Merge branch 'sso76-dev' into 'sso76-dev'

RHSSO-2480 7.6.4 Preparation - Rebase RH-SSO z-stream image stream on top of EAP z-stream image

See merge request keycloak/redhat-sso-7-openshift-image!16

image.yaml

@@ -12,7 +12,7 @@ labels:
     - name: "org.jboss.product"
       value: &product "sso"
     - name: "org.jboss.product.version"
-      value: &product_version "7.6.3.GA"
+      value: &product_version "7.6.4.GA"
     - name: "org.jboss.product.sso.version"
       value: *product_version
     - name: "io.k8s.description"
@@ -70,22 +70,22 @@ ports:
     - value: 8443
 modules:
       repositories:
-          # The tags of the following four repositories are set to match "EAP_7410_CR2" jboss-eap-7-openshift-image tag:
-          # https://github.com/jboss-container-images/jboss-eap-7-openshift-image/blob/EAP_7410_CR2/image.yaml#L34
+          # The tags of the following four repositories are set to match "EAP_7411_CR2" jboss-eap-7-openshift-image tag:
+          # https://github.com/jboss-container-images/jboss-eap-7-openshift-image/blob/EAP_7411_CR2/image.yaml#L34
           - name: cct_module
             git:
                   url: https://github.com/jboss-openshift/cct_module.git
-                  ref: 0.45.4
+                  ref: 0.45.5
 
           - name: jboss-eap-modules
             git:
                   url: https://github.com/jboss-container-images/jboss-eap-modules.git
-                  ref: EAP_7410_CR2
+                  ref: EAP_7411_CR2
 
           - name: jboss-eap-image
             git:
                   url: https://github.com/jboss-container-images/jboss-eap-7-image.git
-                  ref: EAP_7410_CR2
+                  ref: EAP_7411_CR2
 
           - name: wildfly-cekit-modules
             git:

modules/eap/setup/eap/modules/module.yaml

@@ -32,17 +32,17 @@ ports:
 artifacts:
 - name: eap-image-maven-repo
   target: maven-repo.zip
-  md5: 6b42a592858527f4498a43f9f9ebad44
-  url: http://$DOWNLOAD_SERVER/released/middleware/eap7/7.4.10/jboss-eap-7.4.10-image-builder-maven-repository.zip
+  md5: e81620520e6dfe0d11e59281f943e783
+  url: http://$DOWNLOAD_SERVER/released/middleware/eap7/7.4.11/jboss-eap-7.4.11-image-builder-maven-repository.zip
 # Update RH-SSO server overlay to 'RH-SSO 7.6.3.CR1' build
 - name: keycloak-server-overlay.zip
   md5: 9053e98ade9e90170d1a7fa087709b50
 # List remaining (particular RH-SSO build independent) artifacts below
 #
 # Note: The versions of the "txn-recovery-marker-jdbc-*" artifacts below should
-#       match their counterpart versions as used in the EAP_7410_CR2 container image:
+#       match their counterpart versions as used in the EAP_7411_CR2 container image:
 #
-#       registry.redhat.io/jboss-eap-7/eap74-openjdk11-openshift-rhel8:7.4.10-3
+#       registry.redhat.io/jboss-eap-7/eap74-openjdk11-openshift-rhel8:7.4.11-3
 #
 - name: txn-recovery-marker-jdbc-common
   target: txn-recovery-marker-jdbc-common-1.1.4.Final-redhat-00001.jar
@@ -79,16 +79,16 @@ artifacts:
   target: wildfly-provisioning-parent-5.2.6.Final.pom
 labels:
 # Note: The values of the following labels should match the values of their counterpart labels
-# as defined in the EAP_7410_CR2 container image:
+# as defined in the EAP_7411_CR2 container image:
 #
-#   registry.redhat.io/jboss-eap-7/eap74-openjdk11-openshift-rhel8:7.4.10-3
+#   registry.redhat.io/jboss-eap-7/eap74-openjdk11-openshift-rhel8:7.4.11-3
 #
 - name: "org.jboss.product"
   value: "eap"
 - name: "org.jboss.product.version"
-  value: "7.4.10"
+  value: "7.4.11"
 - name: "org.jboss.product.eap.version"
-  value: "7.4.10"
+  value: "7.4.11"
 - name: "com.redhat.deployments-dir"
   value: "/opt/eap/standalone/deployments"
 - name: "com.redhat.dev-mode"
@@ -107,21 +107,21 @@ labels:
   value: "/deployments"
 envs:
 # Note: The values of the following env vars should match the values of their counterpart env vars
-# as defined in the EAP_7410_CR2 container image:
+# as defined in the EAP_7411_CR2 container image:
 #
-#   registry.redhat.io/jboss-eap-7/eap74-openjdk11-openshift-rhel8:7.4.10-3
+#   registry.redhat.io/jboss-eap-7/eap74-openjdk11-openshift-rhel8:7.4.11-3
 #
 - name: "WILDFLY_VERSION"
   description: "Mandatory. WildFly server version."
-  value: "7.4.10.GA-redhat-00002"
+  value: "7.4.11.GA-redhat-00002"
 - name: "LAUNCH_JBOSS_IN_BACKGROUND"
   value: "true"
 - name: "JBOSS_PRODUCT"
   value: "eap"
 - name: "JBOSS_EAP_VERSION"
-  value: "7.4.10"
+  value: "7.4.11"
 - name: "PRODUCT_VERSION"
-  value: "7.4.10"
+  value: "7.4.11"
 - name: "EAP_FULL_GROUPID"
   value: "org.jboss.eap"
 - name: "JBOSS_HOME"

templates/passthrough/ocp-3.x/sso76-ocp3-https.json

@@ -5,7 +5,7 @@
         "annotations": {
             "iconClass" : "icon-sso",
             "tags" : "sso,keycloak,jboss,hidden",
-            "version": "7.6.3.GA",
+            "version": "7.6.4.GA",
             "openshift.io/display-name": "Red Hat Single Sign-On 7.6 on OpenJDK (Ephemeral with passthrough TLS)",
             "openshift.io/provider-display-name": "Red Hat, Inc.",
             "description": "An example application based on RH-SSO 7.6 on OpenJDK image. For more information about using this template, see https://github.com/jboss-container-images/redhat-sso-7-openshift-image/tree/sso76-dev/docs.",
@@ -17,7 +17,7 @@
     },
     "labels": {
         "template": "sso76-ocp3-https",
-        "rhsso": "7.6.3.GA"
+        "rhsso": "7.6.4.GA"
     },
     "message": "A new RH-SSO service has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. Please be sure to create the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing RH-SSO requests.",
     "parameters": [

templates/passthrough/ocp-3.x/sso76-ocp3-postgresql-persistent.json

@@ -5,7 +5,7 @@
         "annotations": {
             "iconClass" : "icon-sso",
             "tags" : "sso,keycloak,jboss,hidden",
-            "version": "7.6.3.GA",
+            "version": "7.6.4.GA",
             "openshift.io/display-name": "Red Hat Single Sign-On 7.6 on OpenJDK + PostgreSQL (Persistent with passthrough TLS)",
             "openshift.io/provider-display-name": "Red Hat, Inc.",
             "description": "An example application based on RH-SSO 7.6 on OpenJDK image. For more information about using this template, see https://github.com/jboss-container-images/redhat-sso-7-openshift-image/tree/sso76-dev/docs.",
@@ -17,7 +17,7 @@
     },
     "labels": {
         "template": "sso76-ocp3-postgresql-persistent",
-        "rhsso": "7.6.3.GA"
+        "rhsso": "7.6.4.GA"
     },
     "message": "A new persistent RH-SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing RH-SSO requests.",
     "parameters": [

templates/passthrough/ocp-3.x/sso76-ocp3-postgresql.json

@@ -5,7 +5,7 @@
         "annotations": {
             "iconClass" : "icon-sso",
             "tags" : "sso,keycloak,jboss,hidden",
-            "version": "7.6.3.GA",
+            "version": "7.6.4.GA",
             "openshift.io/display-name": "Red Hat Single Sign-On 7.6 on OpenJDK + PostgreSQL (Ephemeral with passthrough TLS)",
             "openshift.io/provider-display-name": "Red Hat, Inc.",
             "description": "An example application based on RH-SSO 7.6 on OpenJDK image. For more information about using this template, see https://github.com/jboss-container-images/redhat-sso-7-openshift-image/tree/sso76-dev/docs.",
@@ -17,7 +17,7 @@
     },
     "labels": {
         "template": "sso76-ocp3-postgresql",
-        "rhsso": "7.6.3.GA"
+        "rhsso": "7.6.4.GA"
     },
     "message": "A new RH-SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing RH-SSO requests.",
     "parameters": [

templates/passthrough/ocp-4.x/sso76-ocp4-https.json

@@ -5,7 +5,7 @@
         "annotations": {
             "iconClass" : "icon-sso",
             "tags" : "sso,keycloak,jboss,hidden",
-            "version": "7.6.3.GA",
+            "version": "7.6.4.GA",
             "openshift.io/display-name": "Red Hat Single Sign-On 7.6 on OpenJDK (Ephemeral with passthrough TLS)",
             "openshift.io/provider-display-name": "Red Hat, Inc.",
             "description": "An example application based on RH-SSO 7.6 on OpenJDK image. For more information about using this template, see https://github.com/jboss-container-images/redhat-sso-7-openshift-image/tree/sso76-dev/docs.",
@@ -17,7 +17,7 @@
     },
     "labels": {
         "template": "sso76-ocp4-https",
-        "rhsso": "7.6.3.GA"
+        "rhsso": "7.6.4.GA"
     },
     "message": "A new RH-SSO service has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. Please be sure to create the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing RH-SSO requests. To enable also dual-network clusters that support both IPv4 and IPv6 address families, all services defined by this template are configured having the 'spec.ipFamilyPolicy' field set to 'PreferDualStack' by default.",
     "parameters": [

templates/passthrough/ocp-4.x/sso76-ocp4-postgresql-persistent.json

@@ -5,7 +5,7 @@
         "annotations": {
             "iconClass" : "icon-sso",
             "tags" : "sso,keycloak,jboss,hidden",
-            "version": "7.6.3.GA",
+            "version": "7.6.4.GA",
             "openshift.io/display-name": "Red Hat Single Sign-On 7.6 on OpenJDK + PostgreSQL (Persistent with passthrough TLS)",
             "openshift.io/provider-display-name": "Red Hat, Inc.",
             "description": "An example application based on RH-SSO 7.6 on OpenJDK image. For more information about using this template, see https://github.com/jboss-container-images/redhat-sso-7-openshift-image/tree/sso76-dev/docs.",
@@ -17,7 +17,7 @@
     },
     "labels": {
         "template": "sso76-ocp4-postgresql-persistent",
-        "rhsso": "7.6.3.GA"
+        "rhsso": "7.6.4.GA"
     },
     "message": "A new persistent RH-SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing RH-SSO requests. To enable also dual-network clusters that support both IPv4 and IPv6 address families, all services defined by this template are configured having the 'spec.ipFamilyPolicy' field set to 'PreferDualStack' by default.",
     "parameters": [

templates/passthrough/ocp-4.x/sso76-ocp4-postgresql.json

@@ -5,7 +5,7 @@
         "annotations": {
             "iconClass" : "icon-sso",
             "tags" : "sso,keycloak,jboss,hidden",
-            "version": "7.6.3.GA",
+            "version": "7.6.4.GA",
             "openshift.io/display-name": "Red Hat Single Sign-On 7.6 on OpenJDK + PostgreSQL (Ephemeral with passthrough TLS)",
             "openshift.io/provider-display-name": "Red Hat, Inc.",
             "description": "An example application based on RH-SSO 7.6 on OpenJDK image. For more information about using this template, see https://github.com/jboss-container-images/redhat-sso-7-openshift-image/tree/sso76-dev/docs.",
@@ -17,7 +17,7 @@
     },
     "labels": {
         "template": "sso76-ocp4-postgresql",
-        "rhsso": "7.6.3.GA"
+        "rhsso": "7.6.4.GA"
     },
     "message": "A new RH-SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing RH-SSO requests. To enable also dual-network clusters that support both IPv4 and IPv6 address families, all services defined by this template are configured having the 'spec.ipFamilyPolicy' field set to 'PreferDualStack' by default.",
     "parameters": [

templates/reencrypt/ocp-3.x/sso76-ocp3-x509-https.json

@@ -5,7 +5,7 @@
         "annotations": {
             "iconClass" : "icon-sso",
             "tags" : "sso,keycloak,jboss",
-            "version": "7.6.3.GA",
+            "version": "7.6.4.GA",
             "openshift.io/display-name": "Red Hat Single Sign-On 7.6 on OpenJDK (Ephemeral) for OpenShift 3.X",
             "openshift.io/provider-display-name": "Red Hat, Inc.",
             "description": "An example application based on RH-SSO 7.6 on OpenJDK image. For more information about using this template, see https://github.com/jboss-container-images/redhat-sso-7-openshift-image/tree/sso76-dev/docs.",
@@ -17,7 +17,7 @@
     },
     "labels": {
         "template": "sso76-ocp3-x509-https",
-        "rhsso": "7.6.3.GA"
+        "rhsso": "7.6.4.GA"
     },
     "message": "A new RH-SSO service has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The HTTPS keystore used for serving secure content, the JGroups keystore used for securing JGroups communications, and server truststore used for securing RH-SSO requests were automatically created via OpenShift's service serving x509 certificate secrets using the service-serving CA bundle from '/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt'. Refer to: https://github.com/openshift/openshift-docs/blob/enterprise-4.1/release_notes/ocp-4-1-release-notes.adoc#service-ca-bundle-changes for additional details about this CA bundle.",
     "parameters": [

templates/reencrypt/ocp-3.x/sso76-ocp3-x509-postgresql-persistent.json

@@ -5,7 +5,7 @@
         "annotations": {
             "iconClass" : "icon-sso",
             "tags" : "sso,keycloak,jboss",
-            "version": "7.6.3.GA",
+            "version": "7.6.4.GA",
             "openshift.io/display-name": "Red Hat Single Sign-On 7.6 on OpenJDK + PostgreSQL SSL/TLS (Persistent) for OpenShift 3.X",
             "openshift.io/provider-display-name": "Red Hat, Inc.",
             "description": "An example application based on RH-SSO 7.6 on OpenJDK image. For more information about using this template, see https://github.com/jboss-container-images/redhat-sso-7-openshift-image/tree/sso76-dev/docs.",
@@ -17,7 +17,7 @@
     },
     "labels": {
         "template": "sso76-ocp3-x509-postgresql-persistent",
-        "rhsso": "7.6.3.GA"
+        "rhsso": "7.6.4.GA"
     },
     "message": "A new persistent RH-SSO service (using SSL/TLS secured PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. The HTTPS keystore used for serving secure content, the JGroups keystore used for securing JGroups communications, the server truststore used for securing RH-SSO requests, and SSL/TLS certificate & private key used to run PostgreSQL server with SSL/TLS support were automatically created via OpenShift's service serving x509 certificate secrets using the service-serving CA bundle from '/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt'. Refer to: https://github.com/openshift/openshift-docs/blob/enterprise-4.1/release_notes/ocp-4-1-release-notes.adoc#service-ca-bundle-changes for additional details about this CA bundle.",
     "parameters": [

templates/reencrypt/ocp-4.x/sso76-ocp4-x509-https.json

@@ -5,7 +5,7 @@
         "annotations": {
             "iconClass" : "icon-sso",
             "tags" : "sso,keycloak,jboss",
-            "version": "7.6.3.GA",
+            "version": "7.6.4.GA",
             "openshift.io/display-name": "Red Hat Single Sign-On 7.6 on OpenJDK (Ephemeral) for OpenShift 4.X",
             "openshift.io/provider-display-name": "Red Hat, Inc.",
             "description": "An example application based on RH-SSO 7.6 on OpenJDK image. For more information about using this template, see https://github.com/jboss-container-images/redhat-sso-7-openshift-image/tree/sso76-dev/docs.",
@@ -17,7 +17,7 @@
     },
     "labels": {
         "template": "sso76-ocp4-x509-https",
-        "rhsso": "7.6.3.GA"
+        "rhsso": "7.6.4.GA"
     },
     "message": "A new RH-SSO service has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The HTTPS keystore used for serving secure content, the JGroups keystore used for securing JGroups communications, and server truststore used for securing RH-SSO requests were automatically created via OpenShift's service serving x509 certificate secrets by using a CA bundle that is automatically injected into any configMap annotated with 'service.beta.openshift.io/inject-cabundle=true' annotation. Refer to: https://github.com/openshift/openshift-docs/blob/enterprise-4.1/release_notes/ocp-4-1-release-notes.adoc#service-ca-bundle-changes for additional details about this CA bundle. To enable also dual-network clusters that support both IPv4 and IPv6 address families, all services defined by this template are configured having the 'spec.ipFamilyPolicy' field set to 'PreferDualStack' by default.",
     "parameters": [