common parameter
Use the common parameter to define ingress host sub-domain using which ingress or routes will be exposed for application servers.
You can use it to define common ingress and service configurations that are applicable to all the
appServer instances. Also, define common podLabels that are
applied to all the pods created for the OMEnvironment using this parameter.
The following .yaml file is a sample schema of
common: common:
ingress:
host: ""
# annotations: {}
# labels: {}
# className: ""
# customDomains: []
# ssl:
# enabled: false
# identitySecretName: ""
jwt:
alias: <custom_name>
algorithm: RS512
audience: service
issuer: oms
# service:
# annotations: {}
# labels: {}
# appServer:
# ports:
# http: 9080
# https: 9443
# pod:
# podLabels: {}
# podAnnotations: {}
# oidc:
# enabled: false
# provider: " "
# discoveryurl: " "
# class: " "
# uniqueClaim: sub
# secondaryid: email
# logouturl: " "
Note: In Dev and QA environments, the Operator generates a JWT certificate that expires in two
months. To continue using a certificate generated by the Operator, remove the expired certificate
from the Persistent Volume and generate a new one. For production, you must generate your own JWT
certificate.
The following table explains the properties applicable for the
common parameter
of OMEnvironment.
| Property | Default value | Value type | Required | Description |
|---|---|---|---|---|
ingress
|
object | Yes | Specify the ingress parameter. For more information about configuring ingress, see ingress properties. | |
appServer.ports.http |
9080 |
integer | Yes | Specify the HTTP container port for Liberty application server. |
appServer.ports.https |
9443 |
integer | Yes | Specify the HTTPS container port for Liberty application server. |
jwt.audience |
service |
string |
Yes | Specify to whom you intend to send the JWT token. |
jwt.issuer |
oms |
string |
Yes | Specify an issuer name when creating a JWT token for the current user. |
jwt.algorithm |
RS512 |
string |
Yes | Specify the algorithm that is used for signing the JWT token. |
jwt.alias |
string | No | Specify a custom name for the JWT when defining your own key-pair. | |
service.annotations |
object | No | Specify the additional annotations for service resource. | |
service.labels |
object | No | Specify the additional labels for service resource. | |
pod.podLabels |
"" (volumes's root) |
object | No | Specify any additional labels for pod as key-value pair. These pod labels are also copied to deployments. |
pod.podAnnotations |
object | No | Specify any additional annotations for pod as key-value pair. |
Note: Ensure that the
jwt.audience, jwt.issuer, and
jwt.algorithm parameters match with the configuration that is provided during
Sterling™ Order Management System Software deployment.ingress properties
The following table explains the properties applicable for the
ingress parameter
of common.
| Property | Default value | Value type | Required | Description |
|---|---|---|---|---|
ingress.annotations |
object | No | Specify any additional annotations for ingress or routes resource as key-value pair. | |
ingress.labels |
object | No | Specify any additional labels for ingress or routes resource as key-value pair. | |
ingress.host |
string | No | Specify the domain name to which the service is exposed to. | |
ingress.ssl |
object | No | Specify the ingress SSL configurations. | |
ingress.ssl.enabled |
boolean | Yes, when ingress.ssl is specified. |
Specify whether SSL is enabled for ingress or not. | |
ingress.className |
nginx |
string | No | Specify the ingress class name. |
ingress.customDomains |
array | No | Specify a list of custom domains with one or more Fully Qualified Domain Names (FQDNs) over which your application is exposed. For more information, see Creating multiple ingress hosts by using customDomains. | |
ingress.ssl.identitySecretName |
string | No | Specify the name of the secret holding TLS certificate to be used as identity for ingress or routes. The ingress or route URL will present this TLS certificate to the clients. |
exposure properties
The
exposure property takes precedence if specified.
| Property | Default value | Value type | Required | Description |
|---|---|---|---|---|
annotations |
Object | No | Specify any additional annotations as key value pairs. | |
labels |
Object | No | Specify any additional labels as key value pairs. | |
host |
string | No | Specify the domain name to expose the service over. | |
ssl |
Object | No | Specify the SSL configurations. | |
ssl.enabled |
bool | No | Enable or disable SSL. | |
ssl.identitySecretName |
string | No | Specify the name of the secret holding TLS certificate to be used as identity. | |
gateway |
Object | No | Specify the gateway configurations. This property is ignored in OpenShift. | |
gateway.gatewayName |
string | Yes | Specify the name of the Gateway resource to attach the HTTPRoute to. | |
gateway.gatewayNamespace |
string | Yes | Specify the namespace of the Gateway. If omitted, the namespace of the resource will be used. | |
gateway.listenerName |
string | No | Specify the listener section on the Gateway to attach the HTTPRoute to. If not specified, the Gateway controller will choose the appropriate listener. | |
gateway.create |
object | No | Optionally instructs the operator to create the Gateway if it does not already exist. This should only be used in environments where the operator is allowed to manage infrastructure resources. | |
gateway.create.gatewayClassName |
string | Yes | Specify the GatewayClass used when creating the Gateway. | |
gateway.create.listeners |
array | Yes | Specify the listeners that will be configured on the Gateway. At least one listener must be specified when creating a Gateway. | |
gateway.create.listeners[].name |
string | Yes | Specify the name of the listener. This can be referenced by HTTPRoute parentRefs.sectionName. | |
gateway.create.listeners[].port |
int | No | Specify the network port exposed by this listener. | |
gateway.create.listeners[].protocol |
string | No | Specify the network protocol supported by the listener. Supported values include HTTP, HTTPS, TLS, TCP, and UDP. | |
customDomains |
array | No | Specify the list of custom domains with fully qualified domain names (FQDN) over which the service must be exposed. | |
customDomains[].annotations |
object | No | Specify any additional annotations as key value pairs. | |
customDomains[].labels |
object | No | Specify any additional labels as key value pairs. | |
customDomains[].host |
string | No | Specify the domain name to expose the service over. | |
customDomains[].gateway |
object | No | Specify the gateway configurations similar to gateway. This is ignored in
Openshift. |
|
customDomains[].ssl |
object | No | Specify the SSL configurations. |
OIDC properties
The following table explains the properties for OIDC.
| Property | Default value | Value type | Required | Description |
|---|---|---|---|---|
oidc.enabled |
false | string | No | Enable or disable OIDC. |
oidc.provider |
string | Yes | Specify the OIDC provider name. | |
oidc.discoveryurl |
string | Yes | Specify the OIDC discovery URL. | |
oidc.class |
string | No | Specify the OIDC class. | |
oidc.uniqueClaim |
sub | string | No | Specify the OIDC unique claim details. |
oidc.secondaryid |
string | No | Specify the secondary ID. | |
oidc.logouturl |
string | Yes | Specify the OIDC logout URL. |