGRESQL_USER`	`POSTGRESQL_USER`	KIE server PostgreSQL database username	rhpam	False
`KIE_SERVER_POSTGRESQL_PWD`	—	KIE server PostgreSQL database password	—	False
`KIE_SERVER_POSTGRESQL_DB`	—	KIE server PostgreSQL database name	rhpam7	False
`POSTGRESQL_IMAGE_STREAM_NAMESPACE`	—	Namespace in which the ImageStream for the PostgreSQL image is installed. The ImageStream is already installed in the openshift namespace. You should only need to modify this if you’ve installed the ImageStream in a different namespace/project. Default is "openshift".	openshift	False
`POSTGRESQL_IMAGE_STREAM_TAG`	—	The PostgreSQL image version, which is intended to correspond to the PostgreSQL version. Default is "9.6".	9.6	False
`POSTGRESQL_MAX_PREPARED_TRANSACTIONS`	`POSTGRESQL_MAX_PREPARED_TRANSACTIONS`	Allows the PostgreSQL to handle XA transactions.	100	True
`DB_VOLUME_CAPACITY`	—	Size of persistent storage for database volume.	1Gi	True
`DROOLS_SERVER_FILTER_CLASSES`	`DROOLS_SERVER_FILTER_CLASSES`	KIE server class filtering (Sets the org.drools.server.filter.classes system property)	true	False
`KIE_MBEANS`	`KIE_MBEANS`	KIE server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)	enabled	False
`KIE_SERVER_HOSTNAME_HTTP`	`KIE_SERVER_HOST`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`	False
`KIE_SERVER_HOSTNAME_HTTPS`	`KIE_SERVER_HOST`	Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`	False
`KIE_SERVER_USE_SECURE_ROUTE_NAME`	`KIE_SERVER_USE_SECURE_ROUTE_NAME`	Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value.	false	False
`KIE_SERVER_HTTPS_SECRET`	—	The name of the secret containing the keystore file	—	True
`KIE_SERVER_HTTPS_KEYSTORE`	`HTTPS_KEYSTORE`	The name of the keystore file within the secret	keystore.jks	False
`KIE_SERVER_HTTPS_NAME`	`HTTPS_NAME`	The name associated with the server certificate	jboss	False
`KIE_SERVER_HTTPS_PASSWORD`	`HTTPS_PASSWORD`	The password for the keystore and certificate	mykeystorepass	False
`KIE_SERVER_BYPASS_AUTH_USER`	`KIE_SERVER_BYPASS_AUTH_USER`	KIE server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)	false	False
`TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL`	`TIMER_SERVICE_DATA_STORE`	Sets refresh-interval for the EJB timer database data-store service.	30000	False
`KIE_SERVER_MEMORY_LIMIT`	—	KIE server Container memory limit	1Gi	False
`KIE_SERVER_CONTAINER_DEPLOYMENT`	`KIE_SERVER_CONTAINER_DEPLOYMENT`	KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version\|c2=g2:a2:v2	`${KIE_SERVER_CONTAINER_DEPLOYMENT}`	False
`KIE_SERVER_MGMT_DISABLED`	`KIE_SERVER_MGMT_DISABLED`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable	`${KIE_SERVER_MGMT_DISABLED}`	False
`KIE_SERVER_STARTUP_STRATEGY`	`KIE_SERVER_STARTUP_STRATEGY`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable.	`${KIE_SERVER_STARTUP_STRATEGY}`	False
`SSO_URL`	`SSO_URL`	RH-SSO URL	`${SSO_URL}`	False
`SSO_REALM`	`SSO_REALM`	RH-SSO Realm name	`${SSO_REALM}`	False
`KIE_SERVER_SSO_CLIENT`	`SSO_CLIENT`	KIE Server RH-SSO Client name	`${KIE_SERVER_SSO_CLIENT}`	False
`KIE_SERVER_SSO_SECRET`	`SSO_SECRET`	KIE Server RH-SSO Client Secret	`${KIE_SERVER_SSO_SECRET}`	False
`SSO_USERNAME`	`SSO_USERNAME`	RH-SSO Realm Admin Username used to create the Client if it doesn’t exist	`${SSO_USERNAME}`	False
`SSO_PASSWORD`	`SSO_PASSWORD`	RH-SSO Realm Admin Password used to create the Client	`${SSO_PASSWORD}`	False
`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	RH-SSO Disable SSL Certificate Validation	false	False
`SSO_PRINCIPAL_ATTRIBUTE`	`SSO_PRINCIPAL_ATTRIBUTE`	RH-SSO Principal Attribute to use as username.	preferred_username	False
`AUTH_LDAP_URL`	`AUTH_LDAP_URL`	LDAP Endpoint to connect for authentication	`${AUTH_LDAP_URL}`	False
`AUTH_LDAP_BIND_DN`	`AUTH_LDAP_BIND_DN`	Bind DN used for authentication	`${AUTH_LDAP_BIND_DN}`	False
`AUTH_LDAP_BIND_CREDENTIAL`	`AUTH_LDAP_BIND_CREDENTIAL`	LDAP Credentials used for authentication	`${AUTH_LDAP_BIND_CREDENTIAL}`	False
`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.	`${AUTH_LDAP_JAAS_SECURITY_DOMAIN}`	False
`AUTH_LDAP_BASE_CTX_DN`	`AUTH_LDAP_BASE_CTX_DN`	LDAP Base DN of the top-level context to begin the user search.	`${AUTH_LDAP_BASE_CTX_DN}`	False
`AUTH_LDAP_BASE_FILTER`	`AUTH_LDAP_BASE_FILTER`	LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).	`${AUTH_LDAP_BASE_FILTER}`	False
`AUTH_LDAP_SEARCH_SCOPE`	`AUTH_LDAP_SEARCH_SCOPE`	The search scope to use.	`${AUTH_LDAP_SEARCH_SCOPE}`	False
`AUTH_LDAP_SEARCH_TIME_LIMIT`	`AUTH_LDAP_SEARCH_TIME_LIMIT`	The timeout in milliseconds for user or role searches.	`${AUTH_LDAP_SEARCH_TIME_LIMIT}`	False
`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.	`${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}`	False
`AUTH_LDAP_PARSE_USERNAME`	`AUTH_LDAP_PARSE_USERNAME`	A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString.	`${AUTH_LDAP_PARSE_USERNAME}`	False
`AUTH_LDAP_USERNAME_BEGIN_STRING`	`AUTH_LDAP_USERNAME_BEGIN_STRING`	Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_BEGIN_STRING}`	False
`AUTH_LDAP_USERNAME_END_STRING`	`AUTH_LDAP_USERNAME_END_STRING`	Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_END_STRING}`	False
`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	Name of the attribute containing the user roles.	`${AUTH_LDAP_ROLE_ATTRIBUTE_ID}`	False
`AUTH_LDAP_ROLES_CTX_DN`	`AUTH_LDAP_ROLES_CTX_DN`	The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.	`${AUTH_LDAP_ROLES_CTX_DN}`	False
`AUTH_LDAP_ROLE_FILTER`	`AUTH_LDAP_ROLE_FILTER`	A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).	`${AUTH_LDAP_ROLE_FILTER}`	False
`AUTH_LDAP_ROLE_RECURSION`	`AUTH_LDAP_ROLE_RECURSION`	The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.	`${AUTH_LDAP_ROLE_RECURSION}`	False
`AUTH_LDAP_DEFAULT_ROLE`	`AUTH_LDAP_DEFAULT_ROLE`	A role included for all authenticated users	`${AUTH_LDAP_DEFAULT_ROLE}`	False
`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.	`${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}`	False
`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.	`${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}`	False
`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.	`${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}`	False
`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.	`${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}`	False

4.5.2. Objects
复制链接

The CLI supports various object types. A list of these object types as well as their abbreviations can be found in the Openshift documentation.

4.5.2.1. Services
复制链接

A service is an abstraction which defines a logical set of pods and a policy by which to access them. Refer to the container-engine documentation for more information.

Expand

Service	Port	Name	Description
`${APPLICATION_NAME}-kieserver`	8080	http	All the KIE server web server’s ports.
`${APPLICATION_NAME}-kieserver`	8443	https	All the KIE server web server’s ports.
`${APPLICATION_NAME}-kieserver-ping`	8888	ping	The JGroups ping port for clustering.
`${APPLICATION_NAME}-postgresql`	5432	—	The database server’s port.

4.5.2.2. Routes
复制链接

Expand

Service	Security	Hostname
`${APPLICATION_NAME}-kieserver-http`	none	`${KIE_SERVER_HOSTNAME_HTTP}`
`${APPLICATION_NAME}-kieserver-https`	TLS passthrough	`${KIE_SERVER_HOSTNAME_HTTPS}`

4.5.2.3. Deployment Configurations
复制链接

4.5.2.3.1. Triggers
复制链接

A trigger drives the creation of new deployments in response to events, both inside and outside OpenShift. Refer to the Openshift documentation for more information.

Expand

Deployment	Triggers
`${APPLICATION_NAME}-kieserver`	ImageChange
`${APPLICATION_NAME}-postgresql`	ImageChange

4.5.2.3.2. Replicas
复制链接

Expand

Deployment	Replicas
`${APPLICATION_NAME}-kieserver`	1
`${APPLICATION_NAME}-postgresql`	1

4.5.2.3.3. Pod Template
复制链接

4.5.2.3.3.1. Service Accounts
复制链接

Service accounts are API objects that exist within each project. They can be created or deleted like any other API object. Refer to the Openshift documentation for more information.

Expand

Deployment	Service Account
`${APPLICATION_NAME}-kieserver`	`${APPLICATION_NAME}-kieserver`

4.5.2.3.3.2. Image
复制链接

Expand

Deployment	Image
`${APPLICATION_NAME}-kieserver`	`${KIE_SERVER_IMAGE_STREAM_NAME}`
`${APPLICATION_NAME}-postgresql`	postgresql

4.5.2.3.3.3. Readiness Probe
复制链接

${APPLICATION_NAME}-kieserver

/bin/bash -c curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck

${APPLICATION_NAME}-postgresql

/usr/libexec/check-container

4.5.2.3.3.4. Liveness Probe
复制链接

${APPLICATION_NAME}-kieserver

/bin/bash -c curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck

${APPLICATION_NAME}-postgresql

/usr/libexec/check-container

4.5.2.3.3.5. Exposed Ports
复制链接

Expand

Deployments	Name	Port	Protocol
`${APPLICATION_NAME}-kieserver`	jolokia	8778	`TCP`
	http	8080	`TCP`
	https	8443	`TCP`
	ping	8888	`TCP`
`${APPLICATION_NAME}-postgresql`	—	5432	`TCP`

4.5.2.3.3.6. Image Environment Variables
复制链接

Expand

Deployment	Variable name	Description	Example value
`${APPLICATION_NAME}-kieserver`	`DROOLS_SERVER_FILTER_CLASSES`	KIE server class filtering (Sets the org.drools.server.filter.classes system property)	`${DROOLS_SERVER_FILTER_CLASSES}`
	`KIE_ADMIN_USER`	KIE administrator username	`${KIE_ADMIN_USER}`
	`KIE_ADMIN_PWD`	KIE administrator password	`${KIE_ADMIN_PWD}`
	`KIE_MBEANS`	KIE server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)	`${KIE_MBEANS}`
	`KIE_SERVER_BYPASS_AUTH_USER`	KIE server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)	`${KIE_SERVER_BYPASS_AUTH_USER}`
	`KIE_SERVER_CONTROLLER_USER`	KIE server controller username (Sets the org.kie.server.controller.user system property)	`${KIE_SERVER_CONTROLLER_USER}`
	`KIE_SERVER_CONTROLLER_PWD`	KIE server controller password (Sets the org.kie.server.controller.pwd system property)	`${KIE_SERVER_CONTROLLER_PWD}`
	`KIE_SERVER_CONTROLLER_TOKEN`	KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property)	`${KIE_SERVER_CONTROLLER_TOKEN}`
	`KIE_SERVER_CONTROLLER_SERVICE`	The service name for the optional business central monitor, where it can be reached to allow service lookup, and registered with to allow monitoring console functionality (If set, will be used to discover host and port)	`${KIE_SERVER_CONTROLLER_SERVICE}`
	`KIE_SERVER_CONTROLLER_PROTOCOL`	—	ws
	`KIE_SERVER_CONTROLLER_HOST`	KIE server controller host (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_HOST}`
	`KIE_SERVER_CONTROLLER_PORT`	KIE server controller port (Used to set the org.kie.server.controller system property)	`${KIE_SERVER_CONTROLLER_PORT}`
	`KIE_SERVER_ID`	—	`${APPLICATION_NAME}-kieserver`
	`KIE_SERVER_HOST`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`
	`KIE_SERVER_ROUTE_NAME`	—	`${APPLICATION_NAME}-kieserver`
	`KIE_SERVER_USE_SECURE_ROUTE_NAME`	Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value.	`${KIE_SERVER_USE_SECURE_ROUTE_NAME}`
	`KIE_SERVER_USER`	KIE server username (Sets the org.kie.server.user system property)	`${KIE_SERVER_USER}`
	`KIE_SERVER_PWD`	KIE server password (Sets the org.kie.server.pwd system property)	`${KIE_SERVER_PWD}`
	`KIE_SERVER_CONTAINER_DEPLOYMENT`	KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version\|c2=g2:a2:v2	`${KIE_SERVER_CONTAINER_DEPLOYMENT}`
	`MAVEN_REPOS`	—	RHPAMCENTR,EXTERNAL
	`RHPAMCENTR_MAVEN_REPO_SERVICE`	—	`${BUSINESS_CENTRAL_MAVEN_SERVICE}`
	`RHPAMCENTR_MAVEN_REPO_PATH`	—	`/maven2/`
	`RHPAMCENTR_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_USERNAME}`
	`RHPAMCENTR_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${BUSINESS_CENTRAL_MAVEN_PASSWORD}`
	`EXTERNAL_MAVEN_REPO_ID`	The id to use for the maven repository, if set. Default is generated randomly.	`${MAVEN_REPO_ID}`
	`EXTERNAL_MAVEN_REPO_URL`	Fully qualified URL to a Maven repository or service.	`${MAVEN_REPO_URL}`
	`EXTERNAL_MAVEN_REPO_USERNAME`	Username to access the Maven repository, if required.	`${MAVEN_REPO_USERNAME}`
	`EXTERNAL_MAVEN_REPO_PASSWORD`	Password to access the Maven repository, if required.	`${MAVEN_REPO_PASSWORD}`
	`KIE_SERVER_ROUTER_SERVICE`	The service name for the optional smart router, where it can be reached, to allow smart routing	`${KIE_SERVER_ROUTER_SERVICE}`
	`KIE_SERVER_ROUTER_HOST`	The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name	`${KIE_SERVER_ROUTER_HOST}`
	`KIE_SERVER_ROUTER_PORT`	Port in which the smart router server listens (router property org.kie.server.router.port)	`${KIE_SERVER_ROUTER_PORT}`
	`KIE_SERVER_ROUTER_PROTOCOL`	KIE server router protocol (Used to build the org.kie.server.router.url.external property)	`${KIE_SERVER_ROUTER_PROTOCOL}`
	`KIE_SERVER_MGMT_DISABLED`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable	`${KIE_SERVER_MGMT_DISABLED}`
	`KIE_SERVER_STARTUP_STRATEGY`	When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable.	`${KIE_SERVER_STARTUP_STRATEGY}`
	`KIE_SERVER_PERSISTENCE_DS`	KIE server persistence datasource (Sets the org.kie.server.persistence.ds system property)	`${KIE_SERVER_PERSISTENCE_DS}`
	`DATASOURCES`	—	`RHPAM`
	`RHPAM_DATABASE`	—	`${KIE_SERVER_POSTGRESQL_DB}`
	`RHPAM_DRIVER`	—	postgresql
	`RHPAM_USERNAME`	—	`${KIE_SERVER_POSTGRESQL_USER}`
	`RHPAM_PASSWORD`	—	`${KIE_SERVER_POSTGRESQL_PWD}`
	`RHPAM_SERVICE_HOST`	—	`${APPLICATION_NAME}-postgresql`
	`RHPAM_SERVICE_PORT`	—	5432
	`TIMER_SERVICE_DATA_STORE`	Sets refresh-interval for the EJB timer database data-store service.	`${APPLICATION_NAME}-postgresql`
	`KIE_SERVER_PERSISTENCE_DIALECT`	—	org.hibernate.dialect.PostgreSQLDialect
	`RHPAM_JTA`	—	true
	`RHPAM_JNDI`	—	`${KIE_SERVER_PERSISTENCE_DS}`
	`TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL`	Sets refresh-interval for the EJB timer database data-store service.	`${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}`
	`HTTPS_KEYSTORE_DIR`	—	`/etc/kieserver-secret-volume`
	`HTTPS_KEYSTORE`	The name of the keystore file within the secret	`${KIE_SERVER_HTTPS_KEYSTORE}`
	`HTTPS_NAME`	The name associated with the server certificate	`${KIE_SERVER_HTTPS_NAME}`
	`HTTPS_PASSWORD`	The password for the keystore and certificate	`${KIE_SERVER_HTTPS_PASSWORD}`
	`JGROUPS_PING_PROTOCOL`	—	openshift.DNS_PING
	`OPENSHIFT_DNS_PING_SERVICE_NAME`	—	`${APPLICATION_NAME}-kieserver-ping`
	`OPENSHIFT_DNS_PING_SERVICE_PORT`	—	8888
	`SSO_URL`	RH-SSO URL	`${SSO_URL}`
	`SSO_OPENIDCONNECT_DEPLOYMENTS`	—	ROOT.war
	`SSO_REALM`	RH-SSO Realm name	`${SSO_REALM}`
	`SSO_SECRET`	KIE Server RH-SSO Client Secret	`${KIE_SERVER_SSO_SECRET}`
	`SSO_CLIENT`	KIE Server RH-SSO Client name	`${KIE_SERVER_SSO_CLIENT}`
	`SSO_USERNAME`	RH-SSO Realm Admin Username used to create the Client if it doesn’t exist	`${SSO_USERNAME}`
	`SSO_PASSWORD`	RH-SSO Realm Admin Password used to create the Client	`${SSO_PASSWORD}`
	`SSO_DISABLE_SSL_CERTIFICATE_VALIDATION`	RH-SSO Disable SSL Certificate Validation	`${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}`
	`SSO_PRINCIPAL_ATTRIBUTE`	RH-SSO Principal Attribute to use as username.	`${SSO_PRINCIPAL_ATTRIBUTE}`
	`HOSTNAME_HTTP`	Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTP}`
`HOSTNAME_HTTPS`	Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>	`${KIE_SERVER_HOSTNAME_HTTPS}`
`AUTH_LDAP_URL`	LDAP Endpoint to connect for authentication	`${AUTH_LDAP_URL}`
`AUTH_LDAP_BIND_DN`	Bind DN used for authentication	`${AUTH_LDAP_BIND_DN}`
`AUTH_LDAP_BIND_CREDENTIAL`	LDAP Credentials used for authentication	`${AUTH_LDAP_BIND_CREDENTIAL}`
`AUTH_LDAP_JAAS_SECURITY_DOMAIN`	The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.	`${AUTH_LDAP_JAAS_SECURITY_DOMAIN}`
`AUTH_LDAP_BASE_CTX_DN`	LDAP Base DN of the top-level context to begin the user search.	`${AUTH_LDAP_BASE_CTX_DN}`
`AUTH_LDAP_BASE_FILTER`	LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).	`${AUTH_LDAP_BASE_FILTER}`
`AUTH_LDAP_SEARCH_SCOPE`	The search scope to use.	`${AUTH_LDAP_SEARCH_SCOPE}`
`AUTH_LDAP_SEARCH_TIME_LIMIT`	The timeout in milliseconds for user or role searches.	`${AUTH_LDAP_SEARCH_TIME_LIMIT}`
`AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE`	The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.	`${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}`
`AUTH_LDAP_PARSE_USERNAME`	A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString.	`${AUTH_LDAP_PARSE_USERNAME}`
`AUTH_LDAP_USERNAME_BEGIN_STRING`	Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_BEGIN_STRING}`
`AUTH_LDAP_USERNAME_END_STRING`	Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.	`${AUTH_LDAP_USERNAME_END_STRING}`
`AUTH_LDAP_ROLE_ATTRIBUTE_ID`	Name of the attribute containing the user roles.	`${AUTH_LDAP_ROLE_ATTRIBUTE_ID}`
`AUTH_LDAP_ROLES_CTX_DN`	The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.	`${AUTH_LDAP_ROLES_CTX_DN}`
`AUTH_LDAP_ROLE_FILTER`	A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).	`${AUTH_LDAP_ROLE_FILTER}`
`AUTH_LDAP_ROLE_RECURSION`	The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.	`${AUTH_LDAP_ROLE_RECURSION}`
`AUTH_LDAP_DEFAULT_ROLE`	A role included for all authenticated users	`${AUTH_LDAP_DEFAULT_ROLE}`
`AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID`	Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.	`${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}`
`AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN`	A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.	`${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}`
`AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN`	Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.	`${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}`
`AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK`	If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.	`${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}`
`${APPLICATION_NAME}-postgresql`	`POSTGRESQL_USER`	KIE server PostgreSQL database username	`${KIE_SERVER_POSTGRESQL_USER}`
	`POSTGRESQL_PASSWORD`	—	`${KIE_SERVER_POSTGRESQL_PWD}`
	`POSTGRESQL_DATABASE`	—	`${KIE_SERVER_POSTGRESQL_DB}`
	`POSTGRESQL_MAX_PREPARED_TRANSACTIONS`	Allows the PostgreSQL to handle XA transactions.	`${POSTGRESQL_MAX_PREPARED_TRANSACTIONS}`

4.5.2.3.3.7. Volumes
复制链接

Expand

Deployment	Name	mountPath	Purpose	readOnly
`${APPLICATION_NAME}-kieserver`	kieserver-keystore-volume	`/etc/kieserver-secret-volume`	ssl certs	True
`${APPLICATION_NAME}-postgresql`	`${APPLICATION_NAME}-postgresql-pvol`	`/var/lib/pgsql/data`	postgresql	false

4.5.2.4. External Dependencies
复制链接

4.5.2.4.1. Volume Claims
复制链接

Expand

Name	Access Mode
`${APPLICATION_NAME}-postgresql-claim`	ReadWriteOnce

4.5.2.4.2. Secrets
复制链接

This template requires the following secrets to be installed for the application to run.

kieserver-app-secret

4.6. OpenShift usage quick reference
复制链接

To deploy, monitor, manage, and undeploy Red Hat Process Automation Manager templates on Red Hat OpenShift Container Platform, you can use the OpenShift Web console or the oc command.

For instructions about using the Web console, see Create and build an image using the Web console.

For detailed instructions about using the oc command, see CLI Reference. The following commands are likely to be required:

To create a project, use the following command:
```
$ oc new-project <project-name>
```
For more information, see Creating a project using the CLI.
To deploy a template (create an application from a template), use the following command:
```
$ oc new-app -f <template-name> -p <parameter>=<value> -p <parameter>=<value> ...
```
For more information, see Creating an application using the CLI.
To view a list of the active pods in the project, use the following command:
```
$ oc get pods
```
To view the current status of a pod, including information whether or not the pod deployment has completed and it is now in a running state, use the following command:
```
$ oc describe pod <pod-name>
```
You can also use the oc describe command to view the current status of other objects. For more information, see Application modification operations.
To view the logs for a pod, use the following command:
```
$ oc logs <pod-name>
```
To view deployment logs, look up a DeploymentConfig name in the template reference and run the following command:
```
$ oc logs -f dc/<deployment-config-name>
```
For more information, see Viewing deployment logs.
To view build logs, look up a BuildConfig name in the template reference and run the command:
```
$ oc logs -f bc/<build-config-name>
```
For more information, see Accessing build logs.
To scale a pod in the application, look up a DeploymentConfig name in the template reference and run the command:
```
$ oc scale dc/<deployment-config-name> --replicas=<number>
```
For more information, see Manual scaling.
To undeploy the application, you can delete the project by using the command:
```
$ oc delete project <project-name>
```
Alternatively, you can use the oc delete command to remove any part of the application, such as a pod or replication controller. For details, see Application modification CLI operation.

此内容没有您所选择的语言版本。

Chapter 4. OpenShift template reference information

4.1. rhpam71-prod-immutable-monitor复制链接链接已复制到粘贴板!

4.1.1. Parameters复制链接链接已复制到粘贴板!

4.1.2. Objects复制链接链接已复制到粘贴板!

4.1.2.1. Services复制链接链接已复制到粘贴板!

4.1.2.2. Routes复制链接链接已复制到粘贴板!

4.1.2.3. Deployment Configurations复制链接链接已复制到粘贴板!

4.1.2.3.1. Triggers复制链接链接已复制到粘贴板!

4.1.2.3.2. Replicas复制链接链接已复制到粘贴板!

4.1.2.3.3. Pod Template复制链接链接已复制到粘贴板!

4.1.2.3.3.1. Image复制链接链接已复制到粘贴板!

4.1.2.3.3.2. Readiness Probe复制链接链接已复制到粘贴板!

4.1.2.3.3.3. Liveness Probe复制链接链接已复制到粘贴板!

4.1.2.3.3.4. Exposed Ports复制链接链接已复制到粘贴板!

4.1.2.3.3.5. Image Environment Variables复制链接链接已复制到粘贴板!

4.1.2.3.3.6. Volumes复制链接链接已复制到粘贴板!

4.1.2.4. External Dependencies复制链接链接已复制到粘贴板!

4.1.2.4.1. Volume Claims复制链接链接已复制到粘贴板!

4.2. rhpam71-prod-immutable-kieserver复制链接链接已复制到粘贴板!

4.2.1. Parameters复制链接链接已复制到粘贴板!

4.2.2. Objects复制链接链接已复制到粘贴板!

4.2.2.1. Services复制链接链接已复制到粘贴板!

4.2.2.2. Routes复制链接链接已复制到粘贴板!

4.2.2.3. Build Configurations复制链接链接已复制到粘贴板!

4.2.2.4. Deployment Configurations复制链接链接已复制到粘贴板!

4.2.2.4.1. Triggers复制链接链接已复制到粘贴板!

4.2.2.4.2. Replicas复制链接链接已复制到粘贴板!

4.2.2.4.3. Pod Template复制链接链接已复制到粘贴板!

4.2.2.4.3.1. Service Accounts复制链接链接已复制到粘贴板!

4.2.2.4.3.2. Image复制链接链接已复制到粘贴板!

4.2.2.4.3.3. Readiness Probe复制链接链接已复制到粘贴板!

4.2.2.4.3.4. Liveness Probe复制链接链接已复制到粘贴板!

4.2.2.4.3.5. Exposed Ports复制链接链接已复制到粘贴板!

4.2.2.4.3.6. Image Environment Variables复制链接链接已复制到粘贴板!

4.2.2.4.3.7. Volumes复制链接链接已复制到粘贴板!

4.2.2.5. External Dependencies复制链接链接已复制到粘贴板!

4.2.2.5.1. Volume Claims复制链接链接已复制到粘贴板!

4.2.2.5.2. Secrets复制链接链接已复制到粘贴板!

4.3. rhpam71-kieserver-externaldb复制链接链接已复制到粘贴板!

4.3.1. Parameters复制链接链接已复制到粘贴板!

4.3.2. Objects复制链接链接已复制到粘贴板!

4.3.2.1. Services复制链接链接已复制到粘贴板!

4.3.2.2. Routes复制链接链接已复制到粘贴板!

4.3.2.3. Deployment Configurations复制链接链接已复制到粘贴板!

4.3.2.3.1. Triggers复制链接链接已复制到粘贴板!

4.3.2.3.2. Replicas复制链接链接已复制到粘贴板!

4.3.2.3.3. Pod Template复制链接链接已复制到粘贴板!

4.3.2.3.3.1. Service Accounts复制链接链接已复制到粘贴板!

4.3.2.3.3.2. Image复制链接链接已复制到粘贴板!

4.3.2.3.3.3. Readiness Probe复制链接链接已复制到粘贴板!

4.3.2.3.3.4. Liveness Probe复制链接链接已复制到粘贴板!

4.3.2.3.3.5. Exposed Ports复制链接链接已复制到粘贴板!

4.3.2.3.3.6. Image Environment Variables复制链接链接已复制到粘贴板!

4.3.2.3.3.7. Volumes复制链接链接已复制到粘贴板!

4.3.2.4. External Dependencies复制链接链接已复制到粘贴板!

4.3.2.4.1. Secrets复制链接链接已复制到粘贴板!

4.4. rhpam71-kieserver-mysql复制链接链接已复制到粘贴板!

4.4.1. Parameters复制链接链接已复制到粘贴板!

4.4.2. Objects复制链接链接已复制到粘贴板!

4.4.2.1. Services复制链接链接已复制到粘贴板!

4.4.2.2. Routes复制链接链接已复制到粘贴板!

4.4.2.3. Deployment Configurations复制链接链接已复制到粘贴板!

4.4.2.3.1. Triggers复制链接链接已复制到粘贴板!

4.4.2.3.2. Replicas复制链接链接已复制到粘贴板!

4.4.2.3.3. Pod Template复制链接链接已复制到粘贴板!

4.4.2.3.3.1. Service Accounts复制链接链接已复制到粘贴板!

4.4.2.3.3.2. Image复制链接链接已复制到粘贴板!

4.4.2.3.3.3. Readiness Probe复制链接链接已复制到粘贴板!

4.4.2.3.3.4. Liveness Probe复制链接链接已复制到粘贴板!

4.4.2.3.3.5. Exposed Ports复制链接链接已复制到粘贴板!

4.4.2.3.3.6. Image Environment Variables复制链接链接已复制到粘贴板!

4.4.2.3.3.7. Volumes复制链接链接已复制到粘贴板!

4.4.2.4. External Dependencies复制链接链接已复制到粘贴板!

4.4.2.4.1. Volume Claims复制链接链接已复制到粘贴板!

4.4.2.4.2. Secrets复制链接链接已复制到粘贴板!

4.5. rhpam71-kieserver-postgresql复制链接链接已复制到粘贴板!

4.5.1. Parameters复制链接链接已复制到粘贴板!

4.5.2. Objects复制链接链接已复制到粘贴板!

4.5.2.1. Services复制链接链接已复制到粘贴板!

4.1. rhpam71-prod-immutable-monitor
复制链接

4.1.1. Parameters
复制链接

4.1.2. Objects
复制链接

4.1.2.1. Services
复制链接

4.1.2.2. Routes
复制链接

4.1.2.3. Deployment Configurations
复制链接

4.1.2.3.1. Triggers
复制链接

4.1.2.3.2. Replicas
复制链接

4.1.2.3.3. Pod Template
复制链接

4.1.2.3.3.1. Image
复制链接

4.1.2.3.3.2. Readiness Probe
复制链接

4.1.2.3.3.3. Liveness Probe
复制链接

4.1.2.3.3.4. Exposed Ports
复制链接

4.1.2.3.3.5. Image Environment Variables
复制链接

4.1.2.3.3.6. Volumes
复制链接

4.1.2.4. External Dependencies
复制链接

4.1.2.4.1. Volume Claims
复制链接

4.2. rhpam71-prod-immutable-kieserver
复制链接

4.2.1. Parameters
复制链接

4.2.2. Objects
复制链接

4.2.2.1. Services
复制链接

4.2.2.2. Routes
复制链接

4.2.2.3. Build Configurations
复制链接

4.2.2.4. Deployment Configurations
复制链接

4.2.2.4.1. Triggers
复制链接

4.2.2.4.2. Replicas
复制链接

4.2.2.4.3. Pod Template
复制链接

4.2.2.4.3.1. Service Accounts
复制链接

4.2.2.4.3.2. Image
复制链接

4.2.2.4.3.3. Readiness Probe
复制链接

4.2.2.4.3.4. Liveness Probe
复制链接

4.2.2.4.3.5. Exposed Ports
复制链接

4.2.2.4.3.6. Image Environment Variables
复制链接

4.2.2.4.3.7. Volumes
复制链接

4.2.2.5. External Dependencies
复制链接

4.2.2.5.1. Volume Claims
复制链接

4.2.2.5.2. Secrets
复制链接

4.3. rhpam71-kieserver-externaldb
复制链接

4.3.1. Parameters
复制链接

4.3.2. Objects
复制链接

4.3.2.1. Services
复制链接

4.3.2.2. Routes
复制链接

4.3.2.3. Deployment Configurations
复制链接

4.3.2.3.1. Triggers
复制链接

4.3.2.3.2. Replicas
复制链接

4.3.2.3.3. Pod Template
复制链接

4.3.2.3.3.1. Service Accounts
复制链接

4.3.2.3.3.2. Image
复制链接

4.3.2.3.3.3. Readiness Probe
复制链接

4.3.2.3.3.4. Liveness Probe
复制链接

4.3.2.3.3.5. Exposed Ports
复制链接

4.3.2.3.3.6. Image Environment Variables
复制链接

4.3.2.3.3.7. Volumes
复制链接

4.3.2.4. External Dependencies
复制链接

4.3.2.4.1. Secrets
复制链接

4.4. rhpam71-kieserver-mysql
复制链接

4.4.1. Parameters
复制链接

4.4.2. Objects
复制链接

4.4.2.1. Services
复制链接

4.4.2.2. Routes
复制链接

4.4.2.3. Deployment Configurations
复制链接

4.4.2.3.1. Triggers
复制链接

4.4.2.3.2. Replicas
复制链接

4.4.2.3.3. Pod Template
复制链接

4.4.2.3.3.1. Service Accounts
复制链接

4.4.2.3.3.2. Image
复制链接

4.4.2.3.3.3. Readiness Probe
复制链接

4.4.2.3.3.4. Liveness Probe
复制链接

4.4.2.3.3.5. Exposed Ports
复制链接

4.4.2.3.3.6. Image Environment Variables
复制链接

4.4.2.3.3.7. Volumes
复制链接

4.4.2.4. External Dependencies
复制链接

4.4.2.4.1. Volume Claims
复制链接

4.4.2.4.2. Secrets
复制链接

4.5. rhpam71-kieserver-postgresql
复制链接

4.5.1. Parameters
复制链接

4.5.2. Objects
复制链接

4.5.2.1. Services
复制链接

4.5.2.2. Routes
复制链接

4.5.2.3. Deployment Configurations
复制链接