diff --git a/apigateway-helm-prod-apigateway-1.18.0.tgz b/apigateway-helm-prod-apigateway-1.18.0.tgz new file mode 100644 index 0000000..fa95668 Binary files /dev/null and b/apigateway-helm-prod-apigateway-1.18.0.tgz differ diff --git a/apigateway/Chart.lock b/apigateway/Chart.lock new file mode 100644 index 0000000..a03a65a --- /dev/null +++ b/apigateway/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: v7-traceability + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + version: 1.2.33 +- name: v7-discovery + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + version: 1.2.35 +digest: sha256:d915ca1c97e84d73df217e13ce6791c09046e174de59edb28146219b7902af36 +generated: "2025-10-13T15:23:00.877522205Z" diff --git a/apigateway/Chart.yaml b/apigateway/Chart.yaml new file mode 100644 index 0000000..f7be9b6 --- /dev/null +++ b/apigateway/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + charts.openshift.io/name: axway +apiVersion: v2 +appVersion: 7.7.0.20250830-3-BN0276-ubi9 +dependencies: +- alias: traceability-agent + condition: traceability-agent.enabled + name: v7-traceability + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + tags: + - agents + version: v1.2.33 +- alias: discovery-agent + condition: discovery-agent.enabled + name: v7-discovery + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + tags: + - agents + version: v1.2.35 +description: API Gateway Helm chart +kubeVersion: '>=1.22.0-0' +name: apigateway +type: application +version: 1.18.0 diff --git a/apigateway/README.md b/apigateway/README.md new file mode 100644 index 0000000..e3cf324 --- /dev/null +++ b/apigateway/README.md @@ -0,0 +1,7 @@ +# apigw-helm + +Helm chart for API Gateway + +## Documentation + +[https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/deployment_flows/axway_image_deployment/helm_deployment/index.html](https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/deployment_flows/axway_image_deployment/helm_deployment/index.html) diff --git a/apigateway/charts/v7-discovery/.helmignore b/apigateway/charts/v7-discovery/.helmignore new file mode 100644 index 0000000..f32cfa1 --- /dev/null +++ b/apigateway/charts/v7-discovery/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +jfrog.yml +.gitlab-ci.yml +polaris.json diff --git a/apigateway/charts/v7-discovery/Chart.yaml b/apigateway/charts/v7-discovery/Chart.yaml new file mode 100644 index 0000000..cc5630d --- /dev/null +++ b/apigateway/charts/v7-discovery/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.2.35 +description: V7 discovery agent +maintainers: +- name: axway/beano +name: v7-discovery +sources: +- https://git.ecd.axway.org/apigov/v7_discovery_agent +type: application +version: 1.2.35 diff --git a/apigateway/charts/v7-discovery/README.md b/apigateway/charts/v7-discovery/README.md new file mode 100644 index 0000000..3335637 --- /dev/null +++ b/apigateway/charts/v7-discovery/README.md @@ -0,0 +1,33 @@ + +## Prerequisites + +Before the chart can be installed make sure to have the secrets installed/available. + +i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files. + +discovery-creds can be applied by using the following format for the secret. +Make sure all the values are base64 encoded before applying it in the cluster. + +kubectl apply -f +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: discovery-creds +data: + APIMANAGER_AUTH_USERNAME: "" + APIMANAGER_AUTH_PASSWORD: "" + APIGATEWAY_AUTH_USERNAME: "" + APIGATEWAY_AUTH_PASSWORD: "" +``` + +kubectl apply -f +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: discovery-keys +data: + private_key: + public_key: +``` \ No newline at end of file diff --git a/apigateway/charts/v7-discovery/templates/NOTES.txt b/apigateway/charts/v7-discovery/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/apigateway/charts/v7-discovery/templates/_helpers.tpl b/apigateway/charts/v7-discovery/templates/_helpers.tpl new file mode 100644 index 0000000..82f355b --- /dev/null +++ b/apigateway/charts/v7-discovery/templates/_helpers.tpl @@ -0,0 +1,78 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "v7-discovery.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "v7-discovery.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "v7-discovery.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "v7-discovery.labels" -}} +helm.sh/chart: {{ include "v7-discovery.chart" . }} +{{ include "v7-discovery.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "v7-discovery.selectorLabels" -}} +app.kubernetes.io/name: {{ include "v7-discovery.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "v7-discovery.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "v7-discovery.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the image name +*/}} +{{- define "v7-discovery.imageName" -}} +{{- if .Values.image.fullPath }} +{{- .Values.image.fullPath }} +{{- else }} +{{- $tag := default .Chart.AppVersion .Values.image.tag -}} +{{- if .Values.image.registry }} +{{- printf "%s/%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.name $tag }} +{{- else }} +{{- printf "%s/%s:%s" .Values.image.repository .Values.image.name $tag }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-discovery/templates/deployment.yaml b/apigateway/charts/v7-discovery/templates/deployment.yaml new file mode 100644 index 0000000..5fa47b4 --- /dev/null +++ b/apigateway/charts/v7-discovery/templates/deployment.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "v7-discovery.fullname" . }} + labels: + {{- include "v7-discovery.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "v7-discovery.selectorLabels" . | nindent 6 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "v7-discovery.selectorLabels" . | nindent 8 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + spec: + {{- if .Values.image.pullSecret }} + imagePullSecrets: + - name: {{ .Values.image.pullSecret }} + {{- end }} + serviceAccountName: {{ include "v7-discovery.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ include "v7-discovery.imageName" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: probe-port + containerPort: {{ .Values.statusPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.livenessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.readinessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + env: + {{- with .Values.env }} + {{- range $key, $value := . }} + {{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + - name: APIMANAGER_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_USERNAME + - name: APIMANAGER_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_PASSWORD + volumeMounts: + - name: "discovery-keys-secrets" + mountPath: "/keys" + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: discovery-keys-secrets + secret: + secretName: {{ .Values.secrets.keys }} + items: + - key: private_key + path: private_key.pem + - key: public_key + path: public_key.pem + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/apigateway/charts/v7-discovery/templates/serviceaccount.yaml b/apigateway/charts/v7-discovery/templates/serviceaccount.yaml new file mode 100644 index 0000000..9b974c5 --- /dev/null +++ b/apigateway/charts/v7-discovery/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "v7-discovery.serviceAccountName" . }} + labels: + {{- include "v7-discovery.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/charts/v7-discovery/values.yaml b/apigateway/charts/v7-discovery/values.yaml new file mode 100644 index 0000000..c0dff90 --- /dev/null +++ b/apigateway/charts/v7-discovery/values.yaml @@ -0,0 +1,67 @@ +replicaCount: 1 +image: + # blank by default, set this to override all other properties that create the path + fullPath: "" + registry: docker.repository.axway.com + repository: ampc-docker-prod/1.2 + name: v7-discovery-agent + pullPolicy: IfNotPresent + pullSecret: + # Overrides the image tag whose default is the chart appVersion. + tag: "1.2.35" +nameOverride: "" +fullnameOverride: "" +# Health Check port +statusPort: 8989 +# Info on how to fetch the values for the env parameters can ve found in the below doc. +# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-discovery-agent-environment-variable-file +# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents +env: + LOG_LEVEL: info + APIMANAGER_PORT: "443" + # flip to true if API manager is using a self signed certificate + APIMANAGER_SSL_INSECURESKIPVERIFY: false +# The below secret are a pre-requisite. Please refer to the readme file for more info on it. +secrets: + credentials: "discovery-creds" + keys: "discovery-keys" +podAnnotations: +podSecurityContext: + supplementalGroups: [2500] + fsGroupChangePolicy: "OnRootMismatch" +securityContext: +tolerations: +affinity: +nodeSelector: {} +# Add additional labels to the agent deployment which may be required based on your configuration +additionalLabels: +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 diff --git a/apigateway/charts/v7-traceability/.helmignore b/apigateway/charts/v7-traceability/.helmignore new file mode 100644 index 0000000..f32cfa1 --- /dev/null +++ b/apigateway/charts/v7-traceability/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +jfrog.yml +.gitlab-ci.yml +polaris.json diff --git a/apigateway/charts/v7-traceability/Chart.yaml b/apigateway/charts/v7-traceability/Chart.yaml new file mode 100644 index 0000000..fe63085 --- /dev/null +++ b/apigateway/charts/v7-traceability/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.2.33 +description: V7 traceability agent +maintainers: +- name: axway/beano +name: v7-traceability +sources: +- https://git.ecd.axway.org/apigov/v7_traceability_agent +type: application +version: 1.2.33 diff --git a/apigateway/charts/v7-traceability/README.md b/apigateway/charts/v7-traceability/README.md new file mode 100644 index 0000000..ed2223f --- /dev/null +++ b/apigateway/charts/v7-traceability/README.md @@ -0,0 +1,42 @@ + +# Helm chart + +## Prerequisites + +Before the chart can be installed make sure to have the secrets installed/available. + +i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files. + +Required credentials can be applied by using the below format for the secret. +Make sure all the values are base64 encoded before applying it in the cluster. + +kubectl apply -f + +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: traceability-creds +type: Opaque +stringData: + APIMANAGER_AUTH_USERNAME: "" + APIMANAGER_AUTH_PASSWORD: "" + APIGATEWAY_AUTH_USERNAME: "" + APIGATEWAY_AUTH_PASSWORD: "" +``` + +kubectl apply -f + +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: traceability-keys +data: + private_key: + public_key: +``` + +## Limitations + +The traceability agent requires a 1 to 1 relationship of agent to events volume. Within your overrides it is important to specify a nodeSelector and/of affinity so the daemon set is deployed to exactly 1 node. By default the traceability agent will deploy to a node with a label named traceability-agent and value of "true". diff --git a/apigateway/charts/v7-traceability/templates/NOTES.txt b/apigateway/charts/v7-traceability/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/apigateway/charts/v7-traceability/templates/_helpers.tpl b/apigateway/charts/v7-traceability/templates/_helpers.tpl new file mode 100644 index 0000000..7206eb9 --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/_helpers.tpl @@ -0,0 +1,78 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "v7-traceability.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "v7-traceability.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "v7-traceability.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "v7-traceability.labels" -}} +helm.sh/chart: {{ include "v7-traceability.chart" . }} +{{ include "v7-traceability.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "v7-traceability.selectorLabels" -}} +app.kubernetes.io/name: {{ include "v7-traceability.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "v7-traceability.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "v7-traceability.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the image name +*/}} +{{- define "v7-traceability.imageName" -}} +{{- if .Values.image.fullPath }} +{{- .Values.image.fullPath }} +{{- else }} +{{- $tag := default .Chart.AppVersion .Values.image.tag -}} +{{- if .Values.image.registry }} +{{- printf "%s/%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.name $tag }} +{{- else }} +{{- printf "%s/%s:%s" .Values.image.repository .Values.image.name $tag }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-traceability/templates/daemonset.yaml b/apigateway/charts/v7-traceability/templates/daemonset.yaml new file mode 100644 index 0000000..cfff576 --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/daemonset.yaml @@ -0,0 +1,174 @@ +{{- if not .Values.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "v7-traceability.fullname" . }} + labels: + {{- include "v7-traceability.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "v7-traceability.selectorLabels" . | nindent 6 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "v7-traceability.selectorLabels" . | nindent 8 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + spec: + {{- if .Values.image.pullSecret }} + imagePullSecrets: + - name: {{ .Values.image.pullSecret }} + {{- end }} + {{- if .Values.initContainer.enabled }} + initContainers: + - name: init + image: "{{ .Values.initContainer.image.name }}" + imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} + securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }} + command: + - sh + - -c + - chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data; + volumeMounts: + - name: data + mountPath: /data + {{- end }} + serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ include "v7-traceability.imageName" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: probe-port + containerPort: {{ .Values.statusPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.livenessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.readinessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + env: + {{- with .Values.env }} + {{- range $key, $value := . }} + {{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- if not .Values.env.CENTRAL_USAGEREPORTING_OFFLINE }} + {{- if not .Values.env.APIGATEWAY_ONLY }} + - name: APIMANAGER_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_USERNAME + - name: APIMANAGER_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_PASSWORD + {{- end}} + {{- if and .Values.env.EVENT_LOG_INPUT .Values.env.APIGATEWAY_GETHEADERS }} + - name: APIGATEWAY_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIGATEWAY_AUTH_USERNAME + - name: APIGATEWAY_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIGATEWAY_AUTH_PASSWORD + {{- end}} + {{- end}} + volumeMounts: + {{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}} + - name: "traceability-keys-secrets" + mountPath: /keys + {{- end}} + - name: events + mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }} + - name: data + mountPath: /data + - name: logs + mountPath: /logs + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: events + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.events.name }} + - name: logs + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.logs.name }} + {{- if (.Values.dataVolume.useHostPath) }} + - name: data + hostPath: + path: {{ .Values.dataVolume.hostPath }} + type: DirectoryOrCreate + {{- else }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.data.name }} + {{- end }} + {{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}} + - name: traceability-keys-secrets + secret: + secretName: {{ .Values.secrets.keys }} + items: + - key: private_key + path: private_key.pem + - key: public_key + path: public_key.pem + {{- end}} + {{- if .Values.nodeSelector }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} + nodeSelector: + traceability-agent: "true" + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-traceability/templates/job.yaml b/apigateway/charts/v7-traceability/templates/job.yaml new file mode 100644 index 0000000..4b84b55 --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/job.yaml @@ -0,0 +1,91 @@ +{{- if not (.Values.dataVolume.useHostPath) }} +{{- if .Values.nodeSelector -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "v7-traceability.fullname" . }}-migrate-to-pvc + labels: + {{- include "v7-traceability.labels" . | nindent 4 }} +spec: + template: + metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-2" + "helm.sh/hook-delete-policy": "before-hook-creation" + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "v7-traceability.selectorLabels" . | nindent 8 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + spec: + restartPolicy: OnFailure + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.initContainer.enabled }} + initContainers: + {{- end }} + serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: migrate + image: "{{ .Values.initContainer.image.name }}" + imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} + securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }} + command: + - sh + - -c + - | + echo "checking if data should be migrated" + if test -f /data-old/meta.json; then + # if a meta.json file exists in the old directory then migrate the data + if test -d /data; then + # clean the destination directory before migration + echo "clean the destination directory before migration" + rm -r /data/* + fi + echo "migrating the data now" + mv /data-old/* /data/ + fi + volumeMounts: + - name: data + mountPath: /data + - name: data-old + mountPath: /data-old + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.data.name }} + - name: data-old + hostPath: + path: {{ .Values.dataVolume.hostPath }} + type: DirectoryOrCreate + {{- if .Values.nodeSelector }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} + nodeSelector: + traceability-agent: "true" + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-traceability/templates/pvc.yaml b/apigateway/charts/v7-traceability/templates/pvc.yaml new file mode 100644 index 0000000..67fa15d --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/pvc.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.persistentVolumeClaimConfig.logs.name }} + namespace: {{ .Release.Namespace }} +spec: + accessModes: + - ReadWriteOnce + storageClassName: {{ .Values.persistentVolumeClaimConfig.logs.storageClass }} + resources: + requests: + storage: 2Gi + +{{- if not (.Values.dataVolume.useHostPath) }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.persistentVolumeClaimConfig.data.name }} + namespace: {{ .Release.Namespace }} +spec: + accessModes: + - ReadWriteOnce + storageClassName: {{ .Values.persistentVolumeClaimConfig.data.storageClass }} + resources: + requests: + storage: 2Gi +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-traceability/templates/serviceaccount.yaml b/apigateway/charts/v7-traceability/templates/serviceaccount.yaml new file mode 100644 index 0000000..6a737b2 --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "v7-traceability.serviceAccountName" . }} + labels: + {{- include "v7-traceability.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/charts/v7-traceability/templates/statefulset.yaml b/apigateway/charts/v7-traceability/templates/statefulset.yaml new file mode 100644 index 0000000..7add04d --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/statefulset.yaml @@ -0,0 +1,164 @@ +{{- if .Values.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "v7-traceability.fullname" . }} + labels: + {{- include "v7-traceability.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "v7-traceability.selectorLabels" . | nindent 6 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + serviceName: {{ include "v7-traceability.fullname" . }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "v7-traceability.selectorLabels" . | nindent 8 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + spec: + {{- if .Values.image.pullSecret }} + imagePullSecrets: + - name: {{ .Values.image.pullSecret }} + {{- end }} + {{- if .Values.initContainer.enabled }} + initContainers: + - name: init + image: "{{ .Values.initContainer.image.name }}" + imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} + securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }} + command: + - sh + - -c + - chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data; + volumeMounts: + - name: data + mountPath: /data + {{- end }} + serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ include "v7-traceability.imageName" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: probe-port + containerPort: {{ .Values.statusPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.livenessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.readinessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + env: + {{- with .Values.env }} + {{- range $key, $value := . }} + {{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- if not .Values.env.CENTRAL_USAGEREPORTING_OFFLINE }} + {{- if not .Values.env.APIGATEWAY_ONLY }} + - name: APIMANAGER_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_USERNAME + - name: APIMANAGER_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_PASSWORD + {{- end}} + {{- if and .Values.env.EVENT_LOG_INPUT .Values.env.APIGATEWAY_GETHEADERS }} + - name: APIGATEWAY_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIGATEWAY_AUTH_USERNAME + - name: APIGATEWAY_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIGATEWAY_AUTH_PASSWORD + {{- end}} + {{- end}} + volumeMounts: + {{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}} + - name: "traceability-keys-secrets" + mountPath: /keys + {{- end}} + - name: events + mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }} + - name: data + mountPath: /data + - name: logs + mountPath: /logs + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: events + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.events.name }} + - name: logs + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.logs.name }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.data.name }} + {{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}} + - name: traceability-keys-secrets + secret: + secretName: {{ .Values.secrets.keys }} + items: + - key: private_key + path: private_key.pem + - key: public_key + path: public_key.pem + {{- end}} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-traceability/values.yaml b/apigateway/charts/v7-traceability/values.yaml new file mode 100644 index 0000000..d6cbc34 --- /dev/null +++ b/apigateway/charts/v7-traceability/values.yaml @@ -0,0 +1,113 @@ +image: + # blank by default, set this to override all other properties that create the path + fullPath: "" + registry: docker.repository.axway.com + repository: ampc-docker-prod/1.2 + name: v7-traceability-agent + pullPolicy: IfNotPresent + pullSecret: + # Overrides the image tag whose default is the chart appVersion. + tag: "1.2.33" +nameOverride: "" +fullnameOverride: "" +statefulSet: + enabled: false # setting to true uses a statefulset instead of the default deployment set +# Health Check port +statusPort: 8990 +# Info on how to fetch the values for the env parameters can ve found in the below doc. +# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-traceability-agent-environment-variable-file +# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents +env: + LOG_LEVEL: info + CENTRAL_DEPLOYMENT: "prod" + CENTRAL_USAGEREPORTING_OFFLINE: false + # EVENT_LOG_PATHS: "/opt/Axway/apigateway/events/axwaydemo_traffic-*.log" + EVENT_LOG_PATHS: "/events/*.log" + EVENT_LOG_INPUT: true + OPENTRAFFIC_LOG_INPUT: false + OPENTRAFFIC_LOG_PATHS: /events/*.log + TRACEABILITY_HOST: "ingestion.datasearch.axway.com:5044" + TRACEABILITY_PROTOCOL: "tcp" + TRACEABILITY_SAMPLING_PERCENTAGE: 1 + TRACEABILITY_SAMPLING_ONLYERRORS: false + APIMANAGER_PORT: "443" + # flip to true if API manager is using a self signed certificate + APIMANAGER_SSL_INSECURESKIPVERIFY: false + APIGATEWAY_ONLY: false + APIGATEWAY_PORT: "443" + APIGATEWAY_GETHEADERS: true + # flip to true if API gateway is using a self signed certificate + APIGATEWAY_SSL_INSECURESKIPVERIFY: false + APIGATEWAY_HEALTHCHECKPORT: 8090 + APIGATEWAY_HEALTHCHECKPROTOCOL: "https" + APIGATEWAY_HEALTHCHECKURI: login +# The below secrets are a pre-requisite. Please refer to the readme file for more info +secrets: + credentials: "traceability-creds" + keys: "traceability-keys" +podAnnotations: +initContainer: + enabled: true + image: + name: alpine + pullPolicy: IfNotPresent + securityContext: + runAsUser: 0 +podSecurityContext: + fsGroup: 2500 + supplementalGroups: [2500] + fsGroupChangePolicy: "OnRootMismatch" +securityContext: +tolerations: +affinity: +# specify the nodeSelector in overrides to change the default nodeSelector in the chart +# nodeSelector: {} + +# Add additional labels to the agent deployment which may be required based on your configuration +additionalLabels: +# Add selector labels for deployment purposes +selectorLabels: +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +dataVolume: + useHostPath: false + hostPath: /mnt/traceability-agent/data +persistentVolumeClaimConfig: + logs: + storageClass: gp2-csi + name: logs-claim + data: + # storage class to persist contents of data directory in the agent - should be available in the cluster i.e gp2, gp2-csi, default + storageClass: gp2-csi + name: data-claim + events: + name: events-claim + mountPath: /events +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 diff --git a/apigateway/samples/multigroup/apim-ext.yaml b/apigateway/samples/multigroup/apim-ext.yaml new file mode 100644 index 0000000..0a4518a --- /dev/null +++ b/apigateway/samples/multigroup/apim-ext.yaml @@ -0,0 +1,357 @@ +nameOverride: gateway +global: + domainName: example.com + defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 + imagePullPolicy: Always + imagePullSecrets: + - name: mycreds + initContainers: + image: "docker.io/busybox:1.34" + resources: + limits: + memory: "50Mi" + cpu: "50m" + requests: + memory: "5Mi" + cpu: "50m" + securityContext: + runAsNonRoot: false + database: + host: mysql.testmetrics.svc.cluster.local + metrics: + enabled: true + username: "root" + password: "password" + cassandra: + enabled: true + hosts: + - variable: CASS_HOST + hostname: cassandra.testcassandra.svc.cluster.local + username: cassandra + password: cassandra + keyspace: apigw + tkeyspace: apigwks + tests: + images: + curl: + tag: 7.83.1 + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 100m + memory: 50Mi + storage: + provisioningType: "dynamic" + storageClassName: "nfs-client" + volumes: + - name: events + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi +#This is set to false when the pv is created by the AAOI helm chart + - name: opentraffic + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: gw-external-config + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: aga-external-config + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: anm-external-config + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + +anm: + logs: + opentraffic: + output: "file" + enabled: false + hostname: "apim-int-gateway-anm.apim-internal.svc.cluster.local:8090" + image: + repository: "admin-nodemanager" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: anm.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - anm.ext.mydomain.com + #service: + # port: 8091 + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + - persistentVolumeClaim: + claimName: events + name: events + +apimgr: + logs: + opentraffic: + output: "file" + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + groupId: "SecondGroup" + resources: + limits: + memory: "2Gi" + cpu: 2 + requests: + memory: "0.5Gi" + cpu: 0.5 + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apimgr.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apimgr.ext.mydomain.com + service: + port: 8075 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +apitraffic: + logs: + opentraffic: + output: "file" + replicaCount: 1 + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 20 + #targetMemoryUtilizationPercentage: 30 + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + groupId: "SecondGroup" + resources: + limits: + memory: "3Gi" + cpu: 3 + requests: + memory: "2Gi" + cpu: 2 + securityContext: + runAsNonRoot: false + oauth: + route: + enabled: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apitraffic.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apitraffic.ext.mydomain.com + service: + port: 8065 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +aga: + securityContext: + runAsNonRoot: false + enabled: false + route: + enabled: false + image: + repository: "analytics" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: aga.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - aga.ext.mydomain.com + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + extraVolumeMounts: + - name: aga-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: aga-external-config + name: aga-external-config + - persistentVolumeClaim: + claimName: events + name: events + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add diff --git a/apigateway/samples/multigroup/apim-int.yaml b/apigateway/samples/multigroup/apim-int.yaml new file mode 100644 index 0000000..b9afecb --- /dev/null +++ b/apigateway/samples/multigroup/apim-int.yaml @@ -0,0 +1,357 @@ +nameOverride: gateway +global: + domainName: example.com + defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 + imagePullPolicy: Always + imagePullSecrets: + - name: mycreds + initContainers: + image: "docker.io/busybox:1.34" + resources: + limits: + memory: "50Mi" + cpu: "50m" + requests: + memory: "5Mi" + cpu: "50m" + securityContext: + runAsNonRoot: false + database: + host: mysql.testmetrics.svc.cluster.local + metrics: + enabled: true + username: "root" + password: "password" + cassandra: + enabled: true + hosts: + - variable: CASS_HOST + hostname: cassandra.testcassandra.svc.cluster.local + username: cassandra + password: cassandra + keyspace: apigw + tkeyspace: apigwks + tests: + images: + curl: + tag: 7.83.1 + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 100m + memory: 50Mi + storage: + provisioningType: "dynamic" + storageClassName: "nfs-client" + volumes: + - name: events + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi +#This is set to false when the pv is created by the AAOI helm chart + - name: opentraffic + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: gw-external-config + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: aga-external-config + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: anm-external-config + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi + +anm: + logs: + opentraffic: + output: "file" + hostname: "apim-int-gateway-anm:8090" + enabled: true + image: + repository: "admin-nodemanager" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: anm.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - anm.int.mydomain.com + #service: + # port: 8091 + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + - persistentVolumeClaim: + claimName: events + name: events + +apimgr: + logs: + opentraffic: + output: "file" + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" +# groupId: "Demo-Group" + resources: + limits: + memory: "2Gi" + cpu: 2 + requests: + memory: "0.5Gi" + cpu: 0.5 + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apimgr.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apimgr.int.mydomain.com + service: + port: 8075 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +apitraffic: + logs: + opentraffic: + output: "file" + replicaCount: 1 + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 20 + #targetMemoryUtilizationPercentage: 30 + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" +# groupId: "Demo-Group" + resources: + limits: + memory: "3Gi" + cpu: 3 + requests: + memory: "2Gi" + cpu: 2 + securityContext: + runAsNonRoot: false + oauth: + route: + enabled: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apitraffic.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apitraffic.int.mydomain.com + service: + port: 8065 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +aga: + securityContext: + runAsNonRoot: false + enabled: false + route: + enabled: false + image: + repository: "analytics" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: aga.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - aga.int.mydomain.com + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + extraVolumeMounts: + - name: aga-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: aga-external-config + name: aga-external-config + - persistentVolumeClaim: + claimName: events + name: events + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add diff --git a/apigateway/templates/NOTES.txt b/apigateway/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/apigateway/templates/_gateway_helpers.tpl b/apigateway/templates/_gateway_helpers.tpl new file mode 100644 index 0000000..89ca6c6 --- /dev/null +++ b/apigateway/templates/_gateway_helpers.tpl @@ -0,0 +1,50 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create the name of the service account to use +*/}} +{{- define "gateway.apitraffic.serviceAccountName" -}} +{{- if .Values.apitraffic.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apitraffic.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.anm.serviceAccountName" -}} +{{- if .Values.anm.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.anm.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.apimgr.serviceAccountName" -}} +{{- if .Values.apimgr.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apimgr.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.aga.serviceAccountName" -}} +{{- if .Values.aga.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.aga.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Secret name for metrics db credentials, either the existing one or the one created by this chart +*/}} +{{- define "gateway.metrics-db.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }} +{{- end }} + +{{/* +Secret name for domain key passphrase +*/}} +{{- define "gateway.domainkeypassphrase.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "domainkeypassphrase") .Values.global.domainkeypassphrase.name }} +{{- end }} + diff --git a/apigateway/templates/_helpers.tpl b/apigateway/templates/_helpers.tpl new file mode 100644 index 0000000..1854fa1 --- /dev/null +++ b/apigateway/templates/_helpers.tpl @@ -0,0 +1,141 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "gateway.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gateway.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gateway.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gateway.labels" -}} +helm.sh/chart: {{ include "gateway.chart" . }} +{{ include "gateway.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gateway.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gateway.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gateway.apitraffic.serviceAccountName" -}} +{{- if .Values.apitraffic.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apitraffic.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.anm.serviceAccountName" -}} +{{- if .Values.anm.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.anm.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.apimgr.serviceAccountName" -}} +{{- if .Values.apimgr.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apimgr.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.aga.serviceAccountName" -}} +{{- if .Values.aga.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.aga.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.tests.serviceAccountName" -}} +{{- if .Values.global.tests.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "tests") .Values.global.tests.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.global.tests.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Secret name for metrics db credentials, either the existing one or the one created by this chart +*/}} +{{- define "gateway.metrics-db.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }} +{{- end }} + +{{/* +Secret name for cassandra password, either the existing one or the one created by this chart +*/}} +{{- define "gateway.cassandra.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "cassandra") .Values.global.cassandra.existingSecret.name }} +{{- end }} +{{/* + +Filters the API GW related volumes from the global section +Usage (example with traffic, can also be anm, aga, apimgr, portal): +{{ include "gateway.volumeMounts" (dict "component" "traffic" "storage" .Values.global.storage) }} +*/}} +{{- define "gateway.volumeMounts" -}} + {{- $component := .component }} + {{- $volumeMounts := list }} + {{- range .storage.volumes }} + {{- if and (or (empty $component) (has $component .usedBy)) .enabled }} + {{- $mountPath := .mountPath | default .mountPoint | default (printf "/opt/Axway/apigateway/%s" .name) }} + {{- $volumeMounts = append $volumeMounts (dict "name" .name "mountPath" $mountPath) }} + {{- end }} + {{- end }} + {{- toYaml $volumeMounts }} +{{- end }} + +{{/* +Usage (example with traffic, can also be anm, aga, apimgr, portal): +{{ include "gateway.volumes" (dict "component" "traffic" "storage" .Values.global.storage) }} +*/}} +{{- define "gateway.volumes" -}} + {{- $component := .component }} + {{- $volumes := list }} + {{- range .storage.volumes }} + {{- if and (or (empty $component) (has $component .usedBy)) .enabled }} + {{- $volumes = append $volumes (dict "name" .name "persistentVolumeClaim" (dict "claimName" (coalesce .claimName .name))) }} + {{- end }} + {{- end }} + {{- toYaml $volumes }} +{{- end }} diff --git a/apigateway/templates/_portal_helpers.tpl b/apigateway/templates/_portal_helpers.tpl new file mode 100644 index 0000000..fdeb99c --- /dev/null +++ b/apigateway/templates/_portal_helpers.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create the name of the service account to use +*/}} +{{- define "gateway.apiportal.serviceAccountName" -}} +{{- if .Values.apiportal.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal") .Values.aga.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apiportal.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Secret name for mysql db credentials, either the existing one or the one created by this chart +*/}} +{{- define "gateway.apiportal.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal-db") .Values.apiportal.mysql.existingSecret.name }} +{{- end }} diff --git a/apigateway/templates/aga/aga-configmap.yaml b/apigateway/templates/aga/aga-configmap.yaml new file mode 100644 index 0000000..827ebfa --- /dev/null +++ b/apigateway/templates/aga/aga-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.aga.enabled .Values.aga.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-aga-license-config +data: +{{- range $path, $config := .Values.aga.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/apigateway/templates/aga/aga-deployment.yaml b/apigateway/templates/aga/aga-deployment.yaml new file mode 100644 index 0000000..980ee33 --- /dev/null +++ b/apigateway/templates/aga/aga-deployment.yaml @@ -0,0 +1,122 @@ +{{- if .Values.aga.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + {{- if not .Values.aga.autoscaling.enabled }} + replicas: {{ .Values.aga.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.aga.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.aga.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: aga + {{- with .Values.aga.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.aga.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: aga + {{- with .Values.aga.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.aga.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.aga.podSecurityContext | nindent 8 }} + {{- if .Values.aga.extraInitContainers }} + initContainers: + {{ toYaml (.Values.aga.extraInitContainers) | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.aga.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.aga.image.registry }}/{{ .Values.aga.image.repository }}:{{ .Values.aga.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.aga.service.ports.ui.port }} + protocol: {{ .Values.aga.service.ports.ui.protocol }} + {{- with .Values.aga.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.aga.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.aga.resources | nindent 12 }} + env: + {{- with .Values.aga.extraEnvVars }} + {{ toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + {{- if .Values.aga.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.aga.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.aga.extraVolumeMounts }} + volumeMounts: + {{- toYaml ( .Values.aga.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.aga.license }} + - name: license + mountPath: "/opt/Axway/analytics/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} + {{- if .Values.aga.extraVolumes }} + volumes: + {{- if .Values.aga.license }} + - name: license + configMap: + name: {{ .Release.Name }}-aga-license-config + {{- end }} +{{ toYaml ( .Values.aga.extraVolumes ) | indent 8 }} + {{- end }} + {{- with .Values.aga.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.aga.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.aga.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/aga/aga-hpa.yaml b/apigateway/templates/aga/aga-hpa.yaml new file mode 100644 index 0000000..7a3bccb --- /dev/null +++ b/apigateway/templates/aga/aga-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.aga.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-aga" + minReplicas: {{ .Values.aga.autoscaling.minReplicas }} + maxReplicas: {{ .Values.aga.autoscaling.maxReplicas }} + metrics: + {{- if .Values.aga.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.aga.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.aga.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.aga.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/aga/aga-ingress.yaml b/apigateway/templates/aga/aga-ingress.yaml new file mode 100644 index 0000000..63e3135 --- /dev/null +++ b/apigateway/templates/aga/aga-ingress.yaml @@ -0,0 +1,97 @@ +{{- if .Values.aga.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.aga.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-aga + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.aga.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.aga.ingress.className }} + ingressClassName: {{ .Values.aga.ingress.className }} + {{- end }} + {{- if .Values.aga.ingress.tls }} + tls: + {{- range .Values.aga.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.aga.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-aga + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} + +--- + +{{- if .Values.aga.extraIngress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.aga.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-aga-extra + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.aga.extraIngress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.aga.extraIngress.className }} + ingressClassName: {{ .Values.aga.extraIngress.className }} + {{- end }} + {{- if .Values.aga.extraIngress.tls }} + tls: + {{- range .Values.aga.extraIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.aga.extraIngress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-aga + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/aga/aga-routes.yaml b/apigateway/templates/aga/aga-routes.yaml new file mode 100644 index 0000000..81be78b --- /dev/null +++ b/apigateway/templates/aga/aga-routes.yaml @@ -0,0 +1,40 @@ +{{- if and .Values.aga.enabled .Values.aga.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + {{- if .Values.global.domainName }} + host: aga.{{ .Values.global.domainName }} + {{- end }} + port: + targetPort: {{ tpl .Values.aga.route.targetPort . }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-aga" +{{- if .Values.aga.route.tls.enabled }} + tls: + termination: {{ .Values.aga.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.aga.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.aga.route.tls.key }} + key: |- + {{- .Values.aga.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.aga.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.aga.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.aga.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.aga.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.aga.route.tls.certificate }} + certificate: |- + {{- .Values.aga.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/apigateway/templates/aga/aga-service.yaml b/apigateway/templates/aga/aga-service.yaml new file mode 100644 index 0000000..6dfea75 --- /dev/null +++ b/apigateway/templates/aga/aga-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.aga.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + type: {{ .Values.aga.service.type }} + ports: + - port: {{ .Values.aga.service.ports.ui.port }} + targetPort: {{ .Values.aga.service.ports.ui.port }} + protocol: {{ .Values.aga.service.ports.ui.protocol }} + name: apianalyticsui + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: aga +{{- end }} diff --git a/apigateway/templates/aga/aga-serviceaccount.yaml b/apigateway/templates/aga/aga-serviceaccount.yaml new file mode 100644 index 0000000..c98a8fc --- /dev/null +++ b/apigateway/templates/aga/aga-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.aga.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.aga.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga + {{- with .Values.aga.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/anm/anm-configmap.yaml b/apigateway/templates/anm/anm-configmap.yaml new file mode 100644 index 0000000..525db8b --- /dev/null +++ b/apigateway/templates/anm/anm-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.anm.enabled .Values.anm.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-anm-license-config +data: +{{- range $path, $config := .Values.anm.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/apigateway/templates/anm/anm-deployment.yaml b/apigateway/templates/anm/anm-deployment.yaml new file mode 100644 index 0000000..f00a7b4 --- /dev/null +++ b/apigateway/templates/anm/anm-deployment.yaml @@ -0,0 +1,162 @@ +{{- if .Values.anm.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + {{- if not .Values.anm.autoscaling.enabled }} + replicas: {{ .Values.anm.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.anm.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.anm.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: anm + {{- with .Values.anm.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.anm.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: anm + {{- with .Values.anm.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.anm.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.anm.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.anm.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.anm.image.registry }}/{{ .Values.anm.image.repository }}:{{ .Values.anm.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.anm.service.ports.traffic.port }} + protocol: {{ .Values.anm.service.ports.traffic.protocol }} + - containerPort: {{ .Values.anm.service.ports.ui.port }} + protocol: {{ .Values.anm.service.ports.ui.protocol }} + {{- with .Values.anm.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.anm.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.anm.resources | nindent 12 }} + env: + {{- with .Values.anm.extraEnvVars }} + {{ toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.anm.FIPS.enabled }} + - name: EMT_FIPS_MODE + value: {{ .Values.anm.FIPS.enabled | quote }} + {{- end }} + {{- if .Values.anm.jvmHeapSize }} + - name: EMT_HEAP_SIZE_MB + value: {{ .Values.anm.jvmHeapSize | quote }} + {{- end }} + {{- if .Values.anm.logs.trace.level }} + - name: EMT_TRACE_LEVEL + value: {{ .Values.anm.logs.trace.level | quote }} + {{- end }} + {{- if .Values.anm.logs.trace.disk }} + - name: APIGW_LOG_TRACE_TO_FILE + value: {{ .Values.anm.logs.trace.disk | quote }} + {{- end }} + - name: APIGW_LOG_TRACE_JSON_TO_STDOUT + value: {{ default .Values.anm.logs.trace.stdoutJSON false | quote }} + {{- if .Values.global.domainkeypassphrase }} + - name: DOMAIN_KEY_PASSPHRASE + valueFrom: + secretKeyRef: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + key: passphrase + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + {{- if .Values.anm.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.anm.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.anm.extraVolumeMounts }} + volumeMounts: + {{- if .Values.anm.license }} + - name: license + mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} + {{- toYaml ( .Values.anm.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.anm.extraVolumes }} + volumes: + {{- if .Values.anm.license }} + - name: license + configMap: + name: {{ .Release.Name }}-anm-license-config + {{- end }} +{{ toYaml ( .Values.anm.extraVolumes ) | indent 8 }} + {{- end }} + initContainers: + {{- if .Values.global.database.metrics.enabled }} + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: ['sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;'] + {{- with .Values.global.initContainers.resources }} + resources: + {{ toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.anm.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.anm.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.anm.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.anm.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/anm/anm-hpa.yaml b/apigateway/templates/anm/anm-hpa.yaml new file mode 100644 index 0000000..057158c --- /dev/null +++ b/apigateway/templates/anm/anm-hpa.yaml @@ -0,0 +1,35 @@ +{{- if .Values.anm.enabled }} +{{- if .Values.anm.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-anm" + minReplicas: {{ .Values.anm.autoscaling.minReplicas }} + maxReplicas: {{ .Values.anm.autoscaling.maxReplicas }} + metrics: + {{- if .Values.anm.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.anm.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.anm.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.anm.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} +{{- end }} diff --git a/apigateway/templates/anm/anm-ingress.yaml b/apigateway/templates/anm/anm-ingress.yaml new file mode 100644 index 0000000..2e06e9c --- /dev/null +++ b/apigateway/templates/anm/anm-ingress.yaml @@ -0,0 +1,97 @@ +{{- if .Values.anm.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.anm.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-anm + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.anm.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.anm.ingress.className }} + ingressClassName: {{ .Values.anm.ingress.className }} + {{- end }} + {{- if .Values.anm.ingress.tls }} + tls: + {{- range .Values.anm.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.anm.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-anm + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} + +--- + +{{- if .Values.anm.extraIngress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.anm.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-anm-extra + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.anm.extraIngress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.anm.extraIngress.className }} + ingressClassName: {{ .Values.anm.extraIngress.className }} + {{- end }} + {{- if .Values.anm.extraIngress.tls }} + tls: + {{- range .Values.anm.extraIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.anm.extraIngress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-anm + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/anm/anm-routes.yaml b/apigateway/templates/anm/anm-routes.yaml new file mode 100644 index 0000000..336ef44 --- /dev/null +++ b/apigateway/templates/anm/anm-routes.yaml @@ -0,0 +1,42 @@ +{{- if .Values.anm.enabled }} +{{- if .Values.anm.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + {{- if .Values.global.domainName }} + host: anm.{{ .Values.global.domainName }} + {{- end }} + port: + targetPort: {{ tpl .Values.anm.route.targetPort . }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-anm" +{{- if .Values.anm.route.tls.enabled }} + tls: + termination: {{ .Values.anm.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.anm.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.anm.route.tls.key }} + key: |- + {{- .Values.anm.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.anm.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.anm.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.anm.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.anm.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.anm.route.tls.certificate }} + certificate: |- + {{- .Values.anm.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} +{{- end }} diff --git a/apigateway/templates/anm/anm-service.yaml b/apigateway/templates/anm/anm-service.yaml new file mode 100644 index 0000000..6d1bd18 --- /dev/null +++ b/apigateway/templates/anm/anm-service.yaml @@ -0,0 +1,23 @@ +{{- if .Values.anm.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + type: {{ .Values.anm.service.type }} + ports: + - port: {{ .Values.anm.service.ports.traffic.port }} + targetPort: {{ .Values.anm.service.ports.traffic.port }} + protocol: {{ .Values.anm.service.ports.traffic.protocol }} + name: gatewaymanager + - port: {{ .Values.anm.service.ports.ui.port }} + targetPort: {{ .Values.anm.service.ports.ui.port }} + protocol: {{ .Values.anm.service.ports.ui.protocol }} + name: gatewaymanagerui + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: anm +{{- end }} diff --git a/apigateway/templates/anm/anm-serviceaccount.yaml b/apigateway/templates/anm/anm-serviceaccount.yaml new file mode 100644 index 0000000..c45a485 --- /dev/null +++ b/apigateway/templates/anm/anm-serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.anm.enabled }} +{{- if .Values.anm.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ include "gateway.anm.serviceAccountName" . }}" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm + {{- with .Values.anm.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/apigateway/templates/apimgr/apimgr-configmap.yaml b/apigateway/templates/apimgr/apimgr-configmap.yaml new file mode 100644 index 0000000..5d95117 --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.apimgr.enabled .Values.apimgr.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-apimgr-license-config +data: +{{- range $path, $config := .Values.apimgr.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/apigateway/templates/apimgr/apimgr-deployment.yaml b/apigateway/templates/apimgr/apimgr-deployment.yaml new file mode 100644 index 0000000..71ed90b --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-deployment.yaml @@ -0,0 +1,225 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + {{- if not .Values.apimgr.autoscaling.enabled }} + replicas: {{ .Values.apimgr.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apimgr.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apimgr.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: apimgr + {{- with .Values.apimgr.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.apimgr.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: apimgr + {{- with .Values.apimgr.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.apimgr.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.apimgr.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.global.cassandra.enabled }} + - name: init-cassandra + image: {{ .Values.global.initContainers.image | quote }} + command: ["sh", "-c", "c=0; x={{ len .Values.global.cassandra.hosts }}; until [ $(( c * 100 / x )) -ge 50 ]; do c=0; for host in {{- range .Values.global.cassandra.hosts }} {{ .hostname }} {{- end }}; do echo waiting for ${host}; if nc -w 3 -v ${host} {{ .Values.global.cassandra.port }};then c=$((c+1)); fi done; sleep 2; done;"] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + - name: init-anm + image: {{ .Values.global.initContainers.image | quote }} + {{- if .Values.anm.hostname }} + command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"] + {{- else }} + command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"] + {{- end }} + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apimgr.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.apimgr.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.apimgr.image.registry }}/{{ .Values.apimgr.image.repository }}:{{ .Values.apimgr.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.apimgr.service.ports.ui.port }} + protocol: {{ .Values.apimgr.service.ports.ui.protocol }} + {{- with .Values.apimgr.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apimgr.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.apimgr.resources | nindent 12 }} + env: + {{- with .Values.apimgr.extraEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.apimgr.FIPS.enabled }} + - name: EMT_FIPS_MODE + value: {{ .Values.apimgr.FIPS.enabled | quote }} + {{- end }} + {{- if .Values.apimgr.jvmHeapSize }} + - name: EMT_HEAP_SIZE_MB + value: {{ .Values.apimgr.jvmHeapSize | quote }} + {{- end }} + {{- if .Values.apimgr.logs.trace.level }} + - name: EMT_TRACE_LEVEL + value: {{ .Values.apimgr.logs.trace.level | quote }} + {{- end }} + {{- if .Values.apimgr.logs.trace.disk }} + - name: APIGW_LOG_TRACE_TO_FILE + value: {{ .Values.apimgr.logs.trace.disk | quote }} + {{- end }} + - name: APIGW_LOG_TRACE_JSON_TO_STDOUT + value: {{ default .Values.apimgr.logs.trace.stdoutJSON false | quote }} + {{- if .Values.apimgr.logs.opentraffic.output | quote }} + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: {{ .Values.apimgr.logs.opentraffic.output | quote }} + {{- end }} + {{- if .Values.global.domainkeypassphrase }} + - name: DOMAIN_KEY_PASSPHRASE + valueFrom: + secretKeyRef: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + key: passphrase + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + {{- if .Values.anm.hostname }} + - name: EMT_ANM_HOSTS + value: {{ .Values.anm.hostname | quote }} + {{- else }} + - name: EMT_ANM_HOSTS + value: "{{ include "gateway.fullname" . }}-anm:8090" + {{- end }} + - name: GROUP_ID + value: {{ .Values.apimgr.groupId }} + {{- if .Values.global.domainId }} + - name: DOMAIN_ID + value: {{ .Values.global.domainId }} + {{- end }} + {{- if .Values.global.cassandra.enabled }} + {{- range .Values.global.cassandra.hosts }} + - name: {{ .variable }} + value: {{ .hostname | quote }} + {{- end }} + - name: CASS_PORT + value: {{ .Values.global.cassandra.port | quote }} + - name: CASS_KEYSPACE + value: {{ tpl .Values.global.cassandra.keyspace . | quote }} + - name: CASS_TKEYSPACE + value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }} + - name: CASS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + - name: CASS_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + {{- end }} + {{- if .Values.apimgr.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.apimgr.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.apimgr.extraVolumeMounts }} + volumeMounts: + {{- if .Values.apimgr.license }} + - name: license + mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} + {{- toYaml ( .Values.apimgr.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.apimgr.extraVolumes }} + volumes: + {{- if .Values.apimgr.license }} + - name: license + configMap: + name: {{ .Release.Name }}-apimgr-license-config + {{- end }} +{{ toYaml ( .Values.apimgr.extraVolumes ) | indent 8 }} + {{- end }} + {{- with .Values.apimgr.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apimgr.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apimgr.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/apigateway/templates/apimgr/apimgr-hpa.yaml b/apigateway/templates/apimgr/apimgr-hpa.yaml new file mode 100644 index 0000000..bc44e60 --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.apimgr.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-apimgr" + minReplicas: {{ .Values.apimgr.autoscaling.minReplicas }} + maxReplicas: {{ .Values.apimgr.autoscaling.maxReplicas }} + metrics: + {{- if .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apimgr/apimgr-ingress.yaml b/apigateway/templates/apimgr/apimgr-ingress.yaml new file mode 100644 index 0000000..0d42c15 --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-ingress.yaml @@ -0,0 +1,97 @@ +{{- if .Values.apimgr.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apimgr.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apimgr + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apimgr.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apimgr.ingress.className }} + ingressClassName: {{ .Values.apimgr.ingress.className }} + {{- end }} + {{- if .Values.apimgr.ingress.tls }} + tls: + {{- range .Values.apimgr.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apimgr.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apimgr + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} + +--- + +{{- if .Values.apimgr.extraIngress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apimgr.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apimgr-extra + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apimgr.extraIngress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apimgr.extraIngress.className }} + ingressClassName: {{ .Values.apimgr.extraIngress.className }} + {{- end }} + {{- if .Values.apimgr.extraIngress.tls }} + tls: + {{- range .Values.apimgr.extraIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apimgr.extraIngress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apimgr + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apimgr/apimgr-routes.yaml b/apigateway/templates/apimgr/apimgr-routes.yaml new file mode 100644 index 0000000..8a2ad9e --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-routes.yaml @@ -0,0 +1,40 @@ +{{- if .Values.apimgr.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + {{- if .Values.global.domainName }} + host: apimgr.{{ .Values.global.domainName }} + {{- end }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-apimgr" + port: + targetPort: {{ tpl .Values.apimgr.route.targetPort . }} +{{- if .Values.apimgr.route.tls.enabled }} + tls: + termination: {{ .Values.apimgr.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apimgr.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apimgr.route.tls.key }} + key: |- + {{- .Values.apimgr.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apimgr.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apimgr.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apimgr.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apimgr.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apimgr.route.tls.certificate }} + certificate: |- + {{- .Values.apimgr.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/apigateway/templates/apimgr/apimgr-service.yaml b/apigateway/templates/apimgr/apimgr-service.yaml new file mode 100644 index 0000000..9151bb5 --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + type: {{ .Values.apimgr.service.type }} + ports: + - port: {{ .Values.apimgr.service.ports.ui.port }} + targetPort: {{ .Values.apimgr.service.ports.ui.port }} + protocol: {{ .Values.apimgr.service.ports.ui.protocol }} + name: apimanagerui + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apimgr diff --git a/apigateway/templates/apimgr/apimgr-serviceaccount.yaml b/apigateway/templates/apimgr/apimgr-serviceaccount.yaml new file mode 100644 index 0000000..e7bb2db --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.apimgr.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.apimgr.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr + {{- with .Values.apimgr.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-db-secret.yaml b/apigateway/templates/apiportal/apiportal-db-secret.yaml new file mode 100644 index 0000000..102c437 --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-db-secret.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.apiportal.enabled (not .Values.apiportal.mysql.existingSecret) -}} +apiVersion: v1 +data: + username: {{ .Values.apiportal.mysql.username | b64enc }} + password: {{ .Values.apiportal.mysql.password | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.apiportal.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-deployment.yaml b/apigateway/templates/apiportal/apiportal-deployment.yaml new file mode 100644 index 0000000..b96a2ae --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-deployment.yaml @@ -0,0 +1,170 @@ +{{- if .Values.apiportal.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-apiportal" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + replicas: {{ .Values.apiportal.replicaCount }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apiportal.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apiportal.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: apiportal + {{- with .Values.apiportal.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.apiportal.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: apiportal + {{- with .Values.apiportal.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.apiportal.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.apiportal.podSecurityContext | nindent 8 }} + containers: + - name: "{{ include "gateway.fullname" . }}-apiportal" + securityContext: + {{- toYaml .Values.apiportal.securityContext | nindent 12 }} + command: ["/usr/local/bin/entrypoint.sh", "apiportal"] + {{- with .Values.apiportal.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apiportal.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.apiportal.resources | nindent 12 }} + env: + - name: MYSQL_HOST + value: {{ default .Values.global.database.host .Values.apiportal.mysql.host | quote }} + - name: MYSQL_PORT + value: {{ tpl .Values.apiportal.mysql.port . | quote }} + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ include "gateway.apiportal.secretName" . }} + key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "gateway.apiportal.secretName" . }} + key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + - name: MYSQL_DATABASE + value: {{ .Values.apiportal.mysql.databaseName | quote }} + - name: MYSQL_SSL_ON + value: {{ .Values.apiportal.mysql.sslOn | quote }} + - name: MYSQL_SSL_VERIFY_CERT + value: {{ .Values.apiportal.mysql.sslVerifyCert | quote }} + {{- if .Values.apiportal.redis.enabled }} + - name: REDIS_CONFIGURED + value: "1" + - name: REDIS_ON + value: "1" + - name: REDIS_HOST + value: {{ required "A redis host should be specified" .Values.apiportal.redis.host | quote }} + - name: REDIS_PORT + value: {{ default "6379" .Values.apiportal.redis.port | quote }} + - name: REDIS_CACHE_TIMEOUT_SEC + value: {{ default "600" .Values.apiportal.redis.cacheTimeout | quote }} + {{- end }} + - name: APACHE_SSL_ON + value: {{ .Values.apiportal.apache.sslOn | quote }} + - name: APIMANAGER_CONFIGURED + value: {{ default "1" .Values.apiportal.apiManager.configured | quote }} + - name: API_WHITELIST_CONFIGURED + value: "1" + - name: API_WHITELIST + value: "apitraffic.{{ .Values.global.domainName }}" + - name: APIMANAGER_NAME + value: {{ .Values.apiportal.apiManager.name | quote }} + - name: APIMANAGER_HOST + value: "{{ include "gateway.fullname" . }}-apimgr" + - name: APIMANAGER_PORT + value: {{ .Values.apimgr.service.ports.ui.port | quote }} + - name: HTTP_PORT + value: {{ .Values.apiportal.service.ports.http.port | quote }} + - name: HTTPS_PORT + value: {{ .Values.apiportal.service.ports.https.port | quote }} + - name: HTTPS_FORCE_PORT + value: {{ .Values.apiportal.service.ports.force.port | quote }} + - name: T4_DOWNLOADED + value: {{ .Values.apiportal.t4_downloaded | quote }} + {{- if .Values.apiportal.extraEnvVars }} + {{- toYaml .Values.apiportal.extraEnvVars | nindent 12 }} + {{- end }} + image: "{{ default .Values.global.defaultRegistry .Values.apiportal.image.registry }}/{{ .Values.apiportal.image.repository }}:{{ .Values.apiportal.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - name: "apiportal" + containerPort: {{ .Values.apiportal.service.ports.force.port }} + protocol: TCP + volumeMounts: + {{- $mounts := list }} + {{- if .Values.apiportal.mysql.sslOn }} + {{- $mounts = append $mounts (dict "name" "mysql-certs" "mountPath" "/opt/axway/apiportal/certs/mysql/mysql-ca.pem" "subPath" "mysql-ca.pem") }} + {{- end }} + {{- if .Values.apiportal.apache.sslOn }} + {{- $mounts = append $mounts (dict "name" "apache" "mountPath" "/opt/axway/apiportal/certs/apache/") }} + {{- end }} + {{- include "gateway.volumeMounts" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $mounts | default list | toYaml | nindent 12 }} + initContainers: + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: [ 'sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port }}; do echo waiting for MySQL; sleep 2; done;' ] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.apiportal.apiManager.configured }} + - name: init-apimanager + image: {{ .Values.global.initContainers.image | quote }} + command: [ 'sh', '-c', 'until nc -w 3 -v {{ include "gateway.fullname" . }}-apimgr 8075; do echo waiting for API Manager; sleep 2; done;' ] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.apiportal.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- $vols := list }} + {{- if .Values.apiportal.mysql.sslOn }} + {{- $vols = append $vols (dict "name" "mysql-certs" "secret" (dict "secretName" "mysql-ca-cert" "items" (list (dict "key" "mysql-ca.pem" "path" "mysql-ca.pem")))) }} + {{- end }} + {{- if .Values.apiportal.apache.sslOn }} + {{- $vols = append $vols (dict "name" "apache" "secret" (dict "secretName" "apache" "items" (list (dict "key" "tls.key" "path" "apache.key") (dict "key" "tls.crt" "path" "apache.crt")))) }} + {{- end }} + {{- include "gateway.volumes" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $vols | default list | toYaml | nindent 8 }} +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-ingress.yaml b/apigateway/templates/apiportal/apiportal-ingress.yaml new file mode 100644 index 0000000..248abd6 --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-ingress.yaml @@ -0,0 +1,97 @@ +{{- if and .Values.apiportal.enabled .Values.apiportal.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apiportal.service.ports.target.port }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apiportal + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apiportal.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apiportal.ingress.className }} + ingressClassName: {{ .Values.apiportal.ingress.className }} + {{- end }} + {{- if .Values.apiportal.ingress.tls }} + tls: + {{- range .Values.apiportal.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apiportal.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apiportal + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} + +--- + +{{- if and .Values.apiportal.enabled .Values.apiportal.extraIngress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apiportal.service.ports.target.port }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apiportal-extra + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apiportal.extraIngress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apiportal.extraIngress.className }} + ingressClassName: {{ .Values.apiportal.extraIngress.className }} + {{- end }} + {{- if .Values.apiportal.extraIngress.tls }} + tls: + {{- range .Values.apiportal.extraIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apiportal.extraIngress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apiportal + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-rbac.yaml b/apigateway/templates/apiportal/apiportal-rbac.yaml new file mode 100644 index 0000000..682d95c --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-rbac.yaml @@ -0,0 +1,37 @@ +{{- if .Values.apiportal.enabled -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: apiportalscc + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - nonroot + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: apiportalscc + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +subjects: +- kind: ServiceAccount + name: {{ include "gateway.apiportal.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: Role + name: apiportalscc + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-routes.yaml b/apigateway/templates/apiportal/apiportal-routes.yaml new file mode 100644 index 0000000..836d1d6 --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-routes.yaml @@ -0,0 +1,40 @@ +{{- if and .Values.apiportal.enabled .Values.apiportal.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-apiportal" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + to: + kind: Service + name: {{ include "gateway.fullname" . }}-apiportal + {{- if .Values.global.domainName }} + host: apiportal.{{ .Values.global.domainName }} + {{- end }} + port: + targetPort: {{ tpl .Values.apiportal.route.targetPort . }} +{{- if .Values.apiportal.route.tls.enabled }} + tls: + termination: {{ .Values.apiportal.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apiportal.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apiportal.route.tls.key }} + key: |- + {{- .Values.apiportal.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apiportal.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apiportal.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apiportal.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apiportal.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apiportal.route.tls.certificate }} + certificate: |- + {{- .Values.apiportal.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-service.yaml b/apigateway/templates/apiportal/apiportal-service.yaml new file mode 100644 index 0000000..d834292 --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.apiportal.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gateway.fullname" . }}-apiportal + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + type: ClusterIP + ports: + - port: {{ .Values.apiportal.service.ports.http.port }} + targetPort: {{ .Values.apiportal.service.ports.http.port }} + protocol: TCP + name: {{ include "gateway.fullname" . }}-apiportal-http + - port: {{ .Values.apiportal.service.ports.https.port }} + targetPort: {{ .Values.apiportal.service.ports.https.port }} + protocol: TCP + name: {{ include "gateway.fullname" . }}-apiportal-https + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-serviceaccount.yaml b/apigateway/templates/apiportal/apiportal-serviceaccount.yaml new file mode 100644 index 0000000..a337358 --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.apiportal.enabled .Values.apiportal.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.apiportal.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal + {{- with .Values.apiportal.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apiportal/storage/apiportal-pvc.yaml b/apigateway/templates/apiportal/storage/apiportal-pvc.yaml new file mode 100644 index 0000000..d7f1f37 --- /dev/null +++ b/apigateway/templates/apiportal/storage/apiportal-pvc.yaml @@ -0,0 +1,53 @@ +{{- if .Values.apiportal.enabled }} +{{- range .Values.apiportal.storage.volumes }} +{{- if .enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }} + resources: + requests: + storage: {{ default "1Mi" .capacity | quote }} +{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "static" }} +# PersistentVolume needs to be created only for Static storage provisioning +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "gateway.fullname" $ }}-{{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + capacity: + storage: {{ .capacity | quote }} + volumeMode: Filesystem + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }} + csi: + driver: {{ .persistentVolume.csiDriver }} + volumeHandle: {{ .persistentVolume.volumeHandle }} + claimRef: + name: {{ .name | lower }} + namespace: {{ $.Release.Namespace | quote }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/apigateway/templates/apiportal/storage/storage-class.yaml b/apigateway/templates/apiportal/storage/storage-class.yaml new file mode 100644 index 0000000..0f92a71 --- /dev/null +++ b/apigateway/templates/apiportal/storage/storage-class.yaml @@ -0,0 +1,26 @@ +{{ if .Values.apiportal.enabled }} +{{- range .Values.apiportal.storage.classes }} +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} +provisioner: {{ .provisioner | quote }} +{{- with .allowVolumeExpansion }} +allowVolumeExpansion: {{ . }} +{{- end }} +{{- with .parameters }} +parameters: {{- tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- with .mountOptions }} +mountOptions: {{- toYaml . | nindent 2 }} +{{- end }} +{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "dynamic" }} +volumeBindingMode: WaitForFirstConsumer +{{- else }} +volumeBindingMode: Immediate +{{- end }} +{{- end }} +{{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-configmap.yaml b/apigateway/templates/apitraffic/apitraffic-configmap.yaml new file mode 100644 index 0000000..50e111e --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.apitraffic.enabled .Values.apitraffic.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-apitraffic-license-config +data: +{{- range $path, $config := .Values.apitraffic.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/apigateway/templates/apitraffic/apitraffic-deployment.yaml b/apigateway/templates/apitraffic/apitraffic-deployment.yaml new file mode 100644 index 0000000..b154a8c --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-deployment.yaml @@ -0,0 +1,226 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + {{- if not .Values.apitraffic.autoscaling.enabled }} + replicas: {{ .Values.apitraffic.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apitraffic.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apitraffic.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: apitraffic + {{- with .Values.apitraffic.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.apitraffic.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: apitraffic + {{- with .Values.apitraffic.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.apitraffic.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.apitraffic.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.global.cassandra.enabled }} + - name: init-cassandra + image: {{ .Values.global.initContainers.image | quote }} + command: ["sh", "-c", "c=0; x={{ len .Values.global.cassandra.hosts }}; until [ $(( c * 100 / x )) -ge 50 ]; do c=0; for host in {{- range .Values.global.cassandra.hosts }} {{ .hostname }} {{- end }}; do echo waiting for ${host}; if nc -w 3 -v ${host} {{ .Values.global.cassandra.port }};then c=$((c+1)); fi done; sleep 2; done;"] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + - name: init-anm + image: {{ .Values.global.initContainers.image | quote }} + {{- if .Values.anm.hostname }} + command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"] + {{- else }} + command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"] + {{- end }} + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apitraffic.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.apitraffic.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.apitraffic.image.registry }}/{{ .Values.apitraffic.image.repository }}:{{ .Values.apitraffic.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.apitraffic.service.ports.traffic.port }} + protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }} + {{- with .Values.apitraffic.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apitraffic.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.apitraffic.resources | nindent 12 }} + env: + {{- with .Values.apitraffic.extraEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.apitraffic.FIPS.enabled }} + - name: EMT_FIPS_MODE + value: {{ .Values.apitraffic.FIPS.enabled | quote }} + {{- end }} + {{- if .Values.apitraffic.jvmHeapSize }} + - name: EMT_HEAP_SIZE_MB + value: {{ .Values.apitraffic.jvmHeapSize | quote }} + {{- end }} + {{- if .Values.apitraffic.logs.trace.level }} + - name: EMT_TRACE_LEVEL + value: {{ .Values.apitraffic.logs.trace.level | quote }} + {{- end }} + {{- if .Values.apitraffic.logs.trace.disk }} + - name: APIGW_LOG_TRACE_TO_FILE + value: {{ .Values.apitraffic.logs.trace.disk | quote }} + {{- end }} + - name: APIGW_LOG_TRACE_JSON_TO_STDOUT + value: {{ default .Values.apitraffic.logs.trace.stdoutJSON false | quote }} + {{- if .Values.apitraffic.logs.opentraffic.output | quote}} + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: {{ .Values.apitraffic.logs.opentraffic.output | quote }} + {{- end }} + {{- if .Values.global.domainkeypassphrase }} + - name: DOMAIN_KEY_PASSPHRASE + valueFrom: + secretKeyRef: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + key: passphrase + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + - name: GROUP_ID + value: {{ .Values.apitraffic.groupId }} + {{- if .Values.global.domainId }} + - name: DOMAIN_ID + value: {{ .Values.global.domainId }} + {{- end }} + {{- if .Values.global.cassandra.enabled }} + {{- range .Values.global.cassandra.hosts }} + - name: {{ .variable }} + value: {{ .hostname | quote }} + {{- end }} + - name: CASS_PORT + value: {{ .Values.global.cassandra.port | quote }} + - name: CASS_KEYSPACE + value: {{ tpl .Values.global.cassandra.keyspace . | quote }} + - name: CASS_TKEYSPACE + value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }} + - name: CASS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + - name: CASS_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + + {{- end }} + {{- if .Values.apitraffic.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.apitraffic.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.anm.hostname }} + - name: EMT_ANM_HOSTS + value: {{ .Values.anm.hostname | quote }} + {{- else }} + - name: EMT_ANM_HOSTS + value: "{{ include "gateway.fullname" . }}-anm:8090" + {{- end }} + {{- if .Values.apitraffic.extraVolumeMounts }} + volumeMounts: + {{- if .Values.apitraffic.license }} + - name: license + mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} +{{- toYaml ( .Values.apitraffic.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.apitraffic.extraVolumes }} + volumes: + {{- if .Values.apitraffic.license }} + - name: license + configMap: + name: {{ .Release.Name }}-apitraffic-license-config + {{- end }} +{{ toYaml ( .Values.apitraffic.extraVolumes ) | indent 8 }} + {{- end }} + {{- with .Values.apitraffic.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apitraffic.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apitraffic.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-hpa.yaml b/apigateway/templates/apitraffic/apitraffic-hpa.yaml new file mode 100644 index 0000000..9f0143e --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.apitraffic.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-apitraffic" + minReplicas: {{ .Values.apitraffic.autoscaling.minReplicas }} + maxReplicas: {{ .Values.apitraffic.autoscaling.maxReplicas }} + metrics: + {{- if .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-ingress.yaml b/apigateway/templates/apitraffic/apitraffic-ingress.yaml new file mode 100644 index 0000000..840d129 --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-ingress.yaml @@ -0,0 +1,97 @@ +{{- if .Values.apitraffic.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apitraffic.service.ports.traffic.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apitraffic + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apitraffic.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apitraffic.ingress.className }} + ingressClassName: {{ .Values.apitraffic.ingress.className }} + {{- end }} + {{- if .Values.apitraffic.ingress.tls }} + tls: + {{- range .Values.apitraffic.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apitraffic.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apitraffic + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} + +--- + +{{- if .Values.apitraffic.extraIngress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apitraffic.service.ports.traffic.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apitraffic-extra + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apitraffic.extraIngress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apitraffic.extraIngress.className }} + ingressClassName: {{ .Values.apitraffic.extraIngress.className }} + {{- end }} + {{- if .Values.apitraffic.extraIngress.tls }} + tls: + {{- range .Values.apitraffic.extraIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apitraffic.extraIngress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apitraffic + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-routes.yaml b/apigateway/templates/apitraffic/apitraffic-routes.yaml new file mode 100644 index 0000000..e71e718 --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-routes.yaml @@ -0,0 +1,40 @@ +{{- if .Values.apitraffic.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + {{- if .Values.global.domainName }} + host: apitraffic.{{ .Values.global.domainName }} + {{- end }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-apitraffic" + port: + targetPort: {{ tpl .Values.apitraffic.route.targetPort . }} +{{- if .Values.apitraffic.route.tls.enabled }} + tls: + termination: {{ .Values.apitraffic.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apitraffic.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apitraffic.route.tls.key }} + key: |- + {{- .Values.apitraffic.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apitraffic.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apitraffic.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.route.tls.certificate }} + certificate: |- + {{- .Values.apitraffic.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-service.yaml b/apigateway/templates/apitraffic/apitraffic-service.yaml new file mode 100644 index 0000000..9b061c6 --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-service.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + type: {{ .Values.apitraffic.service.type }} + ports: + - port: {{ .Values.apitraffic.service.ports.traffic.port }} + targetPort: {{ .Values.apitraffic.service.ports.traffic.port }} + protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }} + name: apigatewaytraffic + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic + +--- + +{{- if eq .Values.apitraffic.oauth.enabled true }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-oauth" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + type: {{ .Values.apitraffic.oauth.type }} + ports: + - port: {{ .Values.apitraffic.oauth.port }} + targetPort: {{ .Values.apitraffic.oauth.port }} + protocol: {{ .Values.apitraffic.oauth.protocol }} + name: oauth + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +{{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-serviceaccount.yaml b/apigateway/templates/apitraffic/apitraffic-serviceaccount.yaml new file mode 100644 index 0000000..8336544 --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.apitraffic.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.apitraffic.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic + {{- with .Values.apitraffic.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apitraffic/oauth-ingress.yaml b/apigateway/templates/apitraffic/oauth-ingress.yaml new file mode 100644 index 0000000..ea45eb5 --- /dev/null +++ b/apigateway/templates/apitraffic/oauth-ingress.yaml @@ -0,0 +1,45 @@ +{{- if .Values.apitraffic.oauth.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apitraffic.oauth.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-oauth + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apitraffic.oauth.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apitraffic.oauth.ingress.className }} + ingressClassName: {{ .Values.apitraffic.oauth.ingress.className }} + {{- end }} + {{- if .Values.apitraffic.oauth.ingress.tls }} + tls: + {{- range .Values.apitraffic.oauth.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apitraffic.oauth.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-oauth + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apitraffic/oauth-routes.yaml b/apigateway/templates/apitraffic/oauth-routes.yaml new file mode 100644 index 0000000..59e1b72 --- /dev/null +++ b/apigateway/templates/apitraffic/oauth-routes.yaml @@ -0,0 +1,40 @@ +{{- if .Values.apitraffic.oauth.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-oauth" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: oauth +spec: + {{- if .Values.global.domainName }} + host: oauth.{{ .Values.global.domainName }} + {{- end }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-oauth" + port: + targetPort: {{ tpl .Values.apitraffic.oauth.route.targetPort . }} +{{- if .Values.apitraffic.oauth.route.tls.enabled }} + tls: + termination: {{ .Values.apitraffic.oauth.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apitraffic.oauth.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apitraffic.oauth.route.tls.key }} + key: |- + {{- .Values.apitraffic.oauth.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.oauth.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apitraffic.oauth.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.oauth.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apitraffic.oauth.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.oauth.route.tls.certificate }} + certificate: |- + {{- .Values.apitraffic.oauth.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/apigateway/templates/common/cassandra-secret.yaml b/apigateway/templates/common/cassandra-secret.yaml new file mode 100644 index 0000000..fa7d964 --- /dev/null +++ b/apigateway/templates/common/cassandra-secret.yaml @@ -0,0 +1,11 @@ +{{- if (not .Values.global.cassandra.existingSecret) -}} +apiVersion: v1 +data: + username: {{ .Values.global.cassandra.username | b64enc }} + password: {{ .Values.global.cassandra.password | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.cassandra.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} +{{- end }} diff --git a/apigateway/templates/common/domain-key-secret.yaml b/apigateway/templates/common/domain-key-secret.yaml new file mode 100644 index 0000000..bbad1dc --- /dev/null +++ b/apigateway/templates/common/domain-key-secret.yaml @@ -0,0 +1,10 @@ +{{- if ((.Values.global.domainkeypassphrase).passphrase) -}} +apiVersion: v1 +data: + passphrase: {{ .Values.global.domainkeypassphrase.passphrase | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} +{{- end }} diff --git a/apigateway/templates/common/metrics-db-secret.yaml b/apigateway/templates/common/metrics-db-secret.yaml new file mode 100644 index 0000000..16be0d4 --- /dev/null +++ b/apigateway/templates/common/metrics-db-secret.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.global.database.metrics.enabled (not .Values.global.database.metrics.existingSecret) -}} +apiVersion: v1 +data: + username: {{ .Values.global.database.metrics.username | b64enc }} + password: {{ .Values.global.database.metrics.password | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.metrics-db.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} +{{- end }} diff --git a/apigateway/templates/cronjob/cronjob.yaml b/apigateway/templates/cronjob/cronjob.yaml new file mode 100644 index 0000000..12c9bb2 --- /dev/null +++ b/apigateway/templates/cronjob/cronjob.yaml @@ -0,0 +1,59 @@ +{{- if .Values.cronjob.enabled -}} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: purge-files + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: cronjob +spec: + schedule: "{{ .Values.cronjob.schedule }}" + jobTemplate: + spec: + ttlSecondsAfterFinished: {{ .Values.cronjob.job_ttl }} + template: + metadata: + labels: + {{- include "gateway.labels" . | nindent 12 }} + app.kubernetes.io/component: cronjob + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} + containers: + - name: purge-files-job + image: {{ default .Values.global.initContainers.image .Values.cronjob.image | quote }} + args: + - /bin/sh + - -c + - echo "purging event files older than {{ .Values.cronjob.older_than }}"; find /events -type f -mtime {{ .Values.cronjob.older_than }} -exec rm -rf {} \; + volumeMounts: + - name: eventsvol + mountPath: "/events" + {{- with .Values.global.initContainers.resources }} + resources: + {{ toYaml . | nindent 14 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 14 }} + {{- end }} + restartPolicy: OnFailure + volumes: + - name: eventsvol + persistentVolumeClaim: + claimName: {{ .Values.cronjob.claimName }} + {{- with .Values.cronjob.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.cronjob.affinity }} + affinity: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.cronjob.tolerations }} + tolerations: + {{- toYaml . | nindent 12 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/storage/pvc.yaml b/apigateway/templates/storage/pvc.yaml new file mode 100644 index 0000000..78edca0 --- /dev/null +++ b/apigateway/templates/storage/pvc.yaml @@ -0,0 +1,50 @@ +{{- range .Values.global.storage.volumes }} +{{- if .enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} +spec: + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }} + resources: + requests: + storage: {{ default "1Mi" .capacity | quote }} +{{- if eq $.Values.global.storage.provisioningType "static" }} +# PersistentVolume needs to be created only for Static storage provisioning +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "gateway.fullname" $ }}-{{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + capacity: + storage: {{ .capacity | quote }} + volumeMode: Filesystem + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }} + csi: + driver: {{ .persistentVolume.csiDriver }} + volumeHandle: {{ .persistentVolume.volumeHandle }} + claimRef: + name: {{ .name | lower }} + namespace: {{ $.Release.Namespace | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/apigateway/templates/storage/storage-class.yaml b/apigateway/templates/storage/storage-class.yaml new file mode 100644 index 0000000..9106def --- /dev/null +++ b/apigateway/templates/storage/storage-class.yaml @@ -0,0 +1,24 @@ +{{- range .Values.global.storage.classes }} +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} +provisioner: {{ .provisioner | quote }} +{{- if .allowVolumeExpansion }} +allowVolumeExpansion: {{ .allowVolumeExpansion }} +{{- end }} +{{- with .parameters }} +parameters: {{- tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- with .mountOptions }} +mountOptions: {{- toYaml . | nindent 2 }} +{{- end }} +{{- if eq $.Values.global.storage.provisioningType "dynamic" }} +volumeBindingMode: WaitForFirstConsumer +{{- else }} +volumeBindingMode: Immediate +{{- end }} +{{- end }} diff --git a/apigateway/templates/tests/gw-test-connection.yaml b/apigateway/templates/tests/gw-test-connection.yaml new file mode 100644 index 0000000..316d011 --- /dev/null +++ b/apigateway/templates/tests/gw-test-connection.yaml @@ -0,0 +1,114 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-anm-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-anm:{{ .Values.anm.service.ports.traffic.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apimgr:{{ .Values.apimgr.service.ports.ui.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apitraffic:{{ .Values.apitraffic.service.ports.traffic.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +--- +{{- if .Values.aga.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-aga-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-aga:{{ .Values.aga.service.ports.ui.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +{{- end }} diff --git a/apigateway/templates/tests/test-connection-serviceaccount.yaml b/apigateway/templates/tests/test-connection-serviceaccount.yaml new file mode 100644 index 0000000..5a949c6 --- /dev/null +++ b/apigateway/templates/tests/test-connection-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.global.tests.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.tests.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: test-connection + {{- with .Values.global.tests.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/values.schema.json b/apigateway/values.schema.json new file mode 100644 index 0000000..20f97e1 --- /dev/null +++ b/apigateway/values.schema.json @@ -0,0 +1,2314 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "aga": { + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "enabled": { + "type": "boolean" + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "ui": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + } + } + }, + "anm": { + "type": "object", + "required": [ + "image", + "extraEnvVars" + ], + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "required": [ + "repository" + ], + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "traffic": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + }, + "ui": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "number", + "string" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "number", + "string" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "LoadBalancer", + "NodePort", + "ExternalName" + ] + } + } + }, + "serviceAccount": { + "type": "object", + "required": [ + "create" + ], + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "apimgr": { + "required": [ + "license" + ], + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "ui": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "number", + "string" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "number", + "string" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "apitraffic": { + "required": [ + "license" + ], + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "oauth": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + } + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "traffic": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "apiportal": { + "type": "object", + "properties": { + "apache": { + "type": "object", + "properties": { + "sslOn": { + "type": "integer", + "minimum": 0, + "maximum": 1 + } + } + }, + "apiManager": { + "type": "object", + "properties": { + "configured": { + "type": "integer", + "minimum": 0, + "maximum": 1 + + }, + "name": { + "type": "string" + } + } + }, + "enabled": { + "type": "boolean" + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "mysql": { + "type": "object", + "properties": { + "databaseName": { + "type": "string" + }, + "existingSecret": { + "type": "object", + "description": "Use an existing secrets which already stores your credentials, will ignore apiportal.mysql.password and apiportal.mysql.username", + "properties": { + "name": { + "type": "string" + }, + "keyMapping": { + "type": "object", + "properties": { + "password": { + "type": "string" + }, + "username": { + "type": "string" + } + } + } + } + }, + "username": { + "type": "string", + "description": "Username" + }, + "password": { + "type": "string", + "description": "Password" + }, + "sslOn": { + "type": "integer", + "minimum": 0, + "maximum": 1 + }, + "sslVerifyCert": { + "type": "integer", + "minimum": 0, + "maximum": 1 + } + } + }, + "redis": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "cacheTimeout": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "trafficForcePort": { + "type": "integer" + }, + "trafficPlainPort": { + "type": "integer" + }, + "trafficPort": { + "type": "integer" + } + } + }, + "storage": { + "type": "object", + "description": "Storage Options", + "properties": { + "classes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "provisioner": { + "type": "string" + }, + "allowVolumeExpansion": { + "type": "boolean" + }, + "mountOptions": { + "type": "array", + "items": { + "type": "string" + } + }, + "parameters": { + "type": "object" + } + } + } + }, + "provisioningType": { + "type": "string", + "enum": [ + "dynamic", + "static" + ] + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "required": [ + "capacity", + "enabled", + "name" + ], + "properties": { + "accessModes": { + "type": "array", + "description": "Access Modes", + "minItems": 1, + "maxItems": 3, + "uniqueItems": true, + "items": [ + { + "type": "string", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce" + ] + } + ] + }, + "capacity": { + "type": "string", + "description": "Storage Capacity, with unit (example: 5Gi)" + }, + "claimName": { + "type": "string", + "description": "Claim name, if empty the name property will be used instead" + }, + "enabled": { + "type": "boolean" + }, + "mountPath": { + "type": "string" + }, + "name": { + "type": "string", + "description": "Name of the PVC" + }, + "persistentVolume": { + "type": "object", + "properties": { + "csiDriver": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string", + "description": "Reclaim Policy", + "enum": [ + "Delete", + "Retain" + ] + }, + "volumeHandle": { + "type": "string", + "description": "Volume handle, mostly for AWS EFS. Only set if persistentVolume.create is true" + } + } + }, + "storageClassName": { + "type": "string", + "description": "For dynamic provisioning, the persistent volume will be created based on the storage class specs" + }, + "usedBy": { + "type": "array", + "items": [ + { + "type": "string", + "enum": [ + "portal" + ] + } + ] + } + } + } + } + } + }, + "updateStrategy": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "discovery-agent": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "traceability-agent": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "global": { + "type": "object", + "required": [ + "imagePullPolicy", + "storage" + ], + "properties": { + "apimVersion": { + "type": "string", + "description": "Gateway version. If apimVersion is not set, the appVersion in Chart.yaml will be used" + }, + "domainName": { + "type": "string", + "description": "Domain Name" + }, + "domainId": { + "type": "string", + "description": "Domain Id" + }, + "defaultRegistry": { + "type": "string", + "description": "Default image registry" + }, + "imagePullPolicy": { + "type": "string", + "description": "Image Pull Policy", + "enum": [ + "None", + "IfNotPresent", + "Always" + ] + }, + "imagePullSecrets": { + "type": "array" + }, + "initContainers": { + "type": "object", + "properties": { + "image": { + "type": "string", + "description": "image used in init containers" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object" + } + } + }, + "updateStrategy": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + }, + "storage": { + "type": "object", + "description": "Storage Options", + "required": [ + "classes", + "provisioningType", + "volumes" + ], + "properties": { + "classes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "provisioner": { + "type": "string" + }, + "allowVolumeExpansion": { + "type": "boolean" + }, + "mountOptions": { + "type": "array", + "items": { + "type": "string" + } + }, + "parameters": { + "type": "object" + } + } + } + }, + "provisioningType": { + "type": "string", + "enum": [ + "dynamic", + "static" + ] + }, + "storageClassName": { + "type": "string", + "description": "Default storage class name. For dynamic provisioning, persistent volumes will be created based on the storage class specs" + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "required": [ + "capacity", + "enabled", + "name" + ], + "properties": { + "accessModes": { + "type": "array", + "description": "Access Modes", + "minItems": 1, + "maxItems": 3, + "uniqueItems": true, + "items": [ + { + "type": "string", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce" + ] + } + ] + }, + "capacity": { + "type": "string", + "description": "Storage Capacity, with unit (example: 5Gi)" + }, + "claimName": { + "type": "string", + "description": "Claim name, if empty the name property will be used instead" + }, + "enabled": { + "type": "boolean" + }, + "mountPath": { + "type": "string" + }, + "name": { + "type": "string", + "description": "Name of the PVC" + }, + "persistentVolume": { + "type": "object", + "properties": { + "csiDriver": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string", + "description": "Reclaim Policy", + "enum": [ + "Delete", + "Retain" + ] + }, + "volumeHandle": { + "type": "string", + "description": "Volume handle, mostly for AWS EFS. Only set if persistentVolume.create is true" + } + } + }, + "storageClassName": { + "type": "string", + "description": "For dynamic provisioning, the persistent volume will be created based on the storage class specs" + }, + "usedBy": { + "type": "array", + "items": [ + { + "type": "string", + "enum": [ + "aga", + "anm", + "apimgr", + "traffic", + "portal" + ] + } + ] + } + } + } + } + } + }, + "database": { + "type": "object", + "description": "Mysql Database Instance Options", + "properties": { + "host": { + "type": "string", + "description": "Database hostname" + }, + "port": { + "type": "integer", + "description": "Database port" + }, + "metrics": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "databaseName": { + "type": "string" + }, + "url": { + "type": "string", + "description": "Metrics DB JDBC URL" + }, + "useSSL": { + "type": "string" + }, + "verifyServerCertificate": { + "type": "boolean" + }, + "sslMode": { + "type": "string", + "enum": [ + "NONE", + "0", + "PREFERRED", + "1", + "REQUIRED", + "2", + "VERIFY_CA", + "3", + "VERIFY_IDENTITY", + "4" + ] + }, + "existingSecret": { + "type": "object", + "description": "Use an existing secrets which already stores your credentials, will ignore database.metrics.password and database.metrics.username", + "properties": { + "name": { + "type": "string" + }, + "keyMapping": { + "type": "object", + "properties": { + "password": { + "type": "string" + }, + "username": { + "type": "string" + } + } + } + } + }, + "username": { + "type": "string", + "description": "Username" + }, + "password": { + "type": "string", + "description": "Password" + } + } + } + } + }, + "domainkeypassphrase": { + "type": "object", + "properties": { + "passphrase": { + "type": "string" + } + } + }, + "cassandra": { + "type": "object", + "description": "Cassandra Options", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "existingSecret": { + "type": "object", + "description": "Use an existing secrets which already stores your password data, will ignore cassandra.password", + "properties": { + "name": { + "type": "string" + }, + "keyMapping": { + "type": "object", + "properties": { + "password": { + "type": "string" + } + } + } + } + }, + "hosts": { + "type": "array", + "description": "List of Cassandra hostnames, the variable property should match the variables names in the FED", + "items": { + "type": "object", + "properties": { + "variable": { + "type": "string" + }, + "hostname": { + "type": "string" + } + } + } + }, + "password": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "keyspace": { + "type": "string" + }, + "tkeyspace": { + "type": "string" + }, + "username": { + "type": "string" + } + } + } + } + }, + "tests": { + "type": "object", + "properties": { + "images": { + "type": "object", + "properties": { + "curl": { + "type": "object", + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + } + } + } + }, + "required": [ + "global", + "anm", + "apimgr", + "apitraffic", + "aga" + ], + "title": "Values" +} diff --git a/apigateway/values.yaml b/apigateway/values.yaml new file mode 100644 index 0000000..45fb6e2 --- /dev/null +++ b/apigateway/values.yaml @@ -0,0 +1,1251 @@ +# Structural changes to this file should be reflected in values.schema.yaml +# +# Sample values for different use cases are available in the samples folder + +# override for the name of the chart +nameOverride: "" +# override for the fully qualified name +fullnameOverride: "" + +# global values that can be read by all components of the APIM solution +global: + # if apimVersion is not set, the appVersion in Chart.yaml will be used + apimVersion: "" + # domain used in the ingresses or routes + domainName: "" + # NOTE: if not using the default domain certs set domainId to the Unique ID (or Common Name) that was used to create custom domain certs + domainId: "" + # default docker registry + defaultRegistry: "" + imagePullSecrets: [] + imagePullPolicy: IfNotPresent + initContainers: + image: "docker.io/busybox:1.34" + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + updateStrategy: + # RollingUpdate or Recreate + type: RollingUpdate + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + storage: + # static (a template will be created for the PV), + # or dynamic (default, a storage class is used, and PV doesnt' require a template) + provisioningType: "dynamic" + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # global storage class name, will be used by all volumes not overriding it + # leave empty for static provisioning + # can be the name of a storage class specified in `classes` below, or an external one + storageClassName: "" + # storage class managed by this chart + classes: [] + # - name: "" + # # provisioner (CSI driver), example: efs.csi.aws.com + # provisioner: "" + # allowVolumeExpansion: true + # mountOptions: [] + # # storage class parameters to use if create is true + # parameters: {} + # # example + # # provisioningMode: "efs-ap" + # # fileSystemId: "fs-05d1bd09462e124d8" + # # directoryPerms: "770" + volumes: + - name: events + enabled: false + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + - name: gw-external-config + enabled: true + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "nfs-client" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + - name: aga-external-config + enabled: true + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "nfs-client" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + - name: anm-external-config + enabled: true + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "nfs-client" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + # Database server instance used for metrics and for API Portal + database: + # templating available + # host: example-mysql.{{ .Values.global.domainName }} + host: "" + port: 3306 + # database name for the metrics, used by gateway components + metrics: + enabled: false + # a database with this name has to be created in the MySQL instance as a prerequisite + databaseName: metrics + # 8.0.12 and earlier, useSSL is a string, verifyServerCertificate is a boolean value + useSSL: "false" + # verifyServerCertificate: true + # 8.0.13 and later: Server Certificate Verification is enabled when the sslMode property is set to VERIFY_CA or VERIFY_IDENTITY + # sslMode: "NONE" + # MySQL JDBC URL + url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}" + # additional QueryString parameters in jdbc url can be added as shown below + # encoding: "UTF-8" + # url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}&{{ .Values.global.database.metrics.encoding }}" + # if the credentials are already available in a secret, set existingSecret + existingSecret: {} + # name: "mysql-credentials" + # keyMapping: + # password: metricsDbPasswordKey + # username: metricsDbUsernameKey + # else, set username and password, this will create a new secret + username: "" + password: "" + # portal database is only used by the portal pods, so it's configuration is in the apiportal section + # cassandra connection configuration + cassandra: + enabled: false + # if the credentials are already available in a secret, set existingSecret + # if not, set username and password + existingSecret: {} + # name: cassandra + # keyMapping: + # username: myCassandraUsernameKey + # password: myCassandraPasswordKey + # list of hostnames and name of the env var passed to the gateway image, + # the variable name should be consistent with the content of the FED + hosts: [] + ## single cassandra node, or service of a containerized cassandra: + # - variable: CASS_HOST + # hostname: cassandra.cassandra + ## multi node cassandra: + # - variable: CASS_HOST_1 + # hostname: cassandra-1 + # - variable: CASS_HOST_2 + # hostname: cassandra-2 + # - variable: CASS_HOST_3 + # hostname: cassandra-3 + username: "" + password: "" + port: 9042 + # templating available + # keyspace: keyspace-{{ .Values.global.domainID }} + # tkeyspace: tkeyspace-{{ .Values.global.domainID }} + keyspace: "" + tkeyspace: "" + # Set the domain key passphrase. If passphrase is blank, do not set. + # domainkeypassphrase: + # passphrase: "" + tests: + images: + curl: + registry: docker.io + repository: "curlimages/curl" + # leave empty for "latest" or specify an immutable tag + tag: "" + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # cpu: 100m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +anm: + # a single replica is the only supported value for ANM + enabled: true + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + # Enables FIPS mode + FIPS: + enabled: false + logs: + trace: + # FATAL, ERROR, INFO, DEBUG, DATA + level: INFO + # Write trace logs to file on disk + disk: true + # Write trace logs to stdout in JSON Format + stdoutJSON: false + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + podSecurityContext: + # set user id for k8s, set null for openshift + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + traffic: + port: 8090 + protocol: TCP + ui: + port: 8091 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #set if extra ANM ingress required + extraIngress: + enabled: false + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.anm.service.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + # JVM Heap Size in MB + jvmHeapSize: "1024" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.anm + path: /healthcheck + port: 8091 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.anm + path: /healthcheck + port: 8091 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 +# extraVolumeMounts: +# - name: events +# mountPath: /opt/Axway/apigateway/logs/events +# extraVolumes: +# - persistentVolumeClaim: +# claimName: events +# name: events + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + +apimgr: + enabled: true + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + groupId: "DefaultGroup" + # Enables FIPS mode + FIPS: + enabled: false + logs: + trace: + # FATAL, ERROR, INFO, DEBUG, DATA + level: INFO + # Write trace logs to file on disk + disk: true + # Write trace logs to stdout in JSON Format + stdoutJSON: false + opentraffic: + # none, file or stdout + output: stdout + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + podSecurityContext: + # set user id for k8s, set null for openshift + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + ui: + port: 8075 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #set if extra API Manager ingress required + extraIngress: + enabled: false + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.apimgr.service.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2Gi" + # cpu: 2 + # requests: + # memory: "0.5Gi" + # cpu: 0.5 + # JVM Heap Size in MB + jvmHeapSize: "1512" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apimgr + path: /healthcheck + port: 8075 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apimgr + path: /healthcheck + port: 8075 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 +# extraVolumeMounts: +# - name: events +# mountPath: /opt/Axway/apigateway/logs/events +# - name: opentraffic +# mountPath: /opt/Axway/apigateway/logs/opentraffic +# extraVolumes: +# - persistentVolumeClaim: +# claimName: events +# name: events +# - persistentVolumeClaim: +# claimName: opentraffic +# name: opentraffic + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + license: + license.lic: | +# FIPS=1 +# Mock Connector=1 +# SalesForce Connector=1 +# ServiceNow Connector=1 +# analytics=1 +# api_visual_mapper=1 +# apiportal=1 +# expires=Sun, 05 May 2025 00:00:00 GMT +# mcafee=1 +# mobile integration=1 +# unrestricted=1 +# # SIGNATURE: abc123 + + +apitraffic: + enabled: true + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + groupId: "DefaultGroup" + # Enables FIPS mode + FIPS: + enabled: false + logs: + trace: + # FATAL, ERROR, INFO, DEBUG or DATA + level: INFO + # Write trace logs to file on disk + disk: true + # Write trace logs to stdout in JSON Format + stdoutJSON: false + opentraffic: + # none, file or stdout + output: stdout + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + podSecurityContext: + # set user id for k8s, set null for openshift + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + traffic: + port: 8065 + protocol: TCP + oauth: + enabled: true + type: ClusterIP + port: 8089 + protocol: TCP + route: + enabled: true + targetPort: "{{ .Values.apitraffic.oauth.port }}" + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + #oauth ingress + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #apitraffic ingress + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #set if extra apitraffic ingress required + extraIngress: + enabled: false + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.apitraffic.service.ports.traffic.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2Gi" + # cpu: 2 + # requests: + # memory: "0.5Gi" + # cpu: 0.5 + # JVM Heap Size in MB + jvmHeapSize: "1512" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apitraffic + path: /healthcheck + port: 8065 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apitraffic + path: /healthcheck + port: 8065 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 +# extraVolumeMounts: +# - name: events +# mountPath: /opt/Axway/apigateway/logs/events +# - name: opentraffic +# mountPath: /opt/Axway/apigateway/logs/opentraffic +# extraVolumes: +# - persistentVolumeClaim: +# claimName: events +# name: events +# - persistentVolumeClaim: +# claimName: opentraffic +# name: opentraffic + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + license: + license.lic: | +# FIPS=1 +# Mock Connector=1 +# SalesForce Connector=1 +# ServiceNow Connector=1 +# analytics=1 +# api_visual_mapper=1 +# apiportal=1 +# expires=Sun, 05 May 2025 00:00:00 GMT +# mcafee=1 +# mobile integration=1 +# unrestricted=1 +# # SIGNATURE: abc123 + + +aga: + enabled: false + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + podSecurityContext: + # set user id for k8s, set null for openshift + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + ui: + port: 8040 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #set if extra Analytics(aga) ingress required + extraIngress: + enabled: false + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.aga.service.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers// + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apimgr + path: /healthcheck + port: 8040 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apimgr + path: /healthcheck + port: 8040 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + #extraVolumeMounts: + #- name: events + # mountPath: /opt/Axway/apigateway/logs/events + #extraVolumes: + #- persistentVolumeClaim: + # claimName: events + # name: events + extraVolumeMounts: + - name: aga-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: aga-external-config + name: aga-external-config + + +apiportal: + enabled: false + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + service: + type: ClusterIP + ports: + target: + port: 8443 + https: + port: 8443 + protocol: TCP + http: + port: 8080 + protocol: TCP + force: + port: 443 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #set if extra Apiportal ingress required + extraIngress: + enabled: false + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.apiportal.service.ports.http.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: edge + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + apiManager: + configured: 1 + name: Main + # host: "" + # port: 8075 + # database settings for API Portal, also check the instance settings in global section + mysql: + # if the credentials are already available in a secret, set existingSecret + existingSecret: {} + # name: "mysql-credentials" + # keyMapping: + # password: portalDbPasswordKey + # username: portalDbUsernameKey + # else, set username and password, this will create a new secret + username: "" + password: "" + # With empty host the value from global section will be used + host: "" + port: "{{ .Values.global.database.port }}" + # if it doesn't exist, a database with this name will be created by the app + databaseName: "portal" + # When mysql ssl is enabled, a k8s tls secret must be created, named 'mysql-certs': + # kubectl create secret tls mysql-certs --cert=mysql-cert.pem --key=mysql-key.pem + sslOn: 0 + sslVerifyCert: 0 + redis: + enabled: false + host: "" + port: 6379 + cacheTimeout: 600 + apache: + # When apache ssl is enabled, a k8s tls secret must be created, named 'apache': + # kubectl create secret tls apache --cert=apache-cert.pem --key=apache-key.pem + sslOn: 0 + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + podAnnotations: {} + podLabels: {} + podSecurityContext: + runAsUser: 1048 + runAsGroup: 1048 + fsGroup: 1048 + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + # + # Flag indicating that the user has downloaded + # their own copy of the T4 Page Builder component from Joomlart + # (https://www.joomlart.com/member/downloads/joomlart/t4/t4-page-builder). + # Joomlart require registration prior to free download. + # Valid values: 0 or 1 + t4_downloaded: 1 + storage: + # if provisioningType=static, a template will be created for the PV, + # if provisioningType=dynamic (default), a storage class is used, and PV doesn't require a template + provisioningType: "dynamic" + classes: [] + volumes: + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "enckey" + usedBy: + - portal + capacity: 3Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/enckey" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + reclaimPolicy: Delete + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "images" + usedBy: + - portal + capacity: 100Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/images" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "language" + usedBy: + - portal + capacity: 10Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/language" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "templates" + usedBy: + - portal + capacity: 100Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/templates" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "admlanguage" + usedBy: + - portal + capacity: 10Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/administrator/admlanguage" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "certs" + usedBy: + - portal + capacity: 10Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/administrator/components/com_apiportal/assets/cert" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + +cronjob: + # If enabled a cronjob will be created which runs according to the schedule you set and removes event files + enabled: false + # Schedule - i.e how often to run the cronjob to purge the event log files + # * * * * * + # | | | | | + # | | | | day of the week (0–6) (Sunday to Saturday) * means every day + # | | | month of the year (1–12); * means every month + # | | day of the month (1–31); "*/n" means every n days;* means all days + # | hour of the day (0–23); * means every hours + # minute of the hour (0–59); "*/n" means every n minutes; * means every minute + # further details here: https://en.wikipedia.org/wiki/Cron + # By default the schedule is set to run every 60 minutes + schedule: "*/60 * * * *" + # When purging remove files older than the number of days set in older_than. Set to 30 days by default + older_than: 30 + # If the schedule is frequent then the number of jobs will build up. job_ttl allows these to be cleaned up + # Number of seconds a job should live after it is finished. Default is 3600 which matches the default + # schedule interval + job_ttl: 3600 + # image defaults to init container image which is docker.io/busybox:1.34 but can be overwritten + image: "" + # claimName defaults to events - i.e the claimName used to store events + claimName: events + nodeSelector: {} + tolerations: [] + affinity: {} + +tests: + images: + curl: + registry: docker.io + repository: "curlimages/curl" + # leave empty for "latest" or specify an immutable tag + tag: "" + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # cpu: 100m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +## Configuration for v7-discovery subchart +discovery-agent: + # Deploy the discovery agent + enabled: false + + +## Configuration for v7-traceability subchart +traceability-agent: + ## Deploy the traceability agent + enabled: false diff --git a/values-override.yaml b/values-override.yaml index 2665e1a..585cb62 100644 --- a/values-override.yaml +++ b/values-override.yaml @@ -103,7 +103,7 @@ global: anm: image: repository: "admin-nodemanager" - tag: "7.7.0.20240228-1-BN0065-ubi9" + tag: "7.7.0.20250830-3-BN0276-ubi9" generalConditions: accept: "yes" resources: @@ -117,6 +117,7 @@ anm: runAsNonRoot: true route: enabled: true + targetPort: "{{ .Values.anm.service.ports.traffic.port }}" host: apimgr.apilab.us annotations: cert-manager.io/issuer-kind: ClusterIssuer @@ -128,27 +129,34 @@ anm: key: destinationCACertificate: | -----BEGIN CERTIFICATE----- - MIIC0jCCAbqgAwIBAgIGAY4J1hijMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNVBAMM - DURlZmF1bHREb21haW4wIBcNMjQwMjI2MTQyMDEwWhgPMjEyNDAyMDkxNDIwMTBa + MIIC0jCCAbqgAwIBAgIGAZnKuRjxMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNVBAMM + DURlZmF1bHREb21haW4wIBcNMjUxMDAyMjA0NTUyWhgPMjEyNTA5MTUyMDQ1NTJa MBgxFjAUBgNVBAMMDURlZmF1bHREb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IB - DwAwggEKAoIBAQDCEooOITaf9yC63uqIABDpWcd4o17fVIqkb9u7DT4ZyJSWAaL8 - 8t+k866EtppNTLn/3tntoG+G6XZiNTZfyT6rLad/3GVpkX78P9eqwUS5CpKWbBFd - KzYV6YC4Zw44SG8aX0A98T7Hz5j67EDkvY0VY9TWBSTpiWZum+R5mpayCfnfEjSz - XQ6+Y+YVusbJk+EjJEENGkmnT5/pQHTnSAGH0aHkeY84OiW7ZwMqysEXlXvRWKHn - Ul5cEkugM7BQVJak/q+XbKWjWdczLWByA5DzXOvhu7TdynEA5f0rNOaYc8O5N3yr - U1K7rikQaVih+paJhM+XE5p0zZvUgYDTsEMbAgMBAAGjIDAeMA8GA1UdEwQIMAYB - Af8CAQAwCwYDVR0PBAQDAgK8MA0GCSqGSIb3DQEBCwUAA4IBAQDB0KvpqfCOil00 - 1qdx2RwZtc3ichIcClPlv51d4E9nEM3Q3VbC1h3Fdvz4PqELfhKC1vB5Z7bvZXXo - 0Jb/T3z608PnglEuCYJBD77JOQIwNAD4gWW8TmS/bWkemaPZRwTSONWVbdZ/KBZ6 - 3t7EB2UwyvT1XAGn1/EzN1xW8SN9tHqyt19R0/ZWt2KQ4Gdx+Ht0pbXYkuNw0oUz - gay9sGl0B1cipRabreApN/R7AuPxxvBx9YuXuMxYkLIRXyqZUmxXAzUdxi5ZfPaA - 7a1XW5OSfgFYwSJavp6gD4VxrD5DLqhqLz5yjlPBm6AiYNm2pqN1zciSGPaOcqAX - N4Ij70Th + DwAwggEKAoIBAQDlpLz2niUTMnLxf0n0EHRmXOYJahhKsCvyq6mUHwyQKgG893RB + KwY7tfoHDAsx8WAF1UFLKAXgBDlo2wXrKC0xCEZknM5UfzCHDz7ajGG0CEFPtWXw + Z1/0Q0t9Zjc+VKP5oVM/X7kM7mPVFabbCJ6hieAUadguKTtd19CIECu9my41xcYS + cj3Bd7LAIW1DepniK/mnRfzOGWYdzv5iiWo6aR8I3ZAvLXB8BgpAd2ym927kFG8f + C6xR8xLnSaXdZ7QMDi3zO2TN7AxdKYPi/5Yh7UHm0RqSa9gbuIbQq/Pxb7QZHzWP + U4Y44TX0BNUTkDB2Gv9Yu+rtghdEgPbwp+CxAgMBAAGjIDAeMA8GA1UdEwQIMAYB + Af8CAQAwCwYDVR0PBAQDAgK8MA0GCSqGSIb3DQEBCwUAA4IBAQCljlVdbRf/cQh+ + pXH8hJiImTWU7xZTDm8PnOEk6h6ORrrqNh42vF1lugwgV13itO24vtleurB6tw95 + 9YeypwTPfWdFdKiKcDbQ6JZy+dnEfIp4vtgN4bHtKGqkOtigpZiZA/IJ2Xwi/YGB + QPLg6MGWm+eyvBvIIXRI3LT59UZ2PPtzCs9FehbzNCJ4sxyzSQKrszatar/bD4SO + kNjZ+33KD6PJ3EnzTUAR4D7BRdcnRXQNR/1EwqF3uOoL7MBJFxna9tjeTPvyZ9Zl + TmWZ1GKi2rAtXyJiFXDbBJg5gfUngMENldHGxCSyFvIbtivefw6nZiCHMaiAuV5a + 2XdVfapG -----END CERTIFICATE----- caCertificate: certificate: service: - port: 8090 + type: ClusterIP + ports: + traffic: + port: 8090 + protocol: TCP + ui: + port: 8091 + protocol: TCP extraVolumeMounts: - name: anm-external-config mountPath: /merge @@ -180,7 +188,7 @@ apimgr: name: apimgr image: repository: "gateway" - tag: "7.7.0.20240228-1-BN0065-ubi9" + tag: "7.7.0.20250830-3-BN0276-ubi9" generalConditions: accept: "yes" groupId: Group1 @@ -289,7 +297,7 @@ apimgr: apitraffic: image: repository: "gateway" - tag: "7.7.0.20240228-1-BN0065-ubi9" + tag: "7.7.0.20250830-3-BN0276-ubi9" generalConditions: accept: "yes" groupId: Group1 @@ -477,7 +485,7 @@ apiportal: # if registry is left empty, global.defaultRegistry will be used registry: docker.repository.axway.com/apiportal-docker-prod/7.7 repository: "apiportal" - tag: "7.7.20240228-BN1285" + tag: "7.7.0.20250830-3-BN0276-ubi9" generalConditions: accept: "yes" serviceAccount: @@ -597,7 +605,7 @@ aga: # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used repository: "analytics" - tag: "7.7.0.20240228-1-BN0065-ubi9" + tag: "7.7.0.20250830-3-BN0276-ubi9" # Overrides the image tag whose default is the chart appVersion. generalConditions: accept: "yes"