-
Notifications
You must be signed in to change notification settings - Fork 0
/
verifica-firma-eidas-template.yml
363 lines (361 loc) · 11.2 KB
/
verifica-firma-eidas-template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
apiVersion: template.openshift.io/v1
kind: Template
labels:
app: verificafirma-eidas
template: verificafirma-eidas-springboot
metadata:
annotations:
description: |-
Template microservizio verifica firma EIDAS JDK17 OracleDB (vedere https://gitlab.ente.regione.emr.it/parer/okd/verificafirma-eidas.git)
iconClass: icon-spring
openshift.io/display-name: Microservice EIDAS
openshift.io/documentation-url: https://gitlab.ente.regione.emr.it/parer/okd/verificafirma-eidas
openshift.io/long-description: Il template fornisce la creazione del microservizio EIDAS (effimero DB H2 su disco)
openshift.io/provider-display-name: Parer (Regione Emilia Romagna)
openshift.io/support-url: https://gitlab.ente.regione.emr.it/parer
tags: springboot,eidas
template.openshift.io/bindable: "false"
name: verificafirma-eidas-springboot
objects:
- apiVersion: v1
kind: Secret
metadata:
name: verificafirma-eidas-secrets
stringData:
admin-password: ${ADMIN_PASSWORD}
admin-user: ${ADMIN_USER}
database-url: ${DB_URL}
database-password: ${DB_PASSWORD}
database-user: ${DB_USER}
type: Opaque
- apiVersion: v1
kind: Secret
data:
.dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeS5lbnRlLnJlZ2lvbmUuZW1yLml0L3BhcmVyLyI6eyJ1c2VybmFtZSI6Im9rZF9kZXBsb3kiLCJwYXNzd29yZCI6IlhUWkJ5V1lBQnZ4UVVMOFdreHFxIiwiZW1haWwiOiJnaXRsYWJAZGVwbG95LmxvY2FsIn19fQ==
metadata:
name: gitlab-registry-token
type: kubernetes.io/dockerconfigjson
- apiVersion: v1
kind: ConfigMap
data:
application-${PROFILE}.yaml: |-
server:
port: 8080
tomcat:
accesslog:
enabled: false
directory: /dev
prefix: stdout
buffered: false
suffix:
file-date-format:
#accept-count: 200
#threads:
# max: 300
spring:
#profiles:
#active: prod
security:
user:
name: ${ADMIN_USER}
password: ${ADMIN_PWD}
roles: ADMIN
datasource:
url: ${DB_URL}
driver-class-name: oracle.jdbc.OracleDriver
username: ${DB_USER}
password: ${DB_PASSWORD}
#data: file:/<path>/data.sql
hikari:
auto-commit: false
minimum-idle: 5
maximum-pool-size: 15
pool-name: ParerEidasHikariPool
idle-timeout: 120000
max-lifetime: 120000
jpa:
database-platform: org.hibernate.dialect.Oracle12cDialect
show_sql: false
hibernate:
max_fetch_depth: 3
ddl-auto: update
hbm2ddl:
auto: update
main:
allow-bean-definition-overriding: true
# gestione actuators
management:
endpoint:
health:
show-details: when_authorized
endpoints:
web:
exposure:
include: health
logging:
config: file:./config/logback.xml
servlet:
multipart:
max-file-size: 2GB
max-request-size: 2GB
logback.xml: |-
<configuration>
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
<layout class="ch.qos.logback.classic.PatternLayout">
<Pattern>
%d %-5p [%c] \(%t\) [%X{uuid}] %m %replace(%ex){'[\r\n]+', '\\n'}%nopex%n
</Pattern>
</layout>
</appender>
<logger name="eu.europa.esig.dss.tsl.job" level="info" additivity="false">
<appender-ref ref="CONSOLE"/>
</logger>
<logger name="eu.europa.esig.dss" level="error" additivity="false">
<appender-ref ref="CONSOLE"/>
</logger>
<logger name="org.springframework" level="off" additivity="false">
<appender-ref ref="CONSOLE"/>
</logger>
<logger name="org.apache" level="off" additivity="false">
<appender-ref ref="CONSOLE"/>
</logger>
<logger name="it.eng.parer.eidas" level="info" additivity="false">
<appender-ref ref="CONSOLE"/>
</logger>
<logger name="org.hibernate" level="off" additivity="false">
<appender-ref ref="CONSOLE"/>
</logger>
<logger name="com.sun.xml.bind" level="off" additivity="false">
<appender-ref ref="CONSOLE"/>
</logger>
<logger name="javax.xml.bind" level="off" additivity="false">
<appender-ref ref="CONSOLE"/>
</logger>
<logger name="com.zaxxer" level="info" additivity="false">
<appender-ref ref="CONSOLE"/>
</logger>
<root level="info">
<appender-ref ref="CONSOLE"/>
</root>
</configuration>
metadata:
name: verificafirma-eidas-config
- apiVersion: v1
kind: Service
metadata:
labels:
app: verificafirma-eidas
expose: "true"
name: verificafirma-eidas
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: verificafirma-eidas
sessionAffinity: None
type: ClusterIP
- apiVersion: v1
kind: Route
metadata:
annotations:
haproxy.router.openshift.io/timeout: 10m
name: verificafirma-eidas
spec:
port:
targetPort: http
tls:
termination: edge
to:
kind: Service
name: verificafirma-eidas
weight: 100
wildcardPolicy: None
- apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: verificafirma-eidas
group: it.eng.parer
gl_log_application: eidas
gl_tags: ${AMBIENTE}
name: verificafirma-eidas
spec:
replicas: 1
selector:
app: verificafirma-eidas
strategy:
rollingParams:
intervalSeconds: 1
maxSurge: 25%
resources:
limits:
cpu: 100m
memory: 100Mi
maxUnavailable: 25%
timeoutSeconds: 3600
updatePeriodSeconds: 1
type: Rolling
template:
metadata:
labels:
app: verificafirma-eidas
group: it.eng.parer
gl_log_application: eidas
gl_tags: ${AMBIENTE}
spec:
containers:
- env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: AB_JOLOKIA_OFF
value: 'true'
- name: TZ
value: Europe/Rome
- name: ADMIN_USER
valueFrom:
secretKeyRef:
name: verificafirma-eidas-secrets
key: admin-user
- name: ADMIN_PWD
valueFrom:
secretKeyRef:
name: verificafirma-eidas-secrets
key: admin-password
- name: DB_URL
valueFrom:
secretKeyRef:
name: verificafirma-eidas-secrets
key: database-url
- name: DB_USER
valueFrom:
secretKeyRef:
name: verificafirma-eidas-secrets
key: database-user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: verificafirma-eidas-secrets
key: database-password
- name: LANG
value: en_US.UTF-8
- name: JAVA_OPTS_APPEND
value: >-
-Dspring.profiles.active=${PROFILE} -XX:+UnlockExperimentalVMOptions
-XX:+UseContainerSupport -Dsun.zip.disableMemoryMapping=true
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.port=3000
-Dcom.sun.management.jmxremote.rmi.port=3001
-Djava.rmi.server.hostname=127.0.0.1
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
- name: JAVA_MAX_MEM_RATIO
value: '90'
- name: JAVA_INITIAL_MEM_RATIO
value: '40'
image: ${REGISTRY}:${IMGTAG}
imagePullPolicy: Always
livenessProbe:
failureThreshold: 10
httpGet:
path: /actuator/health/liveness
port: 8080
scheme: HTTP
initialDelaySeconds: 180
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 180
name: verificafirma-eidas
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 9779
name: prometheus
protocol: TCP
- containerPort: 8778
name: jolokia
protocol: TCP
readinessProbe:
failureThreshold: 10
httpGet:
path: /actuator/health/readiness
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 180
resources:
limits:
cpu: 800m
memory: 2500Mi
securityContext:
privileged: false
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/verificafirma-eidas/config
name: verificafirma-eidas-config
readOnly: true
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: gitlab-registry-token
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: verificafirma-eidas-config
name: verificafirma-eidas-config
test: false
triggers:
- type: ConfigChange
parameters:
- description: Registry immagine da utilizzare
displayName: registry
name: REGISTRY
required: false
value: registry.ente.regione.emr.it/parer/okd/verifica-firma-eidas
- description: Nome dal tag dell'immagine da utilizzare (default latest)
displayName: imagetag
name: IMGTAG
required: false
value: latest
- description: Nome dell'ambiente o namespace (e.g. svil/pre/test/prod)
displayName: ambiente
name: AMBIENTE
required: true
- description: Nome utente per accesso interfaccia web.
displayName: Nome utente per accesso interfaccia web
name: ADMIN_USER
value: admin
- description: Password per accesso interfaccia web.
displayName: Password per accesso interfaccia web
from: '[a-zA-Z0-9]{8}'
generate: expression
name: ADMIN_PASSWORD
- description: URL database.
displayName: URL database
required: true
name: DB_URL
- description: Nome utente per accesso db.
displayName: Nome utente per accesso db
name: DB_USER
value: eidasdb
- description: Password per accesso db.
displayName: Password per accesso db
from: '[a-zA-Z0-9]{8}'
generate: expression
name: DB_PASSWORD
- description: Nome profilo springboot
displayName: Nome profilo springboot
name: PROFILE
required: true