KEYCLOAK-10122 Update documentation for RHSSO CD 6

This commit is contained in:
Hynek Mlnarik 2019-05-09 16:27:11 +02:00 committed by Hynek Mlnařík
parent b220c0d5bc
commit 4a8b30d6c6
5 changed files with 31 additions and 26 deletions

View file

@ -7,6 +7,6 @@ include::topics/templates/document-attributes-product.adoc[]
:openshift:
= {openshift_name}
= {project_openshift_product_name}
include::topics.adoc[]

View file

@ -7,6 +7,6 @@ include::topics/templates/document-attributes-product.adoc[]
:openshift:
= {openshift_name}
= {project_openshift_product_name}
include::topics.adoc[]

View file

@ -1,33 +1,33 @@
== Introduction
=== What Is {project_name}?
{project_name} is an integrated sign-on solution available as a Red Hat JBoss Middleware for OpenShift containerized image. The {project_openshift_product_name} image provides an authentication server for users to centrally log in, log out, register, and manage user accounts for web applications, mobile applications, and RESTful web services.
=== What Is {project_openshift_product_name}?
{project_openshift_product_name} is an integrated sign-on solution available as a Red Hat JBoss Middleware for OpenShift containerized image. The {project_openshift_product_name} image provides an authentication server for users to centrally log in, log out, register, and manage user accounts for web applications, mobile applications, and RESTful web services.
[[sso-templates]]
Red Hat offers multiple OpenShift application templates utilizing the {project_openshift_product_name} image version number {project_version}. These define the resources needed to develop {project_name} {project_version} server based deployment and can be split into the following two categories:
Red Hat offers multiple OpenShift application templates utilizing the {project_openshift_product_name} image version number {project_version}. These define the resources needed to develop {project_openshift_product_name} {project_version} server based deployment and can be split into the following two categories:
[[passthrough-templates]]
* Templates using HTTPS and JGroups keystores and a truststore for the {project_name} server, all prepared beforehand. These secure the TLS communication using link:https://docs.openshift.com/container-platform/latest/architecture/networking/routes.html#passthrough-termination[passthrough TLS termination]:
* Templates using HTTPS and JGroups keystores and a truststore for the {project_openshift_product_name} server, all prepared beforehand. These secure the TLS communication using link:https://docs.openshift.com/container-platform/latest/architecture/networking/routes.html#passthrough-termination[passthrough TLS termination]:
** *_{project_templates_version}-https_*: {project_name} {project_version} backed by internal H2 database on the same pod.
** *_{project_templates_version}-mysql_*: {project_name} {project_version} backed by ephemeral MySQL database on a separate pod.
** *_{project_templates_version}-mysql-persistent_*: {project_name} {project_version} backed by persistent MySQL database on a separate pod.
** *_{project_templates_version}-postgresql_*: {project_name} {project_version} backed by ephemeral PostgreSQL database on a separate pod.
** *_{project_templates_version}-postgresql-persistent_*: {project_name} {project_version} backed by persistent PostgreSQL database on a separate pod.
** *_{project_templates_version}-https_*: {project_openshift_product_name} {project_version} backed by internal H2 database on the same pod.
** *_{project_templates_version}-mysql_*: {project_openshift_product_name} {project_version} backed by ephemeral MySQL database on a separate pod.
** *_{project_templates_version}-mysql-persistent_*: {project_openshift_product_name} {project_version} backed by persistent MySQL database on a separate pod.
** *_{project_templates_version}-postgresql_*: {project_openshift_product_name} {project_version} backed by ephemeral PostgreSQL database on a separate pod.
** *_{project_templates_version}-postgresql-persistent_*: {project_openshift_product_name} {project_version} backed by persistent PostgreSQL database on a separate pod.
[[reencrypt-templates]]
* Templates using OpenShift's internal link:https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html#service-serving-certificate-secrets[service serving x509 certificate secrets] to automatically create the HTTPS keystore used for serving secure content. The JGroups cluster traffic is authenticated using the `AUTH` protocol and encrypted using the `ASYM_ENCRYPT` protocol. The {project_name} server truststore is also created automatically, containing the */var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt* CA certificate file, which is used to sign the certificate for HTTPS keystore. Moreover, the truststore for the {project_name} server is pre-populated with the all known, trusted CA certificate files found in the Java system path. These templates secure the TLS communication using link:https://docs.openshift.com/container-platform/latest/architecture/networking/routes.html#re-encryption-termination[re-encryption TLS termination]:
* Templates using OpenShift's internal link:https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html#service-serving-certificate-secrets[service serving x509 certificate secrets] to automatically create the HTTPS keystore used for serving secure content. The JGroups cluster traffic is authenticated using the `AUTH` protocol and encrypted using the `ASYM_ENCRYPT` protocol. The {project_openshift_product_name} server truststore is also created automatically, containing the */var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt* CA certificate file, which is used to sign the certificate for HTTPS keystore. Moreover, the truststore for the {project_openshift_product_name} server is pre-populated with the all known, trusted CA certificate files found in the Java system path. These templates secure the TLS communication using link:https://docs.openshift.com/container-platform/latest/architecture/networking/routes.html#re-encryption-termination[re-encryption TLS termination]:
** *_{project_templates_version}-x509-https_*: {project_name} {project_version} with auto-generated HTTPS keystore and {project_name} truststore, backed by internal H2 database. The `ASYM_ENCRYPT` JGroups protocol is used for encryption of cluster traffic.
** *_{project_templates_version}-x509-mysql-persistent_*: {project_name} {project_version} with auto-generated HTTPS keystore and {project_name} truststore, backed by persistent MySQL database. The `ASYM_ENCRYPT` JGroups protocol is used for encryption of cluster traffic.
** *_{project_templates_version}-x509-postgresql-persistent_*: {project_name} {project_version} with auto-generated HTTPS keystore and {project_name} truststore, backed by persistent PostgreSQL database. The `ASYM_ENCRYPT` JGroups protocol is used for encryption of cluster traffic.
** *_{project_templates_version}-x509-https_*: {project_openshift_product_name} {project_version} with auto-generated HTTPS keystore and {project_openshift_product_name} truststore, backed by internal H2 database. The `ASYM_ENCRYPT` JGroups protocol is used for encryption of cluster traffic.
** *_{project_templates_version}-x509-mysql-persistent_*: {project_openshift_product_name} {project_version} with auto-generated HTTPS keystore and {project_openshift_product_name} truststore, backed by persistent MySQL database. The `ASYM_ENCRYPT` JGroups protocol is used for encryption of cluster traffic.
** *_{project_templates_version}-x509-postgresql-persistent_*: {project_openshift_product_name} {project_version} with auto-generated HTTPS keystore and {project_openshift_product_name} truststore, backed by persistent PostgreSQL database. The `ASYM_ENCRYPT` JGroups protocol is used for encryption of cluster traffic.
Other templates that integrate with {project_name} are also available:
Other templates that integrate with {project_openshift_product_name} are also available:
* *_eap64-sso-s2i_*: {project_name}-enabled Red Hat JBoss Enterprise Application Platform 6.4.
* *_eap71-sso-s2i_*: {project_name}-enabled Red Hat JBoss Enterprise Application Platform 7.1.
* *_datavirt63-secure-s2i_*: {project_name}-enabled Red Hat JBoss Data Virtualization 6.3.
* *_eap64-sso-s2i_*: {project_openshift_product_name}-enabled Red Hat JBoss Enterprise Application Platform 6.4.
* *_eap71-sso-s2i_*: {project_openshift_product_name}-enabled Red Hat JBoss Enterprise Application Platform 7.1.
* *_datavirt63-secure-s2i_*: {project_openshift_product_name}-enabled Red Hat JBoss Data Virtualization 6.3.
These templates contain environment variables specific to {project_name} that enable automatic {project_name} client registration when deployed.
These templates contain environment variables specific to {project_openshift_product_name} that enable automatic {project_openshift_product_name} client registration when deployed.
See xref:Auto-Man-Client-Reg[Automatic and Manual {project_name} Client Registration Methods] for more information.
See xref:Auto-Man-Client-Reg[Automatic and Manual {project_openshift_product_name} Client Registration Methods] for more information.

View file

@ -18,8 +18,13 @@ endif::[]
ifeval::[{project_product_cd}==true]
== {project_name_full} 6
include::topics/6_0_0.adoc[leveloffset=2]
== {project_name_full} 7.3.CD05
include::topics/5_0_0.adoc[leveloffset=2]
include::topics/4_8_0_final.adoc[leveloffset=2]
include::topics/4_7_0_final.adoc[leveloffset=2]

View file

@ -8,6 +8,7 @@
ifeval::[{project_product_cd}==false]
:project_name_full: Red Hat Single Sign-On
:project_openshift_product_name: {project_name_full} for OpenShift
:project_version: 7.3.0.GA
:project_versionDoc: 7.3
:project_templates_version: sso73
@ -18,15 +19,15 @@ endif::[]
ifeval::[{project_product_cd}==true]
:project_name_full: Red Hat Single Sign-On Continuous Delivery
:project_version: 7.4.0.CD05
:project_versionDoc: 5
:project_openshift_product_name: {project_name_full}
:project_version: 6
:project_versionDoc: 6
:project_templates_version: sso-cd
:project_latest_image_tag: 1.0
:project_latest_image_tag: 6
:project_doc_base_url: https://access.redhat.com/documentation/en-us/red_hat_single_sign-on_continuous_delivery/{project_versionDoc}/html-single
:maven_repository: https://maven.repository.redhat.com/earlyaccess/
endif::[]
:project_openshift_product_name: {project_name} for OpenShift
:project_dirref: RHSSO_HOME
@ -59,7 +60,6 @@ endif::[]
:upgradingguide_link: {project_doc_base_url}/upgrading_guide/
:releasenotes_name: Release Notes
:releasenotes_link: {project_doc_base_url}/release_notes/
:openshift_name: Red Hat Single Sign-On for OpenShift
:openshift_link: {project_doc_base_url}/red_hat_single_sign-on_for_openshift/
:installguide_name: Server Installation and Configuration Guide
:installguide_link: {project_doc_base_url}/server_installation_and_configuration_guide/