cscott/apigateway-ocp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modifed templates to read notations for ocp routes

Browse Source 
Modified route annotations for anm, apimgr, apitraffic and oath for cert-manager in values-override.yaml
Removed ingress from values-override.yaml
Fixed manual pv yaml paths
This commit is contained in:
Conan Scott
2025-11-19 18:27:05 +08:00
parent 87db1a9aab
commit 0a203fc035
13 changed files with 196 additions and 804 deletions
Download Patch File Download Diff File Expand all files Collapse all files

647
!
View File

@@ -1,647 +0,0 @@
nameOverride: gateway
global:
domainName: apilab.us
defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7
imagePullPolicy: Always
imagePullSecrets:
- name: regcred
storage:
provisioningType: "dynamic"
storageClassName: "nfs"
volumes:
- name: events
enabled: true
usedBy:
- anm
- apimgr
- traffic
accessModes:
- ReadWriteMany
capacity: 1Gi
volumeName: apim-events
- name: payloads
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 16Gi
volumeName: apim-payloads
- name: audit
enabled: true
usedBy:
- anm
- apimgr
- traffic
accessModes:
- ReadWriteMany
capacity: 1Gi
volumeName: apim-audit
- name: anm-external-config
enabled: true
usedBy:
- anm
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: apimgr-external-config
enabled: true
usedBy:
- apimgr
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: apitraffic-external-config
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: aga-external-config
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: opentraffic
enabled: true
usedBy:
- traffic
- anm
- apimgr
accessModes:
- ReadWriteOnce
capacity: 8Gi
volumeName: apim-opentraffic
initContainers:
securityContext:
runAsNonRoot: false
database:
host: mysql.metrics.svc.cluster.local
metrics:
enabled: true
username: "root"
password: "password"
sslMode: "NONE"
url: jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}
cassandra:
enabled: true
hosts:
- variable: CASS_HOST
hostname: cassandra.cassandra.svc.cluster.local
username: cassandra
password: cassandra
keyspace: ks
tkeyspace: tks
anm:
image:
repository: "admin-nodemanager"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: anm.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: anm-tls
hosts:
- anm.apilab.us
service:
port: 8091
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
- name: audit
mountPath: /opt/Axway/apigateway/logs
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
- name: API_BUILDER_URL
value: "https://axway-elk-apim4elastic-apibuilder4elastic.apim4elastic:8443"
apimgr:
name: apimgr
image:
repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
groupId: Group1
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: apimgr.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: apimgr-tls
hosts:
- apimgr.apilab.us
service:
port: 8075
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
- name: apimgr-external-config
mountPath: /merge
- name: opentraffic
mountPath: /opt/Axway/apigateway/logs/opentraffic
- name: audit
mountPath: /opt/Axway/apigateway/logs/transaction
extraVolumes:
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: apimgr-external-config
name: apimgr-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Sat, 30 Nov 2024 15:48:27 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9
# SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba
# SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d
# SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4
# SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089
# SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d
# SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472
# SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c
apitraffic:
image:
repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
groupId: Group1
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 6
targetCPUUtilizationPercentage: 80
replicaCount: 4
securityContext:
runAsNonRoot: false
oauth:
enabled: true
type: ClusterIP
port: 8089
protocol: TCP
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: oauth.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: oauth-tls
hosts:
- oauth.apilab.us
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: apitraffic.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: apitraffic-tls
hosts:
- apitraffic.apilab.us
service:
port: 8065
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
- name: apitraffic-external-config
mountPath: /merge
- name: opentraffic
mountPath: /opt/Axway/apigateway/logs/opentraffic
- name: payloads
mountPath: /opt/Axway/apigateway/logs/payloads
- name: audit
mountPath: /opt/Axway/apigateway/logs/transaction
extraVolumes:
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: apitraffic-external-config
name: apitraffic-external-config
- persistentVolumeClaim:
claimName: payloads
name: payloads
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ENV_SECRET_EXAMPLE
valueFrom:
secretKeyRef:
name: apim-gateway-cassandra
key: username
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Sat, 30 Nov 2024 15:48:27 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9
# SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba
# SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d
# SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4
# SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089
# SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d
# SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472
# SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c
apiportal:
enabled: true
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: docker.repository.axway.com/apiportal-docker-prod/7.7
repository: "apiportal"
tag: "7.7.20240228-BN1285"
generalConditions:
accept: "yes"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
service:
type: ClusterIP
ports:
# target:
# port: 8443
# https:
# port: 8443
# protocol: TCP
http:
port: 8080
protocol: TCP
force:
port: 8080
protocol: TCP
# OpenShift configuration
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: portal.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: apiportal-tls
hosts:
- portal.apilab.us
apiManager:
configured: 1
name: Main
host: "apimgr.apilab.us"
port: 443
# database settings for API Portal, also check the instance settings in global section
mysql:
enabled: true
# if the credentials are already available in a secret, set existingSecret
existingSecret:
{}
# name: "mysql-credentials"
# keyMapping:
# password: password
# username: root
# else, set username and password, this will create a new secret
username: "root"
password: "password"
# if it doesn't exist, a database with this name will be created by the app
databaseName: "portal"
sslOn: 0
sslVerifyCert: 0
redis:
enabled: false
host: ""
port: 6379
cacheTimeout: 600
apache:
sslOn: 0
extraEnvVars: []
podSecurityContext:
runAsUser: 1048
runAsGroup: 1048
fsGroup: 1048
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
aga:
enabled: false
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Sat, 30 Nov 2024 15:48:27 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9
# SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba
# SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d
# SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4
# SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089
# SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d
# SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472
# SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
repository: "analytics"
tag: "7.7.0.20240228-1-BN0065-ubi9"
# Overrides the image tag whose default is the chart appVersion.
generalConditions:
accept: "yes"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
extraEnvVars:
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
podAnnotations: {}
podSecurityContext: {}
securityContext:
allowPrivilegeEscalation: false
#NOTE readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
runAsNonRoot: false
service:
type: ClusterIP
ports:
ui:
port: 8040
protocol: TCP
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
# kubernetes.io/i:ngress.class: nginx
kubernetes.io/tls-acme: "true"
hosts:
- host: analytics.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: analytics-tls
hosts:
- analytics.apilab.us
# OpenShift configuration
route:
enabled: false
# targetPort: "{{ .Values.aga.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html
# tls:
# enabled: true
# termination: passthrough
# insecureEdgeTerminationPolicy: Redirect
# key:
# caCertificate:
# certificate:
# destinationCACertificate:
# ref: https://kubernetes.io/docs/user-guide/compute-resources/
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
#targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6

2
pv-apim-audit.yaml
View File

@@ -7,7 +7,7 @@ spec:
storage: 1Gi
nfs:
server: 192.168.0.105
path: /nfs/NFS/ocp/apim-audit
path: /nfs/NFS/ocp/apim-audit-ocp
storageClassName: nfs-csi
accessModes:
- ReadWriteMany

2
pv-apim-events.yaml
View File

@@ -7,7 +7,7 @@ spec:
storage: 1Gi
nfs:
server: 192.168.0.105
path: /nfs/NFS/ocp/apim-events
path: /nfs/NFS/ocp/apim-events-ocp
storageClassName: nfs-csi
accessModes:
- ReadWriteMany

2
pv-apim-opentraffic.yaml
View File

@@ -7,7 +7,7 @@ spec:
storage: 8Gi
nfs:
server: 192.168.0.105
path: /nfs/NFS/ocp/apim-opentraffic
path: /nfs/NFS/ocp/apim-opentraffic-ocp
storageClassName: nfs-csi
accessModes:
- ReadWriteOnce

2
pv-apim-payloads.yaml
View File

@@ -7,7 +7,7 @@ spec:
storage: 16Gi
nfs:
server: 192.168.0.105
path: /nfs/NFS/ocp/apim-payloads
path: /nfs/NFS/ocp/apim-payloads-ocp
storageClassName: nfs-csi
accessModes:
- ReadWriteOnce

26
redirect.yaml
View File

@@ -1,26 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
ingressClassName: nginx
nginx.ingress.kubernetes.io/rewrite-target: /api/portal/v1.4/sso/login/post
nginx.ingress.kubernetes.io/use-regex: "true"
name: rewrite
namespace: apim
spec:
rules:
- host: apimgr.apilab.us
http:
paths:
- backend:
service:
name: apim-gateway-apimgr
port:
number: 8075
path: /
pathType: Prefix
tls:
- hosts:
- apimgr.apilab.us
secretName: apimgr-tls

4
templates/aga/aga-routes.yaml
View File

@@ -6,6 +6,10 @@ metadata:
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
annotations:
{{- with .Values.aga.route.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.global.domainName }}
host: aga.{{ .Values.global.domainName }}

4
templates/anm/anm-routes.yaml
View File

@@ -7,6 +7,10 @@ metadata:
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
annotations:
{{- with .Values.anm.route.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.global.domainName }}
host: anm.{{ .Values.global.domainName }}

4
templates/apimgr/apimgr-routes.yaml
View File

@@ -6,6 +6,10 @@ metadata:
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
annotations:
{{- with .Values.apimgr.route.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.global.domainName }}
host: apimgr.{{ .Values.global.domainName }}

4
templates/apiportal/apiportal-routes.yaml
View File

@@ -6,6 +6,10 @@ metadata:
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
annotations:
{{- with .Values.apiportal.route.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
to:
kind: Service

4
templates/apitraffic/apitraffic-routes.yaml
View File

@@ -6,6 +6,10 @@ metadata:
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
annotations:
{{- with .Values.apitraffic.route.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.global.domainName }}
host: apitraffic.{{ .Values.global.domainName }}

4
templates/apitraffic/oauth-routes.yaml
View File

@@ -6,6 +6,10 @@ metadata:
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: oauth
annotations:
{{- with .Values.apitraffic.oauth.route.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.global.domainName }}
host: oauth.{{ .Values.global.domainName }}

263
values-override.yaml
View File

@@ -94,7 +94,7 @@ global:
enabled: true
hosts:
- variable: CASS_HOST
hostname: cassandra.cassandra.svc.cluster.local
hostname: cassandra-dc1-service.cassandra4.svc.cluster.local
username: cassandra
password: cassandra
keyspace: ks
@@ -117,31 +117,38 @@ anm:
runAsNonRoot: true
route:
enabled: true
host: apimgr.apilab.us
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
# className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: anm.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: anm-tls
# hosts:
# - anm.apilab.us
#service:
# port: 8091
kubernetes.io/tls-acme: "true"
tls:
termination: reencrypt
insecureEdgeTerminationPolicy: Redirect
key:
destinationCACertificate: |
-----BEGIN CERTIFICATE-----
MIIC0jCCAbqgAwIBAgIGAY4J1hijMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNVBAMM
DURlZmF1bHREb21haW4wIBcNMjQwMjI2MTQyMDEwWhgPMjEyNDAyMDkxNDIwMTBa
MBgxFjAUBgNVBAMMDURlZmF1bHREb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCEooOITaf9yC63uqIABDpWcd4o17fVIqkb9u7DT4ZyJSWAaL8
8t+k866EtppNTLn/3tntoG+G6XZiNTZfyT6rLad/3GVpkX78P9eqwUS5CpKWbBFd
KzYV6YC4Zw44SG8aX0A98T7Hz5j67EDkvY0VY9TWBSTpiWZum+R5mpayCfnfEjSz
XQ6+Y+YVusbJk+EjJEENGkmnT5/pQHTnSAGH0aHkeY84OiW7ZwMqysEXlXvRWKHn
Ul5cEkugM7BQVJak/q+XbKWjWdczLWByA5DzXOvhu7TdynEA5f0rNOaYc8O5N3yr
U1K7rikQaVih+paJhM+XE5p0zZvUgYDTsEMbAgMBAAGjIDAeMA8GA1UdEwQIMAYB
Af8CAQAwCwYDVR0PBAQDAgK8MA0GCSqGSIb3DQEBCwUAA4IBAQDB0KvpqfCOil00
1qdx2RwZtc3ichIcClPlv51d4E9nEM3Q3VbC1h3Fdvz4PqELfhKC1vB5Z7bvZXXo
0Jb/T3z608PnglEuCYJBD77JOQIwNAD4gWW8TmS/bWkemaPZRwTSONWVbdZ/KBZ6
3t7EB2UwyvT1XAGn1/EzN1xW8SN9tHqyt19R0/ZWt2KQ4Gdx+Ht0pbXYkuNw0oUz
gay9sGl0B1cipRabreApN/R7AuPxxvBx9YuXuMxYkLIRXyqZUmxXAzUdxi5ZfPaA
7a1XW5OSfgFYwSJavp6gD4VxrD5DLqhqLz5yjlPBm6AiYNm2pqN1zciSGPaOcqAX
N4Ij70Th
-----END CERTIFICATE-----
caCertificate:
certificate:
service:
port: 8090
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
@@ -191,28 +198,30 @@ apimgr:
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
#className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: apimgr.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: apimgr-tls
# hosts:
# - apimgr.apilab.us
#service:
# port: 8075
kubernetes.io/tls-acme: "true"
tls:
termination: reencrypt
insecureEdgeTerminationPolicy: Redirect
key:
certificate:
destinationCACertificate: |
-----BEGIN CERTIFICATE-----
MIICwzCCAasCBgE6HBsdpzANBgkqhkiG9w0BAQUFADAlMSMwIQYDVQQDExpDaGFu
Z2UgdGhpcyBmb3IgcHJvZHVjdGlvbjAeFw0xMjEwMDExMTMyMDBaFw0zNzEwMDEx
MTMyMDBaMCUxIzAhBgNVBAMTGkNoYW5nZSB0aGlzIGZvciBwcm9kdWN0aW9uMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2I2+GHcXXzwyjqMP6E4shjx
fpAfgqbCY/nF5oTq0SkcRKvsdJzuLbmufkqx1rQqxwF/aZnbZppcVtR4TAhExmo2
NnV7WjSwdd+EynQJrkWlsuK1UQ3JHMo5iAAEQ11xoMBIsUwfg5HYKCELmjnWetwh
m5aUJ9Gq45v9kzeZki2oCoVe5LQfVVHEYssr+SfVrhi6+OffeefgCRse6vv5T4zl
h4xXKDNUsBxYYB3Vg97tDcdgpfx8BudpBx+1ITk9Dazu8eegXN5KdRqJGgM5LSRI
WjK+OumR1a2ReUcXlglWTVfsG43UUUby2bql3E3uc7XpxzQaPpt4aDqfOYMUxwID
AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAl+yHca9jCZ/zVgtITGWGKQiNb8UqFJE+Q
xmLt+j2lEWpG3Fd1M40faRrDujbk8WvG4Iz/NamlvvkbpbMSRY67lPpjsZOKlezT
TE2YQTtyuFT7QQTYHYPZWK4Dg8QisMI5vHnrzsPc9ZAHm+IZrxbuVXsZQoU7qyaM
dG27WWVa6vJ4nXjuMO6sOtl+UnEXpn3vCpNzkkbJW2LvFCs0Ymnx7Wet3inskOKg
//AGuv+m3rD/Byphd8Iblt3jSNDwMcG+Yhpi/Wd50iMFFkTnrkEmosvqWL5j6N7e
JZszgdL7Zz9ztASutzU4a0YFpv111NxpBdNpphOVED85IbRHxTjL
-----END CERTIFICATE-----
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
@@ -262,21 +271,21 @@ apimgr:
apiportal=1
company=Axway
deployment_type=docker
expires=Wed, 30 Apr 2025 16:21:51 GMT
expires=Wed, 31 Dec 2025 18:59:06 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233
# SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548
# SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69
# SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6
# SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd
# SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e
# SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8
# SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6
# SIGNATURE: e356dd65a0cd82e79f1a067dbdcddbd1f4fce555f5f8e8fd014e90f65a150850
# SIGNATURE: a9c0bed3afe63798207753f95992e866762d2695bc0597fe16ebd49dadee2d31
# SIGNATURE: 37852420fe99d73ab948753ddabfaf45fd2c4a9fb0ee11bd0f28fd275b8efd9c
# SIGNATURE: 84e57da2168781571972694ffe1d0a5394f41f64ef1a7a369cc43627d58e516d
# SIGNATURE: 75dc4d824cb5c1efd2d35d4ab41a2885e15da53eaccf38174934456d02a7dd92
# SIGNATURE: 20a605222c908f45736192cd274c33a615426369909de31d572956cdaf8e897f
# SIGNATURE: c102bed009eb1fdd8aa9de2d0679072d95231c0c90e2f2e0dbaedcb4cd7962f6
# SIGNATURE: 9fa95af055e9854d8a5aefd928b53498bdc8272efb32542daa26e9e59c2a2d09
apitraffic:
image:
repository: "gateway"
@@ -296,7 +305,7 @@ apitraffic:
minReplicas: 2
maxReplicas: 6
targetCPUUtilizationPercentage: 80
replicaCount: 2
replicaCount: 1
securityContext:
runAsNonRoot: true
oauth:
@@ -309,43 +318,77 @@ apitraffic:
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
#className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: oauth.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: oauth-tls
# hosts:
# - oauth.apilab.us
#ingress:
# enabled: true
#className: "nginx"
#annotations:
kubernetes.io/tls-acme: "true"
tls:
termination: reencrypt
insecureEdgeTerminationPolicy: Redirect
key:
certificate:
destinationCACertificate: |
-----BEGIN CERTIFICATE-----
MIICwzCCAasCBgE6HBsdpzANBgkqhkiG9w0BAQUFADAlMSMwIQYDVQQDExpDaGFu
Z2UgdGhpcyBmb3IgcHJvZHVjdGlvbjAeFw0xMjEwMDExMTMyMDBaFw0zNzEwMDEx
MTMyMDBaMCUxIzAhBgNVBAMTGkNoYW5nZSB0aGlzIGZvciBwcm9kdWN0aW9uMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2I2+GHcXXzwyjqMP6E4shjx
fpAfgqbCY/nF5oTq0SkcRKvsdJzuLbmufkqx1rQqxwF/aZnbZppcVtR4TAhExmo2
NnV7WjSwdd+EynQJrkWlsuK1UQ3JHMo5iAAEQ11xoMBIsUwfg5HYKCELmjnWetwh
m5aUJ9Gq45v9kzeZki2oCoVe5LQfVVHEYssr+SfVrhi6+OffeefgCRse6vv5T4zl
h4xXKDNUsBxYYB3Vg97tDcdgpfx8BudpBx+1ITk9Dazu8eegXN5KdRqJGgM5LSRI
WjK+OumR1a2ReUcXlglWTVfsG43UUUby2bql3E3uc7XpxzQaPpt4aDqfOYMUxwID
AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAl+yHca9jCZ/zVgtITGWGKQiNb8UqFJE+Q
xmLt+j2lEWpG3Fd1M40faRrDujbk8WvG4Iz/NamlvvkbpbMSRY67lPpjsZOKlezT
TE2YQTtyuFT7QQTYHYPZWK4Dg8QisMI5vHnrzsPc9ZAHm+IZrxbuVXsZQoU7qyaM
dG27WWVa6vJ4nXjuMO6sOtl+UnEXpn3vCpNzkkbJW2LvFCs0Ymnx7Wet3inskOKg
//AGuv+m3rD/Byphd8Iblt3jSNDwMcG+Yhpi/Wd50iMFFkTnrkEmosvqWL5j6N7e
JZszgdL7Zz9ztASutzU4a0YFpv111NxpBdNpphOVED85IbRHxTjL
-----END CERTIFICATE-----
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
kubernetes.io/tls-acme: "true"
tls:
termination: reencrypt
insecureEdgeTerminationPolicy: Redirect
key:
destinationCACertificate: |
-----BEGIN CERTIFICATE-----
MIICwzCCAasCBgE6HBsdpzANBgkqhkiG9w0BAQUFADAlMSMwIQYDVQQDExpDaGFu
Z2UgdGhpcyBmb3IgcHJvZHVjdGlvbjAeFw0xMjEwMDExMTMyMDBaFw0zNzEwMDEx
MTMyMDBaMCUxIzAhBgNVBAMTGkNoYW5nZSB0aGlzIGZvciBwcm9kdWN0aW9uMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2I2+GHcXXzwyjqMP6E4shjx
fpAfgqbCY/nF5oTq0SkcRKvsdJzuLbmufkqx1rQqxwF/aZnbZppcVtR4TAhExmo2
NnV7WjSwdd+EynQJrkWlsuK1UQ3JHMo5iAAEQ11xoMBIsUwfg5HYKCELmjnWetwh
m5aUJ9Gq45v9kzeZki2oCoVe5LQfVVHEYssr+SfVrhi6+OffeefgCRse6vv5T4zl
h4xXKDNUsBxYYB3Vg97tDcdgpfx8BudpBx+1ITk9Dazu8eegXN5KdRqJGgM5LSRI
WjK+OumR1a2ReUcXlglWTVfsG43UUUby2bql3E3uc7XpxzQaPpt4aDqfOYMUxwID
AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAl+yHca9jCZ/zVgtITGWGKQiNb8UqFJE+Q
xmLt+j2lEWpG3Fd1M40faRrDujbk8WvG4Iz/NamlvvkbpbMSRY67lPpjsZOKlezT
TE2YQTtyuFT7QQTYHYPZWK4Dg8QisMI5vHnrzsPc9ZAHm+IZrxbuVXsZQoU7qyaM
dG27WWVa6vJ4nXjuMO6sOtl+UnEXpn3vCpNzkkbJW2LvFCs0Ymnx7Wet3inskOKg
//AGuv+m3rD/Byphd8Iblt3jSNDwMcG+Yhpi/Wd50iMFFkTnrkEmosvqWL5j6N7e
JZszgdL7Zz9ztASutzU4a0YFpv111NxpBdNpphOVED85IbRHxTjL
-----END CERTIFICATE-----
caCertificate:
certificate:
# ingress:
# enabled: false
# className: "openshift-default"
# annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# cert-manager.io/cluster-issuer: "letsencrypt-dns01-cloudflare"
# hosts:
# - host: apitraffic.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# tls:
# - secretName: apitraffic-tls
# hosts:
# - apitraffic.apilab.us
@@ -410,22 +453,21 @@ apitraffic:
apiportal=1
company=Axway
deployment_type=docker
expires=Wed, 30 Apr 2025 16:21:51 GMT
expires=Wed, 31 Dec 2025 18:59:06 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233
# SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548
# SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69
# SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6
# SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd
# SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e
# SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8
# SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6
# SIGNATURE: e356dd65a0cd82e79f1a067dbdcddbd1f4fce555f5f8e8fd014e90f65a150850
# SIGNATURE: a9c0bed3afe63798207753f95992e866762d2695bc0597fe16ebd49dadee2d31
# SIGNATURE: 37852420fe99d73ab948753ddabfaf45fd2c4a9fb0ee11bd0f28fd275b8efd9c
# SIGNATURE: 84e57da2168781571972694ffe1d0a5394f41f64ef1a7a369cc43627d58e516d
# SIGNATURE: 75dc4d824cb5c1efd2d35d4ab41a2885e15da53eaccf38174934456d02a7dd92
# SIGNATURE: 20a605222c908f45736192cd274c33a615426369909de31d572956cdaf8e897f
# SIGNATURE: c102bed009eb1fdd8aa9de2d0679072d95231c0c90e2f2e0dbaedcb4cd7962f6
# SIGNATURE: 9fa95af055e9854d8a5aefd928b53498bdc8272efb32542daa26e9e59c2a2d09
apiportal:
enabled: false
replicaCount: 1
@@ -462,20 +504,20 @@ apiportal:
protocol: TCP
# OpenShift configuration
route:
enabled: true
enabled: false
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
# className: "nginx"
# className: "openshift-default"
#annotations:
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
# cert-manager.io/cluster-issuer: "letsencrypt-dns01-cloudflare"
#hosts:
# - host: portal.apilab.us
# paths:
@@ -534,22 +576,21 @@ aga:
apiportal=1
company=Axway
deployment_type=docker
expires=Wed, 30 Apr 2025 16:21:51 GMT
expires=Wed, 31 Dec 2025 18:59:06 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233
# SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548
# SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69
# SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6
# SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd
# SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e
# SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8
# SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6
# SIGNATURE: e356dd65a0cd82e79f1a067dbdcddbd1f4fce555f5f8e8fd014e90f65a150850
# SIGNATURE: a9c0bed3afe63798207753f95992e866762d2695bc0597fe16ebd49dadee2d31
# SIGNATURE: 37852420fe99d73ab948753ddabfaf45fd2c4a9fb0ee11bd0f28fd275b8efd9c
# SIGNATURE: 84e57da2168781571972694ffe1d0a5394f41f64ef1a7a369cc43627d58e516d
# SIGNATURE: 75dc4d824cb5c1efd2d35d4ab41a2885e15da53eaccf38174934456d02a7dd92
# SIGNATURE: 20a605222c908f45736192cd274c33a615426369909de31d572956cdaf8e897f
# SIGNATURE: c102bed009eb1fdd8aa9de2d0679072d95231c0c90e2f2e0dbaedcb4cd7962f6
# SIGNATURE: 9fa95af055e9854d8a5aefd928b53498bdc8272efb32542daa26e9e59c2a2d09
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
@@ -586,7 +627,7 @@ aga:
protocol: TCP
#ingress:
# enabled: true
#className: "nginx"
#className: "openshift-default"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
#nginx.ingress.kubernetes.io/ssl-passthrough: "true"
@@ -594,7 +635,7 @@ aga:
#nginx.ingress.kubernetes.io/secure-backends: "true"
#nginx.ingress.kubernetes.io/ingress.class: "nginx"
#kubernetes.io/tls-acme: "true"
#cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#cert-manager.io/cluster-issuer: "letsencrypt-dns01-cloudflare"
# kubernetes.io/i:ngress.class: nginx
#kubernetes.io/tls-acme: "true"
#hosts:
@@ -608,15 +649,15 @@ aga:
# - analytics.apilab.us
# OpenShift configuration
route:
enabled: true
enabled: false
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
# targetPort: "{{ .Values.aga.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html
# tls:
# enabled: true
# termination: passthrough
tls:
enabled: true
termination: edge
# insecureEdgeTerminationPolicy: Redirect
# key:
# caCertificate: