From 8d7303d016d42404f642fbd05574eb8660e7560d Mon Sep 17 00:00:00 2001 From: Bill DeCoste Date: Fri, 1 Jul 2016 09:38:42 -0700 Subject: [PATCH] cloud-441 add openwire over ssl --- decisionserver/decisionserver62-amq-s2i.json | 89 +++++++++++++++++++ decisionserver/decisionserver63-amq-s2i.json | 89 +++++++++++++++++++ ...cessserver63-amq-mysql-persistent-s2i.json | 85 ++++++++++++++++++ .../processserver63-amq-mysql-s2i.json | 89 +++++++++++++++++++ ...erver63-amq-postgresql-persistent-s2i.json | 85 ++++++++++++++++++ .../processserver63-amq-postgresql-s2i.json | 89 +++++++++++++++++++ 6 files changed, 526 insertions(+) diff --git a/decisionserver/decisionserver62-amq-s2i.json b/decisionserver/decisionserver62-amq-s2i.json index 11f2be08..20446b38 100644 --- a/decisionserver/decisionserver62-amq-s2i.json +++ b/decisionserver/decisionserver62-amq-s2i.json @@ -162,6 +162,36 @@ "value": "100 gb", "required": false }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, { "description": "GitHub trigger secret", "name": "GITHUB_WEBHOOK_SECRET", @@ -256,6 +286,30 @@ } } }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port." + } + } + }, { "kind": "Route", "apiVersion": "v1", @@ -601,6 +655,13 @@ "name": "${APPLICATION_NAME}-amq", "image": "jboss-amq-62", "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + } + ], "readinessProbe": { "exec": { "command": [ @@ -692,9 +753,37 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" } ] } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + } ] } } diff --git a/decisionserver/decisionserver63-amq-s2i.json b/decisionserver/decisionserver63-amq-s2i.json index 45f58952..8c704599 100644 --- a/decisionserver/decisionserver63-amq-s2i.json +++ b/decisionserver/decisionserver63-amq-s2i.json @@ -156,6 +156,36 @@ "value": "100 gb", "required": false }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, { "description": "GitHub trigger secret", "name": "GITHUB_WEBHOOK_SECRET", @@ -250,6 +280,30 @@ } } }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port." + } + } + }, { "kind": "Route", "apiVersion": "v1", @@ -587,6 +641,13 @@ "name": "${APPLICATION_NAME}-amq", "image": "jboss-amq-62", "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + } + ], "readinessProbe": { "exec": { "command": [ @@ -678,9 +739,37 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" } ] } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + } ] } } diff --git a/processserver/processserver63-amq-mysql-persistent-s2i.json b/processserver/processserver63-amq-mysql-persistent-s2i.json index 2cf175f4..5490b366 100644 --- a/processserver/processserver63-amq-mysql-persistent-s2i.json +++ b/processserver/processserver63-amq-mysql-persistent-s2i.json @@ -252,6 +252,36 @@ "value": "100 gb", "required": false }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, { "description": "GitHub trigger secret", "name": "GITHUB_WEBHOOK_SECRET", @@ -370,6 +400,30 @@ } } }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port." + } + } + }, { "kind": "Route", "apiVersion": "v1", @@ -930,6 +984,11 @@ { "mountPath": "/opt/amq/data", "name": "${APPLICATION_NAME}-amq-pvol" + }, + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true } ], "readinessProbe": { @@ -1027,6 +1086,26 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" } ] } @@ -1037,6 +1116,12 @@ "persistentVolumeClaim": { "claimName": "${APPLICATION_NAME}-amq-claim" } + }, + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } } ] } diff --git a/processserver/processserver63-amq-mysql-s2i.json b/processserver/processserver63-amq-mysql-s2i.json index 5ab894e2..6b7c1305 100644 --- a/processserver/processserver63-amq-mysql-s2i.json +++ b/processserver/processserver63-amq-mysql-s2i.json @@ -246,6 +246,36 @@ "value": "100 gb", "required": false }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, { "description": "GitHub trigger secret", "name": "GITHUB_WEBHOOK_SECRET", @@ -364,6 +394,30 @@ } } }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port." + } + } + }, { "kind": "Route", "apiVersion": "v1", @@ -850,6 +904,13 @@ "name": "${APPLICATION_NAME}-amq", "image": "jboss-amq-62", "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + } + ], "readinessProbe": { "exec": { "command": [ @@ -941,9 +1002,37 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" } ] } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + } ] } } diff --git a/processserver/processserver63-amq-postgresql-persistent-s2i.json b/processserver/processserver63-amq-postgresql-persistent-s2i.json index 01fb29ed..730a2504 100644 --- a/processserver/processserver63-amq-postgresql-persistent-s2i.json +++ b/processserver/processserver63-amq-postgresql-persistent-s2i.json @@ -237,6 +237,36 @@ "value": "100 gb", "required": false }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, { "description": "GitHub trigger secret", "name": "GITHUB_WEBHOOK_SECRET", @@ -355,6 +385,30 @@ } } }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port." + } + } + }, { "kind": "Route", "apiVersion": "v1", @@ -903,6 +957,11 @@ { "mountPath": "/opt/amq/data", "name": "${APPLICATION_NAME}-amq-pvol" + }, + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true } ], "readinessProbe": { @@ -1000,6 +1059,26 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" } ] } @@ -1010,6 +1089,12 @@ "persistentVolumeClaim": { "claimName": "${APPLICATION_NAME}-amq-claim" } + }, + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } } ] } diff --git a/processserver/processserver63-amq-postgresql-s2i.json b/processserver/processserver63-amq-postgresql-s2i.json index 37c19bf1..c0ecd391 100644 --- a/processserver/processserver63-amq-postgresql-s2i.json +++ b/processserver/processserver63-amq-postgresql-s2i.json @@ -231,6 +231,36 @@ "value": "100 gb", "required": false }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, { "description": "GitHub trigger secret", "name": "GITHUB_WEBHOOK_SECRET", @@ -349,6 +379,30 @@ } } }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port." + } + } + }, { "kind": "Route", "apiVersion": "v1", @@ -823,6 +877,13 @@ "name": "${APPLICATION_NAME}-amq", "image": "jboss-amq-62", "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + } + ], "readinessProbe": { "exec": { "command": [ @@ -914,9 +975,37 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" } ] } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + } ] } }