From 0a203fc035facd9870665755421534c09c1f6cb2 Mon Sep 17 00:00:00 2001 From: Conan Scott Date: Wed, 19 Nov 2025 18:27:05 +0800 Subject: [PATCH] Modifed templates to read notations for ocp routes Modified route annotations for anm, apimgr, apitraffic and oath for cert-manager in values-override.yaml Removed ingress from values-override.yaml Fixed manual pv yaml paths --- ! | 647 -------------------- pv-apim-audit.yaml | 2 +- pv-apim-events.yaml | 2 +- pv-apim-opentraffic.yaml | 2 +- pv-apim-payloads.yaml | 2 +- redirect.yaml | 26 - templates/aga/aga-routes.yaml | 4 + templates/anm/anm-routes.yaml | 4 + templates/apimgr/apimgr-routes.yaml | 4 + templates/apiportal/apiportal-routes.yaml | 4 + templates/apitraffic/apitraffic-routes.yaml | 4 + templates/apitraffic/oauth-routes.yaml | 4 + values-override.yaml | 295 +++++---- 13 files changed, 196 insertions(+), 804 deletions(-) delete mode 100644 ! delete mode 100644 redirect.yaml diff --git a/! b/! deleted file mode 100644 index 6f38637..0000000 --- a/! +++ /dev/null @@ -1,647 +0,0 @@ -nameOverride: gateway -global: - domainName: apilab.us - defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 - imagePullPolicy: Always - imagePullSecrets: - - name: regcred - storage: - provisioningType: "dynamic" - storageClassName: "nfs" - volumes: - - name: events - enabled: true - usedBy: - - anm - - apimgr - - traffic - accessModes: - - ReadWriteMany - capacity: 1Gi - volumeName: apim-events - - name: payloads - enabled: true - usedBy: - - traffic - accessModes: - - ReadWriteOnce - capacity: 16Gi - volumeName: apim-payloads - - name: audit - enabled: true - usedBy: - - anm - - apimgr - - traffic - accessModes: - - ReadWriteMany - capacity: 1Gi - volumeName: apim-audit - - name: anm-external-config - enabled: true - usedBy: - - anm - accessModes: - - ReadWriteOnce - capacity: 8Mi - - name: apimgr-external-config - enabled: true - usedBy: - - apimgr - accessModes: - - ReadWriteOnce - capacity: 8Mi - - name: apitraffic-external-config - enabled: true - usedBy: - - traffic - accessModes: - - ReadWriteOnce - capacity: 8Mi - - name: aga-external-config - enabled: true - usedBy: - - traffic - accessModes: - - ReadWriteOnce - capacity: 8Mi - - name: opentraffic - enabled: true - usedBy: - - traffic - - anm - - apimgr - accessModes: - - ReadWriteOnce - capacity: 8Gi - volumeName: apim-opentraffic - initContainers: - securityContext: - runAsNonRoot: false - database: - host: mysql.metrics.svc.cluster.local - metrics: - enabled: true - username: "root" - password: "password" - sslMode: "NONE" - url: jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }} - cassandra: - enabled: true - hosts: - - variable: CASS_HOST - hostname: cassandra.cassandra.svc.cluster.local - username: cassandra - password: cassandra - keyspace: ks - tkeyspace: tks - -anm: - image: - repository: "admin-nodemanager" - tag: "7.7.0.20240228-1-BN0065-ubi9" - generalConditions: - accept: "yes" - resources: - limits: - memory: "2048Mi" - cpu: "1000m" - requests: - memory: "1Gi" - cpu: "250m" - securityContext: - runAsNonRoot: false - route: - enabled: false - ingress: - enabled: true - className: "nginx" - annotations: - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/secure-backends: "true" - nginx.ingress.kubernetes.io/ingress.class: "nginx" - kubernetes.io/tls-acme: "true" - cert-manager.io/cluster-issuer: "letsencrypt-issuer" - hosts: - - host: anm.apilab.us - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: anm-tls - hosts: - - anm.apilab.us - service: - port: 8091 - extraVolumeMounts: - - name: anm-external-config - mountPath: /merge - - name: events - mountPath: /opt/Axway/apigateway/events - - name: audit - mountPath: /opt/Axway/apigateway/logs - extraVolumes: - - persistentVolumeClaim: - claimName: anm-external-config - name: anm-external-config - - persistentVolumeClaim: - claimName: events - name: events - - persistentVolumeClaim: - claimName: audit - name: audit - extraEnvVars: - - name: EMT_DEPLOYMENT_ENABLED - value: "true" - - name: ACCEPT_GENERAL_CONDITIONS - value: "yes" - - name: APIGW_LOG_OPENTRAFFIC_OUTPUT - value: "file" - - name: API_BUILDER_URL - value: "https://axway-elk-apim4elastic-apibuilder4elastic.apim4elastic:8443" - -apimgr: - name: apimgr - image: - repository: "gateway" - tag: "7.7.0.20240228-1-BN0065-ubi9" - generalConditions: - accept: "yes" - groupId: Group1 - resources: - limits: - memory: "2Gi" - cpu: 2 - requests: - memory: "0.5Gi" - cpu: 0.5 - securityContext: - runAsNonRoot: false - route: - enabled: false - ingress: - enabled: true - className: "nginx" - annotations: - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/secure-backends: "true" - nginx.ingress.kubernetes.io/ingress.class: "nginx" - kubernetes.io/tls-acme: "true" - cert-manager.io/cluster-issuer: "letsencrypt-issuer" - hosts: - - host: apimgr.apilab.us - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: apimgr-tls - hosts: - - apimgr.apilab.us - service: - port: 8075 - extraVolumeMounts: - - name: events - mountPath: /opt/Axway/apigateway/events - - name: apimgr-external-config - mountPath: /merge - - name: opentraffic - mountPath: /opt/Axway/apigateway/logs/opentraffic - - name: audit - mountPath: /opt/Axway/apigateway/logs/transaction - extraVolumes: - - persistentVolumeClaim: - claimName: events - name: events - - persistentVolumeClaim: - claimName: apimgr-external-config - name: apimgr-external-config - - persistentVolumeClaim: - claimName: opentraffic - name: opentraffic - - persistentVolumeClaim: - claimName: audit - name: audit - extraEnvVars: - - name: EMT_HEALTHCHECK_PORT - value: "8065" - - name: EMT_HEALTHCHECK_PATH - value: /healthcheck - - name: GW_DIR - value: /opt/Axway/apigateway - - name: GW_TRACE_DIR - value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace - - name: EMT_TOPOLOGY_TTL - value: "10" - - name: EMT_DEPLOYMENT_ENABLED - value: "true" - - name: ACCEPT_GENERAL_CONDITIONS - value: "yes" - - name: APIGW_LOG_OPENTRAFFIC_OUTPUT - value: "file" - license: - license.lic: | - FIPS=1 - SalesForce Connector=1 - ServiceNow Connector=1 - analytics=1 - api_visual_mapper=1 - apiportal=1 - company=Axway - deployment_type=docker - expires=Sat, 30 Nov 2024 15:48:27 GMT - license_id=TEMP - mcafee=1 - name=Axway - sdkgenerator=1 - unrestricted=1 - version=7.7 - # SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9 - # SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba - # SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d - # SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4 - # SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089 - # SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d - # SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472 - # SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c -apitraffic: - image: - repository: "gateway" - tag: "7.7.0.20240228-1-BN0065-ubi9" - generalConditions: - accept: "yes" - groupId: Group1 - resources: - limits: - memory: "2Gi" - cpu: 2 - requests: - memory: "0.5Gi" - cpu: 0.5 - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 6 - targetCPUUtilizationPercentage: 80 - replicaCount: 4 - securityContext: - runAsNonRoot: false - oauth: - enabled: true - type: ClusterIP - port: 8089 - protocol: TCP - route: - enabled: false - ingress: - enabled: true - className: "nginx" - annotations: - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/secure-backends: "true" - kubernetes.io/ingress.class: nginx - kubernetes.io/tls-acme: "true" - cert-manager.io/cluster-issuer: "letsencrypt-issuer" - hosts: - - host: oauth.apilab.us - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: oauth-tls - hosts: - - oauth.apilab.us - route: - enabled: false - ingress: - enabled: true - className: "nginx" - annotations: - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/secure-backends: "true" - nginx.ingress.kubernetes.io/ingress.class: "nginx" - kubernetes.io/tls-acme: "true" - cert-manager.io/cluster-issuer: "letsencrypt-issuer" - hosts: - - host: apitraffic.apilab.us - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: apitraffic-tls - hosts: - - apitraffic.apilab.us - service: - port: 8065 - extraVolumeMounts: - - name: events - mountPath: /opt/Axway/apigateway/events - - name: apitraffic-external-config - mountPath: /merge - - name: opentraffic - mountPath: /opt/Axway/apigateway/logs/opentraffic - - name: payloads - mountPath: /opt/Axway/apigateway/logs/payloads - - name: audit - mountPath: /opt/Axway/apigateway/logs/transaction - extraVolumes: - - persistentVolumeClaim: - claimName: events - name: events - - persistentVolumeClaim: - claimName: apitraffic-external-config - name: apitraffic-external-config - - persistentVolumeClaim: - claimName: payloads - name: payloads - - persistentVolumeClaim: - claimName: opentraffic - name: opentraffic - - persistentVolumeClaim: - claimName: audit - name: audit - extraEnvVars: - - name: EMT_HEALTHCHECK_PORT - value: "8065" - - name: EMT_HEALTHCHECK_PATH - value: /healthcheck - - name: GW_DIR - value: /opt/Axway/apigateway - - name: GW_TRACE_DIR - value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace - - name: EMT_TOPOLOGY_TTL - value: "10" - - name: APIGW_LOG_OPENTRAFFIC_OUTPUT - value: "file" - - name: EMT_DEPLOYMENT_ENABLED - value: "true" - - name: ENV_SECRET_EXAMPLE - valueFrom: - secretKeyRef: - name: apim-gateway-cassandra - key: username - - name: ACCEPT_GENERAL_CONDITIONS - value: "yes" - license: - license.lic: | - FIPS=1 - SalesForce Connector=1 - ServiceNow Connector=1 - analytics=1 - api_visual_mapper=1 - apiportal=1 - company=Axway - deployment_type=docker - expires=Sat, 30 Nov 2024 15:48:27 GMT - license_id=TEMP - mcafee=1 - name=Axway - sdkgenerator=1 - unrestricted=1 - version=7.7 - # SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9 - # SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba - # SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d - # SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4 - # SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089 - # SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d - # SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472 - # SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c - -apiportal: - enabled: true - replicaCount: 1 - image: - # an image reference is specified by registry/repository:tag, - # for instance registry=docker.io, repository=library/alpine, tag=3.15 - # if registry is left empty, global.defaultRegistry will be used - registry: docker.repository.axway.com/apiportal-docker-prod/7.7 - repository: "apiportal" - tag: "7.7.20240228-BN1285" - generalConditions: - accept: "yes" - serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - service: - type: ClusterIP - ports: - # target: - # port: 8443 - # https: - # port: 8443 - # protocol: TCP - http: - port: 8080 - protocol: TCP - force: - port: 8080 - protocol: TCP - # OpenShift configuration - route: - enabled: false - ingress: - enabled: true - className: "nginx" - annotations: - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/secure-backends: "true" - nginx.ingress.kubernetes.io/ingress.class: "nginx" - kubernetes.io/tls-acme: "true" - cert-manager.io/cluster-issuer: "letsencrypt-issuer" - hosts: - - host: portal.apilab.us - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: apiportal-tls - hosts: - - portal.apilab.us - apiManager: - configured: 1 - name: Main - host: "apimgr.apilab.us" - port: 443 - # database settings for API Portal, also check the instance settings in global section - mysql: - enabled: true - # if the credentials are already available in a secret, set existingSecret - existingSecret: - {} - # name: "mysql-credentials" - # keyMapping: - # password: password - # username: root - # else, set username and password, this will create a new secret - username: "root" - password: "password" - # if it doesn't exist, a database with this name will be created by the app - databaseName: "portal" - sslOn: 0 - sslVerifyCert: 0 - redis: - enabled: false - host: "" - port: 6379 - cacheTimeout: 600 - apache: - sslOn: 0 - extraEnvVars: [] - podSecurityContext: - runAsUser: 1048 - runAsGroup: 1048 - fsGroup: 1048 - securityContext: - allowPrivilegeEscalation: false - runAsNonRoot: true - -aga: - enabled: false - license: - license.lic: | - FIPS=1 - SalesForce Connector=1 - ServiceNow Connector=1 - analytics=1 - api_visual_mapper=1 - apiportal=1 - company=Axway - deployment_type=docker - expires=Sat, 30 Nov 2024 15:48:27 GMT - license_id=TEMP - mcafee=1 - name=Axway - sdkgenerator=1 - unrestricted=1 - version=7.7 - # SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9 - # SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba - # SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d - # SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4 - # SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089 - # SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d - # SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472 - # SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c - - replicaCount: 1 - image: - # an image reference is specified by registry/repository:tag, - # for instance registry=docker.io, repository=library/alpine, tag=3.15 - # if registry is left empty, global.defaultRegistry will be used - repository: "analytics" - tag: "7.7.0.20240228-1-BN0065-ubi9" - # Overrides the image tag whose default is the chart appVersion. - generalConditions: - accept: "yes" - serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - extraEnvVars: - - name: ACCEPT_GENERAL_CONDITIONS - value: "yes" - podAnnotations: {} - podSecurityContext: {} - securityContext: - allowPrivilegeEscalation: false - #NOTE readOnlyRootFilesystem should be left to false - # readOnlyRootFilesystem: false - runAsNonRoot: false - service: - type: ClusterIP - ports: - ui: - port: 8040 - protocol: TCP - ingress: - enabled: true - className: "nginx" - annotations: - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/secure-backends: "true" - nginx.ingress.kubernetes.io/ingress.class: "nginx" - kubernetes.io/tls-acme: "true" - cert-manager.io/cluster-issuer: "letsencrypt-issuer" - # kubernetes.io/i:ngress.class: nginx - kubernetes.io/tls-acme: "true" - hosts: - - host: analytics.apilab.us - paths: - - path: / - pathType: ImplementationSpecific - tls: - - secretName: analytics-tls - hosts: - - analytics.apilab.us - # OpenShift configuration - route: - enabled: false - # targetPort: "{{ .Values.aga.ports.ui.port }}" - ## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html - # tls: - # enabled: true - # termination: passthrough - # insecureEdgeTerminationPolicy: Redirect - # key: - # caCertificate: - # certificate: - # destinationCACertificate: - # ref: https://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # limits: - # memory: "2048Mi" - # cpu: "1000m" - # requests: - # memory: "1Gi" - # cpu: "250m" - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - #targetMemoryUtilizationPercentage: 80 - nodeSelector: {} - tolerations: [] - affinity: {} - livenessProbe: - httpGet: - httpHeaders: - - name: k8sprobe - value: liveness.apimgr - path: /healthcheck - port: 8040 - scheme: HTTPS - initialDelaySeconds: 40 - periodSeconds: 30 - failureThreshold: 5 - readinessProbe: - httpGet: - httpHeaders: - - name: k8sprobe - value: readiness.apimgr - path: /healthcheck - port: 8040 - scheme: HTTPS - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 6 diff --git a/pv-apim-audit.yaml b/pv-apim-audit.yaml index faaa60e..f34258d 100644 --- a/pv-apim-audit.yaml +++ b/pv-apim-audit.yaml @@ -7,7 +7,7 @@ spec: storage: 1Gi nfs: server: 192.168.0.105 - path: /nfs/NFS/ocp/apim-audit + path: /nfs/NFS/ocp/apim-audit-ocp storageClassName: nfs-csi accessModes: - ReadWriteMany diff --git a/pv-apim-events.yaml b/pv-apim-events.yaml index 34c67a8..5519e85 100644 --- a/pv-apim-events.yaml +++ b/pv-apim-events.yaml @@ -7,7 +7,7 @@ spec: storage: 1Gi nfs: server: 192.168.0.105 - path: /nfs/NFS/ocp/apim-events + path: /nfs/NFS/ocp/apim-events-ocp storageClassName: nfs-csi accessModes: - ReadWriteMany diff --git a/pv-apim-opentraffic.yaml b/pv-apim-opentraffic.yaml index 7b53c8b..7f75b60 100644 --- a/pv-apim-opentraffic.yaml +++ b/pv-apim-opentraffic.yaml @@ -7,7 +7,7 @@ spec: storage: 8Gi nfs: server: 192.168.0.105 - path: /nfs/NFS/ocp/apim-opentraffic + path: /nfs/NFS/ocp/apim-opentraffic-ocp storageClassName: nfs-csi accessModes: - ReadWriteOnce diff --git a/pv-apim-payloads.yaml b/pv-apim-payloads.yaml index a579060..02294b7 100644 --- a/pv-apim-payloads.yaml +++ b/pv-apim-payloads.yaml @@ -7,7 +7,7 @@ spec: storage: 16Gi nfs: server: 192.168.0.105 - path: /nfs/NFS/ocp/apim-payloads + path: /nfs/NFS/ocp/apim-payloads-ocp storageClassName: nfs-csi accessModes: - ReadWriteOnce diff --git a/redirect.yaml b/redirect.yaml deleted file mode 100644 index 1ec1e75..0000000 --- a/redirect.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - ingressClassName: nginx - nginx.ingress.kubernetes.io/rewrite-target: /api/portal/v1.4/sso/login/post - nginx.ingress.kubernetes.io/use-regex: "true" - name: rewrite - namespace: apim -spec: - rules: - - host: apimgr.apilab.us - http: - paths: - - backend: - service: - name: apim-gateway-apimgr - port: - number: 8075 - path: / - pathType: Prefix - - tls: - - hosts: - - apimgr.apilab.us - secretName: apimgr-tls diff --git a/templates/aga/aga-routes.yaml b/templates/aga/aga-routes.yaml index 81be78b..67b167f 100644 --- a/templates/aga/aga-routes.yaml +++ b/templates/aga/aga-routes.yaml @@ -6,6 +6,10 @@ metadata: labels: {{- include "gateway.labels" . | nindent 4 }} app.kubernetes.io/component: aga + annotations: + {{- with .Values.aga.route.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Values.global.domainName }} host: aga.{{ .Values.global.domainName }} diff --git a/templates/anm/anm-routes.yaml b/templates/anm/anm-routes.yaml index 336ef44..92a54bb 100644 --- a/templates/anm/anm-routes.yaml +++ b/templates/anm/anm-routes.yaml @@ -7,6 +7,10 @@ metadata: labels: {{- include "gateway.labels" . | nindent 4 }} app.kubernetes.io/component: anm + annotations: + {{- with .Values.anm.route.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Values.global.domainName }} host: anm.{{ .Values.global.domainName }} diff --git a/templates/apimgr/apimgr-routes.yaml b/templates/apimgr/apimgr-routes.yaml index 8a2ad9e..d84f095 100644 --- a/templates/apimgr/apimgr-routes.yaml +++ b/templates/apimgr/apimgr-routes.yaml @@ -6,6 +6,10 @@ metadata: labels: {{- include "gateway.labels" . | nindent 4 }} app.kubernetes.io/component: apimgr + annotations: + {{- with .Values.apimgr.route.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Values.global.domainName }} host: apimgr.{{ .Values.global.domainName }} diff --git a/templates/apiportal/apiportal-routes.yaml b/templates/apiportal/apiportal-routes.yaml index 836d1d6..0faf395 100644 --- a/templates/apiportal/apiportal-routes.yaml +++ b/templates/apiportal/apiportal-routes.yaml @@ -6,6 +6,10 @@ metadata: labels: {{- include "gateway.labels" . | nindent 4 }} app.kubernetes.io/component: apiportal + annotations: + {{- with .Values.apiportal.route.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: to: kind: Service diff --git a/templates/apitraffic/apitraffic-routes.yaml b/templates/apitraffic/apitraffic-routes.yaml index e71e718..76954d3 100644 --- a/templates/apitraffic/apitraffic-routes.yaml +++ b/templates/apitraffic/apitraffic-routes.yaml @@ -6,6 +6,10 @@ metadata: labels: {{- include "gateway.labels" . | nindent 4 }} app.kubernetes.io/component: apitraffic + annotations: + {{- with .Values.apitraffic.route.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Values.global.domainName }} host: apitraffic.{{ .Values.global.domainName }} diff --git a/templates/apitraffic/oauth-routes.yaml b/templates/apitraffic/oauth-routes.yaml index 59e1b72..233a601 100644 --- a/templates/apitraffic/oauth-routes.yaml +++ b/templates/apitraffic/oauth-routes.yaml @@ -6,6 +6,10 @@ metadata: labels: {{- include "gateway.labels" . | nindent 4 }} app.kubernetes.io/component: oauth + annotations: + {{- with .Values.apitraffic.oauth.route.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Values.global.domainName }} host: oauth.{{ .Values.global.domainName }} diff --git a/values-override.yaml b/values-override.yaml index 1f517c6..2665e1a 100644 --- a/values-override.yaml +++ b/values-override.yaml @@ -94,7 +94,7 @@ global: enabled: true hosts: - variable: CASS_HOST - hostname: cassandra.cassandra.svc.cluster.local + hostname: cassandra-dc1-service.cassandra4.svc.cluster.local username: cassandra password: cassandra keyspace: ks @@ -117,31 +117,38 @@ anm: runAsNonRoot: true route: enabled: true + host: apimgr.apilab.us annotations: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare - #ingress: - # enabled: true - # className: "nginx" - #annotations: - # nginx.ingress.kubernetes.io/backend-protocol: HTTPS - # nginx.ingress.kubernetes.io/ssl-passthrough: "true" - # nginx.ingress.kubernetes.io/ssl-redirect: "true" - # nginx.ingress.kubernetes.io/secure-backends: "true" - # nginx.ingress.kubernetes.io/ingress.class: "nginx" - # kubernetes.io/tls-acme: "true" - # cert-manager.io/cluster-issuer: "letsencrypt-issuer" - #hosts: - # - host: anm.apilab.us - # paths: - # - path: / - # pathType: ImplementationSpecific - #tls: - # - secretName: anm-tls - # hosts: - # - anm.apilab.us - #service: - # port: 8091 + kubernetes.io/tls-acme: "true" + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + key: + destinationCACertificate: | + -----BEGIN CERTIFICATE----- + MIIC0jCCAbqgAwIBAgIGAY4J1hijMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNVBAMM + DURlZmF1bHREb21haW4wIBcNMjQwMjI2MTQyMDEwWhgPMjEyNDAyMDkxNDIwMTBa + MBgxFjAUBgNVBAMMDURlZmF1bHREb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IB + DwAwggEKAoIBAQDCEooOITaf9yC63uqIABDpWcd4o17fVIqkb9u7DT4ZyJSWAaL8 + 8t+k866EtppNTLn/3tntoG+G6XZiNTZfyT6rLad/3GVpkX78P9eqwUS5CpKWbBFd + KzYV6YC4Zw44SG8aX0A98T7Hz5j67EDkvY0VY9TWBSTpiWZum+R5mpayCfnfEjSz + XQ6+Y+YVusbJk+EjJEENGkmnT5/pQHTnSAGH0aHkeY84OiW7ZwMqysEXlXvRWKHn + Ul5cEkugM7BQVJak/q+XbKWjWdczLWByA5DzXOvhu7TdynEA5f0rNOaYc8O5N3yr + U1K7rikQaVih+paJhM+XE5p0zZvUgYDTsEMbAgMBAAGjIDAeMA8GA1UdEwQIMAYB + Af8CAQAwCwYDVR0PBAQDAgK8MA0GCSqGSIb3DQEBCwUAA4IBAQDB0KvpqfCOil00 + 1qdx2RwZtc3ichIcClPlv51d4E9nEM3Q3VbC1h3Fdvz4PqELfhKC1vB5Z7bvZXXo + 0Jb/T3z608PnglEuCYJBD77JOQIwNAD4gWW8TmS/bWkemaPZRwTSONWVbdZ/KBZ6 + 3t7EB2UwyvT1XAGn1/EzN1xW8SN9tHqyt19R0/ZWt2KQ4Gdx+Ht0pbXYkuNw0oUz + gay9sGl0B1cipRabreApN/R7AuPxxvBx9YuXuMxYkLIRXyqZUmxXAzUdxi5ZfPaA + 7a1XW5OSfgFYwSJavp6gD4VxrD5DLqhqLz5yjlPBm6AiYNm2pqN1zciSGPaOcqAX + N4Ij70Th + -----END CERTIFICATE----- + caCertificate: + certificate: + service: + port: 8090 extraVolumeMounts: - name: anm-external-config mountPath: /merge @@ -191,28 +198,30 @@ apimgr: annotations: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare - #ingress: - # enabled: true - #className: "nginx" - #annotations: - # nginx.ingress.kubernetes.io/backend-protocol: HTTPS - # nginx.ingress.kubernetes.io/ssl-passthrough: "true" - # nginx.ingress.kubernetes.io/ssl-redirect: "true" - # nginx.ingress.kubernetes.io/secure-backends: "true" - # nginx.ingress.kubernetes.io/ingress.class: "nginx" - # kubernetes.io/tls-acme: "true" - # cert-manager.io/cluster-issuer: "letsencrypt-issuer" - #hosts: - # - host: apimgr.apilab.us - # paths: - # - path: / - # pathType: ImplementationSpecific - #tls: - # - secretName: apimgr-tls - # hosts: - # - apimgr.apilab.us - #service: - # port: 8075 + kubernetes.io/tls-acme: "true" + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + key: + certificate: + destinationCACertificate: | + -----BEGIN CERTIFICATE----- + MIICwzCCAasCBgE6HBsdpzANBgkqhkiG9w0BAQUFADAlMSMwIQYDVQQDExpDaGFu + Z2UgdGhpcyBmb3IgcHJvZHVjdGlvbjAeFw0xMjEwMDExMTMyMDBaFw0zNzEwMDEx + MTMyMDBaMCUxIzAhBgNVBAMTGkNoYW5nZSB0aGlzIGZvciBwcm9kdWN0aW9uMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2I2+GHcXXzwyjqMP6E4shjx + fpAfgqbCY/nF5oTq0SkcRKvsdJzuLbmufkqx1rQqxwF/aZnbZppcVtR4TAhExmo2 + NnV7WjSwdd+EynQJrkWlsuK1UQ3JHMo5iAAEQ11xoMBIsUwfg5HYKCELmjnWetwh + m5aUJ9Gq45v9kzeZki2oCoVe5LQfVVHEYssr+SfVrhi6+OffeefgCRse6vv5T4zl + h4xXKDNUsBxYYB3Vg97tDcdgpfx8BudpBx+1ITk9Dazu8eegXN5KdRqJGgM5LSRI + WjK+OumR1a2ReUcXlglWTVfsG43UUUby2bql3E3uc7XpxzQaPpt4aDqfOYMUxwID + AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAl+yHca9jCZ/zVgtITGWGKQiNb8UqFJE+Q + xmLt+j2lEWpG3Fd1M40faRrDujbk8WvG4Iz/NamlvvkbpbMSRY67lPpjsZOKlezT + TE2YQTtyuFT7QQTYHYPZWK4Dg8QisMI5vHnrzsPc9ZAHm+IZrxbuVXsZQoU7qyaM + dG27WWVa6vJ4nXjuMO6sOtl+UnEXpn3vCpNzkkbJW2LvFCs0Ymnx7Wet3inskOKg + //AGuv+m3rD/Byphd8Iblt3jSNDwMcG+Yhpi/Wd50iMFFkTnrkEmosvqWL5j6N7e + JZszgdL7Zz9ztASutzU4a0YFpv111NxpBdNpphOVED85IbRHxTjL + -----END CERTIFICATE----- extraVolumeMounts: - name: events mountPath: /opt/Axway/apigateway/events @@ -262,21 +271,21 @@ apimgr: apiportal=1 company=Axway deployment_type=docker - expires=Wed, 30 Apr 2025 16:21:51 GMT + expires=Wed, 31 Dec 2025 18:59:06 GMT license_id=TEMP mcafee=1 name=Axway sdkgenerator=1 unrestricted=1 version=7.7 - # SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233 - # SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548 - # SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69 - # SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6 - # SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd - # SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e - # SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8 - # SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6 + # SIGNATURE: e356dd65a0cd82e79f1a067dbdcddbd1f4fce555f5f8e8fd014e90f65a150850 + # SIGNATURE: a9c0bed3afe63798207753f95992e866762d2695bc0597fe16ebd49dadee2d31 + # SIGNATURE: 37852420fe99d73ab948753ddabfaf45fd2c4a9fb0ee11bd0f28fd275b8efd9c + # SIGNATURE: 84e57da2168781571972694ffe1d0a5394f41f64ef1a7a369cc43627d58e516d + # SIGNATURE: 75dc4d824cb5c1efd2d35d4ab41a2885e15da53eaccf38174934456d02a7dd92 + # SIGNATURE: 20a605222c908f45736192cd274c33a615426369909de31d572956cdaf8e897f + # SIGNATURE: c102bed009eb1fdd8aa9de2d0679072d95231c0c90e2f2e0dbaedcb4cd7962f6 + # SIGNATURE: 9fa95af055e9854d8a5aefd928b53498bdc8272efb32542daa26e9e59c2a2d09 apitraffic: image: repository: "gateway" @@ -296,7 +305,7 @@ apitraffic: minReplicas: 2 maxReplicas: 6 targetCPUUtilizationPercentage: 80 - replicaCount: 2 + replicaCount: 1 securityContext: runAsNonRoot: true oauth: @@ -309,48 +318,82 @@ apitraffic: annotations: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare - #ingress: - # enabled: true - #className: "nginx" - #annotations: - # nginx.ingress.kubernetes.io/backend-protocol: HTTPS - # nginx.ingress.kubernetes.io/ssl-passthrough: "true" - # nginx.ingress.kubernetes.io/ssl-redirect: "true" - # nginx.ingress.kubernetes.io/secure-backends: "true" - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # cert-manager.io/cluster-issuer: "letsencrypt-issuer" - #hosts: - # - host: oauth.apilab.us - # paths: - # - path: / - # pathType: ImplementationSpecific - #tls: - # - secretName: oauth-tls + kubernetes.io/tls-acme: "true" + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + key: + certificate: + destinationCACertificate: | + -----BEGIN CERTIFICATE----- + MIICwzCCAasCBgE6HBsdpzANBgkqhkiG9w0BAQUFADAlMSMwIQYDVQQDExpDaGFu + Z2UgdGhpcyBmb3IgcHJvZHVjdGlvbjAeFw0xMjEwMDExMTMyMDBaFw0zNzEwMDEx + MTMyMDBaMCUxIzAhBgNVBAMTGkNoYW5nZSB0aGlzIGZvciBwcm9kdWN0aW9uMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2I2+GHcXXzwyjqMP6E4shjx + fpAfgqbCY/nF5oTq0SkcRKvsdJzuLbmufkqx1rQqxwF/aZnbZppcVtR4TAhExmo2 + NnV7WjSwdd+EynQJrkWlsuK1UQ3JHMo5iAAEQ11xoMBIsUwfg5HYKCELmjnWetwh + m5aUJ9Gq45v9kzeZki2oCoVe5LQfVVHEYssr+SfVrhi6+OffeefgCRse6vv5T4zl + h4xXKDNUsBxYYB3Vg97tDcdgpfx8BudpBx+1ITk9Dazu8eegXN5KdRqJGgM5LSRI + WjK+OumR1a2ReUcXlglWTVfsG43UUUby2bql3E3uc7XpxzQaPpt4aDqfOYMUxwID + AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAl+yHca9jCZ/zVgtITGWGKQiNb8UqFJE+Q + xmLt+j2lEWpG3Fd1M40faRrDujbk8WvG4Iz/NamlvvkbpbMSRY67lPpjsZOKlezT + TE2YQTtyuFT7QQTYHYPZWK4Dg8QisMI5vHnrzsPc9ZAHm+IZrxbuVXsZQoU7qyaM + dG27WWVa6vJ4nXjuMO6sOtl+UnEXpn3vCpNzkkbJW2LvFCs0Ymnx7Wet3inskOKg + //AGuv+m3rD/Byphd8Iblt3jSNDwMcG+Yhpi/Wd50iMFFkTnrkEmosvqWL5j6N7e + JZszgdL7Zz9ztASutzU4a0YFpv111NxpBdNpphOVED85IbRHxTjL + -----END CERTIFICATE----- + route: + enabled: true + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare + kubernetes.io/tls-acme: "true" + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + key: + destinationCACertificate: | + -----BEGIN CERTIFICATE----- + MIICwzCCAasCBgE6HBsdpzANBgkqhkiG9w0BAQUFADAlMSMwIQYDVQQDExpDaGFu + Z2UgdGhpcyBmb3IgcHJvZHVjdGlvbjAeFw0xMjEwMDExMTMyMDBaFw0zNzEwMDEx + MTMyMDBaMCUxIzAhBgNVBAMTGkNoYW5nZSB0aGlzIGZvciBwcm9kdWN0aW9uMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2I2+GHcXXzwyjqMP6E4shjx + fpAfgqbCY/nF5oTq0SkcRKvsdJzuLbmufkqx1rQqxwF/aZnbZppcVtR4TAhExmo2 + NnV7WjSwdd+EynQJrkWlsuK1UQ3JHMo5iAAEQ11xoMBIsUwfg5HYKCELmjnWetwh + m5aUJ9Gq45v9kzeZki2oCoVe5LQfVVHEYssr+SfVrhi6+OffeefgCRse6vv5T4zl + h4xXKDNUsBxYYB3Vg97tDcdgpfx8BudpBx+1ITk9Dazu8eegXN5KdRqJGgM5LSRI + WjK+OumR1a2ReUcXlglWTVfsG43UUUby2bql3E3uc7XpxzQaPpt4aDqfOYMUxwID + AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAl+yHca9jCZ/zVgtITGWGKQiNb8UqFJE+Q + xmLt+j2lEWpG3Fd1M40faRrDujbk8WvG4Iz/NamlvvkbpbMSRY67lPpjsZOKlezT + TE2YQTtyuFT7QQTYHYPZWK4Dg8QisMI5vHnrzsPc9ZAHm+IZrxbuVXsZQoU7qyaM + dG27WWVa6vJ4nXjuMO6sOtl+UnEXpn3vCpNzkkbJW2LvFCs0Ymnx7Wet3inskOKg + //AGuv+m3rD/Byphd8Iblt3jSNDwMcG+Yhpi/Wd50iMFFkTnrkEmosvqWL5j6N7e + JZszgdL7Zz9ztASutzU4a0YFpv111NxpBdNpphOVED85IbRHxTjL + -----END CERTIFICATE----- + caCertificate: + certificate: + # ingress: + # enabled: false + # className: "openshift-default" + # annotations: + # nginx.ingress.kubernetes.io/backend-protocol: HTTPS + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/ingress.class: "nginx" + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: "letsencrypt-dns01-cloudflare" # hosts: - # - oauth.apilab.us - #ingress: - # enabled: true - #className: "nginx" - #annotations: - # nginx.ingress.kubernetes.io/backend-protocol: HTTPS - # nginx.ingress.kubernetes.io/ssl-passthrough: "true" - # nginx.ingress.kubernetes.io/ssl-redirect: "true" - # nginx.ingress.kubernetes.io/secure-backends: "true" - # nginx.ingress.kubernetes.io/ingress.class: "nginx" - # kubernetes.io/tls-acme: "true" - # cert-manager.io/cluster-issuer: "letsencrypt-issuer" - #hosts: - # - host: apitraffic.apilab.us - # paths: - # - path: / - # pathType: ImplementationSpecific - #tls: - # - secretName: apitraffic-tls - # hosts: - # - apitraffic.apilab.us - service: - port: 8065 + # - host: apitraffic.apilab.us + # paths: + # - path: / + # pathType: ImplementationSpecific + # tls: + # - secretName: apitraffic-tls + # hosts: + # - apitraffic.apilab.us + service: + port: 8065 extraVolumeMounts: - name: events mountPath: /opt/Axway/apigateway/events @@ -410,22 +453,21 @@ apitraffic: apiportal=1 company=Axway deployment_type=docker - expires=Wed, 30 Apr 2025 16:21:51 GMT + expires=Wed, 31 Dec 2025 18:59:06 GMT license_id=TEMP mcafee=1 name=Axway sdkgenerator=1 unrestricted=1 version=7.7 - # SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233 - # SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548 - # SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69 - # SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6 - # SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd - # SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e - # SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8 - # SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6 - + # SIGNATURE: e356dd65a0cd82e79f1a067dbdcddbd1f4fce555f5f8e8fd014e90f65a150850 + # SIGNATURE: a9c0bed3afe63798207753f95992e866762d2695bc0597fe16ebd49dadee2d31 + # SIGNATURE: 37852420fe99d73ab948753ddabfaf45fd2c4a9fb0ee11bd0f28fd275b8efd9c + # SIGNATURE: 84e57da2168781571972694ffe1d0a5394f41f64ef1a7a369cc43627d58e516d + # SIGNATURE: 75dc4d824cb5c1efd2d35d4ab41a2885e15da53eaccf38174934456d02a7dd92 + # SIGNATURE: 20a605222c908f45736192cd274c33a615426369909de31d572956cdaf8e897f + # SIGNATURE: c102bed009eb1fdd8aa9de2d0679072d95231c0c90e2f2e0dbaedcb4cd7962f6 + # SIGNATURE: 9fa95af055e9854d8a5aefd928b53498bdc8272efb32542daa26e9e59c2a2d09 apiportal: enabled: false replicaCount: 1 @@ -462,20 +504,20 @@ apiportal: protocol: TCP # OpenShift configuration route: - enabled: true + enabled: false annotations: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare #ingress: # enabled: true - # className: "nginx" + # className: "openshift-default" #annotations: # nginx.ingress.kubernetes.io/ssl-passthrough: "true" # nginx.ingress.kubernetes.io/ssl-redirect: "true" # nginx.ingress.kubernetes.io/secure-backends: "true" # nginx.ingress.kubernetes.io/ingress.class: "nginx" # kubernetes.io/tls-acme: "true" - # cert-manager.io/cluster-issuer: "letsencrypt-issuer" + # cert-manager.io/cluster-issuer: "letsencrypt-dns01-cloudflare" #hosts: # - host: portal.apilab.us # paths: @@ -534,22 +576,21 @@ aga: apiportal=1 company=Axway deployment_type=docker - expires=Wed, 30 Apr 2025 16:21:51 GMT + expires=Wed, 31 Dec 2025 18:59:06 GMT license_id=TEMP mcafee=1 name=Axway sdkgenerator=1 unrestricted=1 version=7.7 - # SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233 - # SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548 - # SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69 - # SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6 - # SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd - # SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e - # SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8 - # SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6 - + # SIGNATURE: e356dd65a0cd82e79f1a067dbdcddbd1f4fce555f5f8e8fd014e90f65a150850 + # SIGNATURE: a9c0bed3afe63798207753f95992e866762d2695bc0597fe16ebd49dadee2d31 + # SIGNATURE: 37852420fe99d73ab948753ddabfaf45fd2c4a9fb0ee11bd0f28fd275b8efd9c + # SIGNATURE: 84e57da2168781571972694ffe1d0a5394f41f64ef1a7a369cc43627d58e516d + # SIGNATURE: 75dc4d824cb5c1efd2d35d4ab41a2885e15da53eaccf38174934456d02a7dd92 + # SIGNATURE: 20a605222c908f45736192cd274c33a615426369909de31d572956cdaf8e897f + # SIGNATURE: c102bed009eb1fdd8aa9de2d0679072d95231c0c90e2f2e0dbaedcb4cd7962f6 + # SIGNATURE: 9fa95af055e9854d8a5aefd928b53498bdc8272efb32542daa26e9e59c2a2d09 replicaCount: 1 image: # an image reference is specified by registry/repository:tag, @@ -586,7 +627,7 @@ aga: protocol: TCP #ingress: # enabled: true - #className: "nginx" + #className: "openshift-default" #annotations: # nginx.ingress.kubernetes.io/backend-protocol: HTTPS #nginx.ingress.kubernetes.io/ssl-passthrough: "true" @@ -594,7 +635,7 @@ aga: #nginx.ingress.kubernetes.io/secure-backends: "true" #nginx.ingress.kubernetes.io/ingress.class: "nginx" #kubernetes.io/tls-acme: "true" - #cert-manager.io/cluster-issuer: "letsencrypt-issuer" + #cert-manager.io/cluster-issuer: "letsencrypt-dns01-cloudflare" # kubernetes.io/i:ngress.class: nginx #kubernetes.io/tls-acme: "true" #hosts: @@ -608,15 +649,15 @@ aga: # - analytics.apilab.us # OpenShift configuration route: - enabled: true + enabled: false annotations: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare - # targetPort: "{{ .Values.aga.ports.ui.port }}" - ## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html - # tls: - # enabled: true - # termination: passthrough + # targetPort: "{{ .Values.aga.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html + tls: + enabled: true + termination: edge # insecureEdgeTerminationPolicy: Redirect # key: # caCertificate: