From 555c441ad1ee026ca19fcd98ac5897f1148e8826 Mon Sep 17 00:00:00 2001 From: Conan Scott Date: Thu, 20 Nov 2025 15:56:45 +0800 Subject: [PATCH] Updated to 7.7.0.20250830-3-BN0276-ubi Updated ANM destinationCertCA for 7.7.0.20250830-3-BN0276-ubi --- apigateway-helm-prod-apigateway-1.18.0.tgz | Bin 0 -> 29825 bytes apigateway/Chart.lock | 9 + apigateway/Chart.yaml | 24 + apigateway/README.md | 7 + apigateway/charts/v7-discovery/.helmignore | 26 + apigateway/charts/v7-discovery/Chart.yaml | 10 + apigateway/charts/v7-discovery/README.md | 33 + .../charts/v7-discovery/templates/NOTES.txt | 0 .../v7-discovery/templates/_helpers.tpl | 78 + .../v7-discovery/templates/deployment.yaml | 112 + .../templates/serviceaccount.yaml | 12 + apigateway/charts/v7-discovery/values.yaml | 67 + apigateway/charts/v7-traceability/.helmignore | 26 + apigateway/charts/v7-traceability/Chart.yaml | 10 + apigateway/charts/v7-traceability/README.md | 42 + .../v7-traceability/templates/NOTES.txt | 0 .../v7-traceability/templates/_helpers.tpl | 78 + .../v7-traceability/templates/daemonset.yaml | 174 ++ .../charts/v7-traceability/templates/job.yaml | 91 + .../charts/v7-traceability/templates/pvc.yaml | 29 + .../templates/serviceaccount.yaml | 12 + .../templates/statefulset.yaml | 164 ++ apigateway/charts/v7-traceability/values.yaml | 113 + apigateway/samples/multigroup/apim-ext.yaml | 357 +++ apigateway/samples/multigroup/apim-int.yaml | 357 +++ apigateway/templates/NOTES.txt | 0 apigateway/templates/_gateway_helpers.tpl | 50 + apigateway/templates/_helpers.tpl | 141 + apigateway/templates/_portal_helpers.tpl | 18 + apigateway/templates/aga/aga-configmap.yaml | 12 + apigateway/templates/aga/aga-deployment.yaml | 122 + apigateway/templates/aga/aga-hpa.yaml | 33 + apigateway/templates/aga/aga-ingress.yaml | 97 + apigateway/templates/aga/aga-routes.yaml | 40 + apigateway/templates/aga/aga-service.yaml | 19 + .../templates/aga/aga-serviceaccount.yaml | 13 + apigateway/templates/anm/anm-configmap.yaml | 12 + apigateway/templates/anm/anm-deployment.yaml | 162 ++ apigateway/templates/anm/anm-hpa.yaml | 35 + apigateway/templates/anm/anm-ingress.yaml | 97 + apigateway/templates/anm/anm-routes.yaml | 42 + apigateway/templates/anm/anm-service.yaml | 23 + .../templates/anm/anm-serviceaccount.yaml | 15 + .../templates/apimgr/apimgr-configmap.yaml | 12 + .../templates/apimgr/apimgr-deployment.yaml | 225 ++ apigateway/templates/apimgr/apimgr-hpa.yaml | 33 + .../templates/apimgr/apimgr-ingress.yaml | 97 + .../templates/apimgr/apimgr-routes.yaml | 40 + .../templates/apimgr/apimgr-service.yaml | 17 + .../apimgr/apimgr-serviceaccount.yaml | 13 + .../apiportal/apiportal-db-secret.yaml | 12 + .../apiportal/apiportal-deployment.yaml | 170 ++ .../apiportal/apiportal-ingress.yaml | 97 + .../templates/apiportal/apiportal-rbac.yaml | 37 + .../templates/apiportal/apiportal-routes.yaml | 40 + .../apiportal/apiportal-service.yaml | 24 + .../apiportal/apiportal-serviceaccount.yaml | 13 + .../apiportal/storage/apiportal-pvc.yaml | 53 + .../apiportal/storage/storage-class.yaml | 26 + .../apitraffic/apitraffic-configmap.yaml | 12 + .../apitraffic/apitraffic-deployment.yaml | 226 ++ .../templates/apitraffic/apitraffic-hpa.yaml | 33 + .../apitraffic/apitraffic-ingress.yaml | 97 + .../apitraffic/apitraffic-routes.yaml | 40 + .../apitraffic/apitraffic-service.yaml | 39 + .../apitraffic/apitraffic-serviceaccount.yaml | 13 + .../templates/apitraffic/oauth-ingress.yaml | 45 + .../templates/apitraffic/oauth-routes.yaml | 40 + .../templates/common/cassandra-secret.yaml | 11 + .../templates/common/domain-key-secret.yaml | 10 + .../templates/common/metrics-db-secret.yaml | 11 + apigateway/templates/cronjob/cronjob.yaml | 59 + apigateway/templates/storage/pvc.yaml | 50 + .../templates/storage/storage-class.yaml | 24 + .../templates/tests/gw-test-connection.yaml | 114 + .../tests/test-connection-serviceaccount.yaml | 13 + apigateway/values.schema.json | 2314 +++++++++++++++++ apigateway/values.yaml | 1251 +++++++++ values-override.yaml | 50 +- 79 files changed, 8102 insertions(+), 21 deletions(-) create mode 100644 apigateway-helm-prod-apigateway-1.18.0.tgz create mode 100644 apigateway/Chart.lock create mode 100644 apigateway/Chart.yaml create mode 100644 apigateway/README.md create mode 100644 apigateway/charts/v7-discovery/.helmignore create mode 100644 apigateway/charts/v7-discovery/Chart.yaml create mode 100644 apigateway/charts/v7-discovery/README.md create mode 100644 apigateway/charts/v7-discovery/templates/NOTES.txt create mode 100644 apigateway/charts/v7-discovery/templates/_helpers.tpl create mode 100644 apigateway/charts/v7-discovery/templates/deployment.yaml create mode 100644 apigateway/charts/v7-discovery/templates/serviceaccount.yaml create mode 100644 apigateway/charts/v7-discovery/values.yaml create mode 100644 apigateway/charts/v7-traceability/.helmignore create mode 100644 apigateway/charts/v7-traceability/Chart.yaml create mode 100644 apigateway/charts/v7-traceability/README.md create mode 100644 apigateway/charts/v7-traceability/templates/NOTES.txt create mode 100644 apigateway/charts/v7-traceability/templates/_helpers.tpl create mode 100644 apigateway/charts/v7-traceability/templates/daemonset.yaml create mode 100644 apigateway/charts/v7-traceability/templates/job.yaml create mode 100644 apigateway/charts/v7-traceability/templates/pvc.yaml create mode 100644 apigateway/charts/v7-traceability/templates/serviceaccount.yaml create mode 100644 apigateway/charts/v7-traceability/templates/statefulset.yaml create mode 100644 apigateway/charts/v7-traceability/values.yaml create mode 100644 apigateway/samples/multigroup/apim-ext.yaml create mode 100644 apigateway/samples/multigroup/apim-int.yaml create mode 100644 apigateway/templates/NOTES.txt create mode 100644 apigateway/templates/_gateway_helpers.tpl create mode 100644 apigateway/templates/_helpers.tpl create mode 100644 apigateway/templates/_portal_helpers.tpl create mode 100644 apigateway/templates/aga/aga-configmap.yaml create mode 100644 apigateway/templates/aga/aga-deployment.yaml create mode 100644 apigateway/templates/aga/aga-hpa.yaml create mode 100644 apigateway/templates/aga/aga-ingress.yaml create mode 100644 apigateway/templates/aga/aga-routes.yaml create mode 100644 apigateway/templates/aga/aga-service.yaml create mode 100644 apigateway/templates/aga/aga-serviceaccount.yaml create mode 100644 apigateway/templates/anm/anm-configmap.yaml create mode 100644 apigateway/templates/anm/anm-deployment.yaml create mode 100644 apigateway/templates/anm/anm-hpa.yaml create mode 100644 apigateway/templates/anm/anm-ingress.yaml create mode 100644 apigateway/templates/anm/anm-routes.yaml create mode 100644 apigateway/templates/anm/anm-service.yaml create mode 100644 apigateway/templates/anm/anm-serviceaccount.yaml create mode 100644 apigateway/templates/apimgr/apimgr-configmap.yaml create mode 100644 apigateway/templates/apimgr/apimgr-deployment.yaml create mode 100644 apigateway/templates/apimgr/apimgr-hpa.yaml create mode 100644 apigateway/templates/apimgr/apimgr-ingress.yaml create mode 100644 apigateway/templates/apimgr/apimgr-routes.yaml create mode 100644 apigateway/templates/apimgr/apimgr-service.yaml create mode 100644 apigateway/templates/apimgr/apimgr-serviceaccount.yaml create mode 100644 apigateway/templates/apiportal/apiportal-db-secret.yaml create mode 100644 apigateway/templates/apiportal/apiportal-deployment.yaml create mode 100644 apigateway/templates/apiportal/apiportal-ingress.yaml create mode 100644 apigateway/templates/apiportal/apiportal-rbac.yaml create mode 100644 apigateway/templates/apiportal/apiportal-routes.yaml create mode 100644 apigateway/templates/apiportal/apiportal-service.yaml create mode 100644 apigateway/templates/apiportal/apiportal-serviceaccount.yaml create mode 100644 apigateway/templates/apiportal/storage/apiportal-pvc.yaml create mode 100644 apigateway/templates/apiportal/storage/storage-class.yaml create mode 100644 apigateway/templates/apitraffic/apitraffic-configmap.yaml create mode 100644 apigateway/templates/apitraffic/apitraffic-deployment.yaml create mode 100644 apigateway/templates/apitraffic/apitraffic-hpa.yaml create mode 100644 apigateway/templates/apitraffic/apitraffic-ingress.yaml create mode 100644 apigateway/templates/apitraffic/apitraffic-routes.yaml create mode 100644 apigateway/templates/apitraffic/apitraffic-service.yaml create mode 100644 apigateway/templates/apitraffic/apitraffic-serviceaccount.yaml create mode 100644 apigateway/templates/apitraffic/oauth-ingress.yaml create mode 100644 apigateway/templates/apitraffic/oauth-routes.yaml create mode 100644 apigateway/templates/common/cassandra-secret.yaml create mode 100644 apigateway/templates/common/domain-key-secret.yaml create mode 100644 apigateway/templates/common/metrics-db-secret.yaml create mode 100644 apigateway/templates/cronjob/cronjob.yaml create mode 100644 apigateway/templates/storage/pvc.yaml create mode 100644 apigateway/templates/storage/storage-class.yaml create mode 100644 apigateway/templates/tests/gw-test-connection.yaml create mode 100644 apigateway/templates/tests/test-connection-serviceaccount.yaml create mode 100644 apigateway/values.schema.json create mode 100644 apigateway/values.yaml diff --git a/apigateway-helm-prod-apigateway-1.18.0.tgz b/apigateway-helm-prod-apigateway-1.18.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..fa956684f218d37258d731795c0bfdf0a2f54263 GIT binary patch literal 29825 zcmY(qV|1oX6D=Iu$pjNy6Wg|(Ol;e>ZQHhO+qN;Wll#l_o*&;i*Sc1%s@>H;Yjt(+ zUHFkuXh8pc07@WgeQ`y4Lva~aX?G451142^BPAB|ze*gea;mDVGHO;9`Zh-H$_lnT z;>K3iKv!RH4mhn1bTA+Pd|-qZPaE41Jda3Pg?8aHib!fm5i(`Q_q%Uk@akZ;;TvHn zFy@Lj8i;1Nve>xg96*Jp9cPm&o^{YWVT24Oq)8Zk{SfekVsiGY969}IZD;eWzv{M1 zH?Lh{5fF}gw{6(IZEIbfUWNYEd3Npo!^L@y^*MWfetALk0oo>AjDMHL3cW$x4!(?F zy9wrwLz*BQO{xD;}>chUXls`*i^Tifww;EH&W5p9%pj&dhmyI^=`?wpBQ^A9qH(1>EfK+Xnz% zVlBRVW5{RH)Mk~1rudoWel_-)1&6|;#v&hr_L0^3x-rxH-r)YOGyU|6(!oy~{WvMx zmx5D}o{XX}_t0*kP4t3jz}A9fX;8Td_6p*I;bNrypywKcu~3bK zILv=@MdQ*3wHOk9{fa7smFE6Uh=Ghy0tXDrI0WQ`>?en$DF};FdhLBM- z??5!Qz+NC6^aKjip=54pz-AhKc`ZWW@@3o(vNp7|z=bQy7TgtR`EJ)h+$bCI)y?F7 zSOiI+A+I@8m}heZ!~rsxZX+qA7uk&E6d@CFO%Vk$7DCcSFtr#ASe;?vvL&>3=Sjr* z59L8>3G)|SYOAiNpaNNWCKL2nlb>Y2`^$&B3*e6&$ikNCXr)=WkY2@abCtkoXZolw z0+cK^lYkTkYc85i$I$e%Kn6wPi1nngN?nS~a$8`T%#!5-?!vV83K&eZV8FkQReR?- z>flGuOe{2njM~B)fnQ&I2WoB0f}_`gw4!P#dhL;wE;z{2auo*%$;Of;8)le*WK^1w z7!j3NJ@axQyPv-WluFi-VF{5W1({r+55mHa$XL`z^M?2lQhlRt-7X|q+6;w2M$3+g zL`!S@)hBN)|BWSl(ShC`S9%S`F*q~iLUYcW)`Wre`Ng12D_VelrO`SE=+fBT?+1R9 zmfWz^o3tj~x2_3Vjj%Tie_KR!ktjI~)KDNx5aH(;&!1vr@ae-w&vP*4fiJ7-gV9jx zmBv7G{B|G&8*TKzDblpiNQ>f|h&5o`A!30)a&49fE1G|!6{W1*zQwMMX8q*O>M-bf z@6U`KGW`QOXARWH?mV1#age@t{d?~h7|wbOso4X12GQ)}+sJh3Hcz(HZ9SHM%UC)2 zKAxY>dS4xZp@DHEbT1?UL;p0np5hP`0J`mLmJ%Ijw$?!n{j%*5I`S!M{8jc@OiArP zrb(e}$IfDy1E(Jz6Qk-W{I3$%dIDsbTc}mQNdt01dLUd0s@V*N41xNQPS7v+Kk_Q& zY3U~I0ik*|k&Q@RfO?M_fbS7;gON-aDv; zpwRre91hS;K%^E6XGF3h7f6>%jRaa9f72R_6>li#i7+xMBplJ=7nRh$3WflmqJ$V- zoVYqbi^Fnb+uNXLjY$@uexg;@^jjgbRo3#Gvp5sKDV1qEPC^v#JM~Gv|4bf?s#V?uiar3?_H&NU%@Mff_hADp6qdR59 z8wn<2N|q46eTFr6gqr;8zxwvFTN3O3_J8Bd=pUj@$oPVHux16CK0K_E%s1kZ%xEKQB|=#iNu{ z>Y)$Kvcp5Y}r6Egdr(_DVOJ+ryMF4x{ z$x$R)3q$aZa|hH*<>xQVodX+Eu!;+~G=C2=IYWY78Otf=e=sEXpS_LVrcWW62U18W zvH1@*$sbL=ZSDhg;qK^W!9$RKIS&_eHH;|{u|xS^gP5|osk zA+&^J0E{3YT4k(`iLCPg^VCJ613X%1f-d0B(s--5I#pnT4s9ZEm7xK4ygW4^rOgzX zp+R6i${UCiK??!bE@#kn5IdnV6qO z!PeR$s?5uT9?2%?$WkXPZEO=A~qA|6IY&3nL}1N(b5G>?f8 z6p5WSK~*)xTl6})5rO@C$Bm?-+f%CDThafH9bch3x zT>Ru66!wM{L_cUTdcgZ1X^d(ZEWZ*f)5Ti)!o0AkIiqW-hCgG&e-$|R+iv6vD6Tb$ zgZ(Zx^oW>Dpc#nW0s^&oAJ(W#_ZHu-hc|cs$;l0At?<##%+%h{-uS$f&%HtBxjTD1 z<24C9ee%uv@POmnb~gr>Tf*}{AU^bCj)k+GIVqOp;6=5h+3#Jh3do``Aoj1;x)-0# zTZN8ddVReE%4U2Yjw5|TNW}8%aCq)@dm*fYOYXM=&|hmQ9ZZEd2nR}(rTxsB&wz5z zGfVXD;Od~g$tJk3Q^UdpWTZzx=RVzDTAnz|E;BC%0J`Cl-8Es4Z7T?H80lela5Ubs zR_#z3jc4u*VA45H*W>QdyoO}21)P8fOxdGi+bLCNbL^h0Yt^!mIy-OSMyWG)gCRj% zU^@cC*(Db55{GBILftReX(EYI>97|h0Eg#mnJ&15D^LTbBF!D6IKrMvQ)yd4($0nj zBCx=02O`MGVM19xW8M;we>X&8gJG)9D%uy+{xJdgmFW3DfT>K%4QKPNn5B7VS;&-?*jUm^RA`LZs*I{lv+f|x8-r7I@ z_rE+iR?dd2&e5%4AWhU#AB#`v zNyKUq^o&?Q)o(#9dCi^?drAwpxE3tYKxmaubcTSZCbQj?k9x z6O^URV9LgX$VTa1!KGi)fs`&=@e0tQG(f`$q_R)5tgwz?^E|3e^YBFx)`U8NlgSku zjd=Qv7cm2cmWFGG@emw|S}gmv>GK{L-^yDw7KZor587G~Ti;7}B~C2ul=9TG_RPSW zb;)l?brRO&YFA|8LsykhhIIw5uAJBnm2ufe!rHBt7F)tIea4$g4D=D*f#F_ls^Kdl zsWOdLtLCq9W#UXs2&4I%4mBcEuD_GuR={9Ad8~--tLI<3YwXA=qH>wSr$TDF&3^ut?MBqX{lL3YN$N@9B+l?J9<Rk8zl7R0l)z*ru{ngGjiZ?O5|iU?5~W&a z{Qw*tUH{gl=KN8yCAK?WGx^_(nnA~;m^vyhsUuev^&QFd9dRwk@(&~eMMBevx4;_t zyMslTn|G}^K-8MMhn6MJghmz`_tE&ytGB|*Yc%5N>rcAfj^|6zJJAMoilk;(Z|59f zrBd^AX;LmkCKeQyDQEBtMUpx^DS=3xyv-$1#4iUUtHxhXliKXR^@-)jlS)21J{;NH zjumC$E#UjM&!bxzMkqBr(lweuolkO>#NEJ*CC6MOgph00YjhUD^qdIt{JJ9FCaR6*x80e5G?(Sk zSTndxd5H7Y|5EDuk( zvBvTWX^;InaK5*cTjTtdE256>feCRFwK>d%RI+^RFB@qEu3;hRHS8-E&cXM^UI{;1&p7!^bp^mkG+9_e|yUWd{M1{Zly?-fTp z^MT!bU0s=!MNtDdLRPRE_N>B!CT1Y^_+@w?+tn+CF0Ok#xB}KPI?ikkh*xGBys!=wNc3mlnLl$=#4pi60bBRW?7q3LouSR4vjd#U%{>Hlf5VnjNTj;DOFYt|4|C$MK(9SAan!Ua?8A>TFLhIf?0E2LjRR0!@yu2j@NJKM#`oe>ofMTXfMT> z%6{s{^?q6d+YqG&$d1rGlo|fsO+K*g8~$%TH&^%5S!vK1BpAlcM_?&F<(LskJn-F; zA(5!gwY@R8og2UX;m*p$&e+ydP$2v$9p7F;8m0VgTkGtKYNg#oXG!Vh4PKSaQhw{) z4ZIKKlGAC0miUMP%3PxjdPWO0Oc}8vJu4B>#a3nv_McPZbT*PnxKY*OnI@)0=SpG3Al2$2ZYH zlG;EjR2^Dy87d;JUrWK98k>`+8LiU9c0OgjAQLl&wd%k-jo5JRZf&-2WxZJ$+1_aT z5RC5he}he`cgFK(g4p@R*2Q|iBD&N3+ua$wxw^HW+7*siR42A`Rdr`$qSJud);g#v zI*x7vD*c4SH4gVpO;d^Wn&?#GOwA6?wRNO`F{C*%>)p|^nqqm1Vlw8WQih~C+$d6- zZ6lks9$t6#$Ab9PdvsS8zxXhAU~`03Tr@`V&8<6~)ry+?Z73w7Ay zWEFKL`Z+>z%gvK$`wqpb<|;>P&95(>BG!a88(f^LP&e+$w;Y5aA_vkJyV{3&P0=M5 zd2Tfw85W;OR;zC>7heO}o}w>&#!)kDR-d_k&TpCGX9$V89a#HZDa1d% z-*%O{z>UGwYpaLqS!g(n3>rfk~emRITFz`3!m$5Xz9!w-5YEd5xiMHUv#j##gi< zFhd8;WD5iy*4l1-PsA(g&Y}iKdC{Hf!cH@GpT`ExsIcv>@W~`7FhSLug6Y4Bgu&Nk zs*i9!1@@e9E6d^0=!EuJKm}>f`a(0Q5cI&@!iUn1prB6zZ93|;4N$X&T+dtf5N7(i zN1h(y(qJ@PVNrN5{UoG=PYYM6(&-o*S{GzAR*!j(O*Sn7j)v|SWGzs-`BozzCvSRkZFPgt z7ri$B#W|c3zO_e&NecQcQEpw1o$T62U5lEVo4e_IMyD9x5dY=36{ALc>88u|nKy{| zH|A^{Qf0Vi;O$xRxpr-(Q^8rn|IpxKqLB)Nu$PqTl-x`oUU&*354MbY8QsSYze(Mk zvHoLl(ADnTvvaqMI_;UioNM^S0VZOXp-1yR;V##0g7h%L6=RD5uXpdA(qenOty%2e z%3I1W4Gi5IeUMg|wkZpmLHVL=5lhBBdD6xw=MjgY1GRms(q!mLf zCQfd)FrqpwA8J@|=bPJ}z6X^=hbsn_Z%Pn0;_WGd{+XuTea;X>6A z5?N2W4Od%&6Ts-Y_}T@0`Feb9>l(ZnN%EP70jUH{wd`(wfinZ<38%$Xi4q!hyYBPS zu5$ z1Fi~d*zPBmh^li9YQo$rP6{%}{3I`-a`{=B$CiBf8xTcWC#V<{!f!+hS~?J-1HNh` z@Aeiqf%2U;%0*~P-MB;-n1zi%51YRQ@E@W5nkxLt7t#OSaI_|sN1gNJ_Jpho#u3Cz ztGXPg4kls1`w_Lej@ayzgYAV8tI?wigzIUc8nyIm*lqRtE?r-M+X&f6HwE&~O=Qbk zLW$iZ9<^mm_)pO(QKo`q%iTQC_j9+I$dk*fglFqitfO;Fx4WiNdkfw)MskQ1A*XpR zBYo)5#Q#oSj5Z-laD5#wdFK@EM^)I%PCOY_+8(am*VV`9>7(`X)_y*AHm<4BJUi&< zvo=%`UApadR-@Xx)cV)R&z%m7?Jq?JBi1^p+hvT4zR_)L_CulfS2 zgOu{fZOda}&@~?>sZ>Sb|HaU}+X7zg0I#>9JNhqfy}MlOSNLCZ*SIdR9ejQ_2^X{8 zB?i8?LazHA2hpB{vl#6z8GIEAwg~)69_G%R2A`T9v{2I$U+s&^qZl&0j&b5L_}}~x zFFO~orwj(uz^@0k?iqG)#B>djx4kB4ztGA_^)6PM?oq>gZi-+misQ9GPgF@zZj zrD1V0(A8pg(q^B`=uIQ;)VoOe3zauu5N94tKqvjHJl9_B&)OCo2dZcaY4I*hh4%Q- z9W%jfb%$G7qnQk~cIY!*YU70WaEF^kIi<1(&V!pwo$p^cZyXcYl8aw7^x)09|2jmO zo6aeAzpLKT7ioLpc4fSH4m)&c_&c0aYpLaAU&AAhMGCeA+xJh)2>3p^3*w8F0xP1n zJzl_V3l-DE` zdR;hBMk*bbj?G8kljNzSJ5~z=O;E&$4CjWY?Hh=VvBaypcT2%0Fo#R{VSv=g*(xth zjyz|8ck!)6F%=o8B0UJwk~~QS9ua+XVqc&)zP!RzuEcagCzN*iq3p>gmdk@IqlX$0 zO@BMK!40vHjIcYnWHCIlKTWF~XoE&AAryme-<>ZJAD|ch){Z-jBnuTqx`pPi;6E#w` zNn_j^$WXgSqBL4ylvTW;^p}+}*i>4M9j(SscVp-pe$m-_&lb7nOj`|KyMkMOIgD!o z5IUmlt0Inz96qEJsj*?@Eln&~GUaE6iZqmxw~#EPGOa<^22O0wpeO| z_D#O3R}Y`F{EmFNe(#a|m&G#ukMzTWj=m$GezTz-b=(2_yjSpvg|NO-RLK2oygWei zV+A8PP?#4`iqKjySlv@lKsl|+lNQeTXptWw z%`HkQsHUTsrq=$Je#zN+c2q??W{|v$Y$W1-0oA}6Q1z%J7N;VoAr|+8l~0!uk40?C zi^UZ;=f@C4#%qejSr>IXgRK|HR1lA~8xf|8^LTYmz z{J7;ozK$_%KPd%Qw&Vd(op#IvBPHP9==2pd2*i{6n9g8(E{NM8Uac`eQ_ZcEs) z^4d=$#BLYSV%>LTe;-(FxG$jkFwh5zK^v%`N~pMBuo3qwh=DH8mBfHnko`3AfYtjH zkV#G-oa(qw5Naqq{hug;+HO8KU z_);FASL?&dp>=Yk+;G)7T=k44+m%LxaNyfvIew=i%4`Xmpgl;sk=L$4RCxQHLr7u} zDea(|pLQA@NuvHALaTwTx^(^a!R{g@3`KhG(7NEn@uMwLE2xTxDc|>{*7b?~KW5@! z2K-p$+J{W3U0ASS)Pe&77~AJtd=GU9-K(yp+O`DPSm!|m^1S_`ZHd1ss&%enc~tbh zR-B+E@Y?>KyOv;MBN8OaD|}SxG}Li*e&y#?Vt&QB$(cj}*Sb5&LXB~1*RshO7ZLu# z?d(ZC=OXXe%-DI(K_Q3JtR3Mm?bnjP6g0#Kgf?uwZE%%#gE&RMe(r-{kJAi z=Q8i7My92;scZ67wbUd`s@qDG>fH0?scTd$c0`Ap5j?63(S>H&@S4>jyH^%Vf8s!$ zR_-(BWcb?J?x+gLt7zvS6Wn|a zF|!rqjPmn~|GIPt_yLNR z9ukf9R!0X8F_$a*x9JQ^Z=yo-*GRq`BSP}a_<0f2#t5F1Fj3)oLA?Utg+ytSXLUx0 z2IZ{D^o#*-2uD4@hQw(vdi53a$Wyj%V3mx#0We~z5154gTOk~EAciDma~sE)r2R0P zy~2k-0fS0Zk{8E3m9g#GaO?m0jNjeL?JO5EBR}X+ z<8m3>LqFZ*|~iTRUvDh11P)K|JU zbJx+Ep&$Z2fsmze^jj3xs1dhtNarW$QkuhSJYoK|hcgHnweg;NKs2;pN@N}fXp|BL z1AU>=d59I!07KIn-Vd!0ew!wb0j&FBF$rwJ6<2S1kpYClbZ0*iN3C(3z($aaz^3M) z_#9@EI%j{c2gP(==7hxkkI-%rJMBVj^dYB8mHpHDoypL9DOs`|OD}1myFShTpipgE zOE@J*J`&meP=yI2p3XomSq?ycbTEH~HjO&?VBiu;%XqgTYrh&h*Mf&@5N)pm!Ay3B zuo)(s`uA8+$;{XX;%R=v)uXAz%W+q6m4BJP0)0?Ob$Le}DG^?|^XNAQmW}K-sXDyD z?_v35m>OK?wC1w(`GBZo1{4*0`fXmgnTd@ztqgZ_IN4NQ{SeA=2J+f$it$=L1xt&< zhgk#?s~h@GK{8H6_xriY%ty!gW}DZAU)SdoGYn^f*mqR2M+C+^Hg~*>x*};&QvJEA zTN8vtt#HFLhBA(#dC}2~Q<3&#_3^va>pBMR+jk_XH<1TN?W-O|C-ixs@KaJ^>~5LG z3F8mf&^t;*DK@l(;P9XfE)vrfEA{OhTGFlT@nAqA0>K7W(zK7<=PKh6e4gvimFk;N z-;NPoSzFl!9Bv-&sq%M!@a7e0lE9P?_{!UDk(q15SvrG?CX&RH?lL1e{z?+A4pCqc z;rm2rn+(dmsi!#{ry#Dac$qWVzwMOlDJRxL<}l>?QTF3>3FhWstD6BK?Cx)qikWF5 zZ5GF*6RoGL+$bsVA!&Ic?jiHH44N+d67K@ZfSg^5p9KX`3i;8h9754zWf)M(<4mrm z+Ey5>*E)sP-;!BAe8E~(@+uHAfYm3cC~~_gT76Y=XR{*s9*>#D>Npu;mcpt&f;#f04kg# zT%j10!`L4`L?NQ#m06e87$bp5!K-IHUwz+3M&HewXTd5=5{%J{5;-0D)+ zlan^{GSz40#C!AymgL~#l1UXsax)e+sk8M6RY4J};kl1`GnVCM*2iQ$&1`dT1gteQ zU?G`)fD+7ub%eEv&-3iMwj?T7^ZpoEE=bZtKyBScv zT`%6g%1+S!!%u6PfWlM)lAe?<@P2YHozr8M!*jJXW5=zOxV+j1T;xAyQp#_q-6H*T z`pAhyWi~b-dhwgTK2gw1JQ`W^jn9deJ?uF;RPJctRemeDgV2>C54WeVbrb}yqgdoU4oz|n3J4Zrx zmRfF<1^yw0@+=yu`#ePf(T=fbLd+W^(Z}aNX2Dy|gK$E3!)xOxZBpC&;XlD53$`vc z-x8wJt$MzO3wr}DtiurJe@eYUR=`xMl345JH6AX`m~ZE{&8P00>;EHSMdQ=@3hmt8|jWCcmDkMRQUnjfOFKq>RJVUL4gVQ3jF$7d&S4cak;$H9ep^K zI>q0E-UP*hXBa?7S=fuF=@?GS1AY}dy<80uUuIX)NA}6fL6}-_z~(1y11{B@kQX|& z1V)Xf7sx9=Rp!!Ly)GL|%?ZgXZrn#Uqn6Fi9*kUqvPj4W)Z$>E@`6kQ`u_p~S^BA^ z;Vdme%rIqWq$Wh?cA}x;wo#HNMlPx1hf$V2)0(C$jFFk1O+5g}olc{q3AB}?VYoLH zMl6nx3Ic?rTw)fGzsOV>pYF+$=agJvsWL4YeN6nGzdnFAGqTG$@``$0j)JL8MYzU&AGmYdd zL-UYdJyTmaNN>9eF&yHdUcP!AgsS_v#9KYM;3?6b;U~rn>VGNbqNK#Fl(KQcJez8C zs1zn{d0Qg#@HfZl%a+3<_vPr)w|hsw7k?EH`w`mw-5OIG@J&9yIu-Oy-mb~zIi0wa zysg?wFb3so>m8A_DmUg_AKtg?*QsRSSLppl-V(Yv59JFnt;&?lWPXkI&H^<<59%wM zA1sEM4#XJ~;BWC6qP)(?gTWHUN`LDI$8HQoZ$W%pdk*RVeXvmq97W$C4Ure=$1NpL zGUr6<>-&_qM?F&$LR9S}>=0MKX`>b87x@P){e}^KvPLApBh(%39E1^w^e$s#Dh6I% zH)80S_x-Cp(a48xahLGzqp-;Pw&c?fg898W55|1Af>zO;hm)9&8U-Wq_k4qL@o}kI z&O#o!wi)v<%=~IVSbP$3MQNy{aX+Ndaa4u$FF5lq%6%PGUr)BkPk5~(^*R2$H@?g~ z_uZ#Pr!vh|T2zY25;>IU>C2;pflQOop^Y=KS zp1Q?@YOCS|f)aTTItyI#Y=^2qjY20~V@mrc(Vm^LRqQtpVgS6&QDQbRPyd8V><(ec zv4$cai5miyPUR<^h+hOAgF_IIGJzWiq+z!vexE1=ucIFVy}Q4zr*N{( zcnp+*;yy@vY3nsCAbSJQ_N$2EgEh_?VaG9nW5ZfjV|ADHJ5F>BR_`J@_L2t_;i$I3 zYsun*%gw0g3b(cAR{RBYG%|4T1LRR~KHs_4F3MBUQ1Lu2XS)!b-A<1ln6jJ&S4i7E zk(o@{RCSBqY=>C2r^?SPd2Bp3Cf+atB;n?}ux~JV*pz(i-np8p)k)2zyqgyt;F%nH z#@pZ@<|+w!Nf%6oaE4?Iq9C>}iE{$fAcD~iAV91E)j4UMj?+1>L+ecSUGS)%QATX?E1UMdi^8yPsi!P5UJPt#nUbQ z{Ny6zmttXrn|!*J4m6MB;^c9rr{WtQj?i6iioiHjto7O0X2oeu;TYgwo-5iZAhde} zU`ZnJwCD11gnl0VxE)Z%zYrp^O zB$!w@p!j3TUq9nKI-6<1|$5W7E=A@{8r-ch^mqsiy1y&m5;TI73( zmy5l2!KXLJcq(;Fg>7_k&$^pjVJob}If#gko4P^n$0o-1ZO;l*V`v2>%hDvlf**>l z?}3rDHT@eHiNSk(!1<+Nyk9Fvga=H#pkzLx!gIMX5z+e;=30ZL`e4J6lf^+*(=0+W zDn9f2!s3Yw7u5f`7YMP@4DM2gRF*R4^j|kpJM*3=$c_w z``eL)C+TEr$N%+?9?fug^G7juYTKn-PPf;^z+q8p4_Fckmxl#9^zc?gC<0QRNwzs{ z=|VO&tSzP%Dw$-%BD7;anE+w{KL@+QJ410w&^o=IXZSwWEFFlQ_IN2zHGGTHxG6}P z)?lAp7|D>0);nxEYOM6iJ)Y@3Tp~jvBr-3Y=`74g6OWKrOSGKhU+GLaM0}}{MtIAF zijQm#uR!YXDErj!``=0PMPR-Y+{rPyF=eBMn5n0(tr(?)AC0>I_;!546kbUpQWE31 zRP|+))S8EWc%KSeHy=-D2lpJ+bIsI^Kw+c02Fh>PX`6Y9Hx?rb@v(R~fS-$l^3X#V z8o4-XoXF@murS{1JBz{o6Je|$qDNJtc%a?of zyM%+P%$)(u&^RXYk>F(#3hJox^jTb1R!+|D)^;yfFJ~{$o1L$Rx3i1AtG#zJCp+{= zj)DgEZwLpsm4b<*4s(ym(lveOu%fwCfhrO?cS;IdSG;wkLPmo~DVMr$oJ(22nGezv z4#8Z8y;WU|z<62V1LHqL1vQ*9KN)-{4y#=|5^5mC^J8L!tbx-RwY}{PtPVj1s zNhQqGMO7xP7HoAPC+6klAo233Z@jZU3%8rWF2Bm12j<1gP6&smJsUqe*qh_9cN0Q% zW;70;bM%fke8~~Cu8zcbz)$&pMn?puzCD|ED-U~D?u+Of;4;mI&~Ql3xu2RvUU{7F zbPfI)ZOcChm-634(j!VK{>$SM-BPPsu-ZNF9{9$!yMcjkWN4pmUNRn-y2+5r^ zhFds~lGKb;FKJ|ST>n+dhR^3SQ-spn>N_7wUs!t_0*)A0jb3vtIwFt**oYrh>k{%rE$PYt0xNn-` zZG@t8*-(da%ReYER}U?Jou1?J>QbOAW=n%`CO2uzM~ZKgyLp2him8VmQn$<5{kfgk z{Bsq6zeqi=#p+^^ty;OieP6|Rx%$05D{(07(Gz6oDC)e$)poGYyM(asejZGp#D*!{ zD#Ka&iLy=W86vqZ0v#!F^379cDk7Ww$hG_ZMwKKVCAhLfzxlD5{kKdRLwKWvlaPKe zLf4!o%MPyrl08liWd%pO@DshcvB?O6<#7X&YMGy`XS=-d{474$2R|t;g=+Bq87Nvz zc&bf6vG$=To6)vf6u%!!@j45|T`hUvKApQzC8XB6a@nG2Sp4F!+cpxp#i&xXAAxwg zStkdxyo1VcYEo+mm)L!>VeC8p|WP#?by6*TEP z$+u-3mnrMlR zWQH+p$>S$pvISW9>`X%^3@_QcwFva&Ogbex*n2)Az?6Ik)8{tKIm5aJ3PP<&hF;vZ zaFivLoSbaDZ+nlJ=*o*?lQDV^P(OrpKI44@n)$o|dOmq@MnzLn5sBauQ;RfcM+qBw zErq~t@J%8$p!@pV;<~q6hYlIA$i-W64B*UZinbR0jJ0*T9h#9sI`dH$%UBQo$ZUzj zwv&=LkMQYbaMvL`CF&WdSj`Xgb}grr9m-UW@uJwB+yxE&Y{_N()FtMcqJfAw=taHD z{i(2dpJ~AAUC}MTDJh!BJTI|Sv!F5ryjq>zNWI<=p3Zz!_8o}qdUbP>d~ubpei*8stOrT;Ak2I33_a>ZJMvtzU%!@LyF2`HCkr>%WGgfK_9D6M7f50Db$fA=mnq zO-NnA_w$uS^kTh+8oS)LLIC3INBg^O5i8iF`uVEhjRjck;VEE;X!$juNXG;?D3 z=yXY!XB=lrO)@DK93RqDL6Ibb)v(toKXwkGXeF&h5WlHYaw$WmTH=(_m4#@w7N7bV zA(OMZU&MPYHx2{HLXV;oK$!6ade3=KC4?|KiP#OJ8GH&mkW+dnT#@?%lYx(=$=|}& zcTM;Ae(YoP{RzUE!!U<>KQ09vU9T@>;#|c~SU07#hDw)`+pwn3A}BehkCaXCfSLdY z&lq=2mYH4qNe=1Y=b_a1^6?jAJRju%YM=q-t9;UXe7MUmeAUO}d;poZ4$?DuOCBB_ za?T_Rbuvz6E3k<|poAmB5CH98&C~tR+g&aUBZmFx#j9L;dJiA3#vxxf zw@JIXO0$pZ?a>WjB^cneC9}tOwR-ncQ&gM2Y(XH+;b!>`6!Jql@GwcctJH%2C_EV) zJ&t+&BKNc*AipRr5YWoRzkf2q|19%I5v`|2gQ(QpfSky73cGN z2TsV>eCncpFZTNoefR2)0%}jkQvsEJzJDu8 zqM?$>Snm3RmT`DksyEGhLe=RXMYX<=n}%wDMs^tG`FFmxf1|5_JB4UKcgm?0%y%Nr zGYMFdM>h%@1-yMT@q(_|<)hxe+# zT9c9v_Bm*dWl&E=jMb>u63cDTesbkW)|e0FI5N~B-V->CJUpzSA4RGn@>0sFDo&++ zD8>|3Vpz05D)zab9=%v+rFML37w7E;V>(1YNf-Xc2K;Z{e_ldN&#rAr)Os(hV>!;HS z%elw2whdm*01~Qwi;rbR1&gPkmSX}Ut@!E8Xc-Uxi;vkyz$~Q*vf=wxr0DxS5^Y`p zv)U(n!B!x9qwf_qmjEP+jjzYU_;YsW=7vr$NQL`P*zhRpDiVIDa9pu9blkL8^L6}2 z{BeUy{Kk{C){b=4RB0LP7K({dL_5>a&Pk>VR&enwzWCL^I`N&%NpZ>0IgZ=*S9>Rr zyQ6HK$H*x~T%{keIyP@fDR2!ik&;SsYyy@{B6t#(Z1c2wI`WeTp4UVbh@_yhN6PAS zp|S^hW;H~`W0)3I9<}k~7jBj^|kt*P?V@tC3}m?axS+joeO8H+y&Qx0`F? zV#;s@EgO?X(9G|A$9nyB2(R(q`41w5P9?UBg^UkJ7x&*^Pq#HVaHYBicudk(!_>>_ z3)(IOtVh#S2{+r|g&dG}{-G$v&@T=fH)&u&uTZ3vzFZ>hvub-vKxQ-foT#8P&eU;&FKyV$6mJ z%<}c0amm{>s@S#a*?RT8+Pft)J;sgeeiPvBR%XvN@!g{D*4ZFFiC-;X{W|8MO}tlU zTkk2r__z&he_{x-4;oUhqA|dUvX^;a_r=L!szFGz*GDIX6J?*arOkDz@|+|eBn>1@ z(+5`&$||=fSAxqcD>RX-Zc4h5FHN`QpaHwV3VxBd_#WLuU$voP&Y!10?^^Noqy)X# zb_6=)OSQXQ(oMTZW=W8rGUJ-i4{Ygx;QsHKO+UJ~v0jbg9{Sr|@QnI)v*ve=XC=XJ zx+oAW0sx{XMY zDtB0p*^FXXDwakMQ`e*!-I7_V9zxTkSzffekmF<$yEQKlBMw4G#cb++LQBDz*q zFWA2-1gxyof1O7KEOxh%M#Y(`j+f+zl=T2jOz^g`Z_hQEz1}PQrB}J1P6B*6gx`k^ z5;OiHA<6GuC0hyk+V%gd>#T#?de?oAYboyT?ykY5Sh3>nZpA4aRteMQL$;xD9-t~Uv`Gnr6!*42~@AKzq6Cx2l$NoeA_ee{_PtUvt zD@0pe*A%1M;KKdVU?W0S<7K+;f-%F0v*#NBTX~(B(iXIU+b`M#bXSG^PbSKU&mSv_ zQ^4D$TQtTEc&k`*4D2RUCi=AQkEguzCLKvzkn1Nupk_h7n>5;PgjYxaAM1C%)Lc5o zD{OjdnX2ps0sxSl&_RdW&S#*@PBaK^u;EaAr6)7to`;B8@j`gCo#4GrwI8qW6aT59 zESVK7uwndnQtjn8O9-h`@R1Rq6Xf$w0Cr`bN>+a}r`amO;E3y`|B2_~Jimvm96IVXv3> z_L5Bs%LjaaY#aK${^4a5UjlWf;uF9%4Wx#XWAKRIuq*w#iZzp(%*T7*7tWQ%!7TXa znu~Rr{$0oY_C&W$RN9Qc-zP`}g*A9W-^vcXzN+YTEzCPYfq9Ex2m>LazI!gPu+DW# zA{)}6RadDpVm?k7HuLx$oOCsV6ji<3oX(z^=caOW&|b>{~mcvyZO z_}PU0W-4mRa$_Yr;NIQz9OyBIzUC`%2;qFoZtO=2T7(Zp!EkLE8O;1LR6enUFcK|w zBoY^_R~)*O>+-#-Kq*09PFGR#}o{aR(*cm4qu4zXL9 zVRyQpK0LWfpbz`co!wX&9hSqq`;RVtn8pl4&(*FDD(5i*%ch zJL-ca;0;Tm=NkjdQ(Bip{*Xgm0DXYY9-wU#Pu|Cb=!CdfY=NadGbShAvGTstQl_uj zaG^hg%1$k%tS`)TpO>wHjS}pL`uqfUiV=`*3Nk>uAnq1p!^!gfdx5p%2Pv<8%5iUpPd~L!kjK$?pgzPSq9K|R-87=XmyHslO(V#Lo^t`2~;W$$5Hs01@*UHz0sOoU)R6l#cP?z89(ZG z+h!U*chjl1+W+~sYN~(SPXC@)mVxYv)5%87CKr&sv{&@ePai`A>#v^+YCjh0O$LMS z$^E!Tl(zuOJj+PQG5G|)zi6kc7Fx=QyReXsu=7mHs84z;&&9s`&a`>@{_aN^uTte* zmCZzJzaSwkoXU+)N6tytoyvc0rf~?QIT*&_kd7WgU^SUEc)#8_T z=6=$go)enJaqYmHIv=x+qsXw4cpm;8)_BzodKo;B)^i$H8C>uV#1VyL=mjqWLSDfS zQIEE7AG^4MH?XREQkit8?D}0vGcs_o3F!?P%miHC!mWwYWxSIrzXT~_f4LxIH6d1kHt=tOU^O8T5OF>YLMX*Jf$s$jPl2S%c}*hjA#DMBmrC z6v~lk(eBcu(UU;!P*-ZVruGTXo_z&8LK3)&LtqVnNlAzY9)TUZ0w5r>a>)~F?y#gN zuwTz#O(eGxE>x))x@rDPAL`YZWpJ+H=vZc)M|iPdHU-mn=52Bvy!!q!50*@U+TJ8b zrbr`VZm9Iid~Is#gyw`B>G3VX1Y^3OGBLzmmj0i0a1hGFKckkE<1`RF{O8tLWzlw#k- zfSrUTOr|Sfa?!IHEcLVu6;FyL)$9!W6>110Rhd&gV4aRB&(f5Wj6|!c17h`u(rgBw z(mVi%I&?r)`}7UqG6W1w6+DMsB`PRJ4;w{%nTr8MJP{URp~`M@J+;_KQcV`%Y)^yt zP?KcI!fFqWJ%X;H{1So6RmQz|efeFBQwh6A^1XNxd{=FG*0qbIl>eWbD zGVhQ*CS03S4q%r9&(m;rpeNP#P5lG!yEf0Mud+Y4t$V*$?b6SK?}Ww$up-;|gB9R% zF?I&+vf0-{cq1r#7w$KUaQfW^fLFcf%r6mZVc~#%qOMvNgnw6fuC!}*5ObBcgNDzf zDwA6V#5IF9D6BvSCQ&Tpsnp8lZZb0OutKcUq?{SbyQ!i#ijpl+{Kah_kPRf_yVLQS zs}=b*7<*`e>26;fmP>gI3dZoSLj}rO<0uM)H(D=4XC*kwZOCZ~Y+4dKX6IA~SY!yP zpPZ0L(7wiv!X#*M9zOsQv^xp|oVNFi?DrL?qs4>P1Le+9(o0!{I!h=C`lnN^AT~^p zYw&l6H{NcXOekH#KlOa+edzU!Ya~>{v@h(bw)u6uLwoKY!_;l`q~P~Btln`;f-xtK z@6{{!T|W?kw3ae@bKr3laNw9UrxCg$mFE{&ln*Kb+smQWQ-9=;@BN@E;8Mjq;O`9r zdjrh9@+9)W#;@u5w$7MJ^w>WJmE8fx_XOFjOFtY)+Cw-MnH!nHMHnl8fR+O!;m3Gq zH_9l~mdY4L16bE^^tpRlk_*A~eGV#Kt#OADP|p0R=x5?e}5*;!XaL1KceNQ5*!fKwrVB+Qjtf$J?lGx zm`IEyKp;l>p*#A-m8q2cmn1#~=#P6kiGLU2PSNBW@72B}V?Xx}(9t{p+pW45*p;&T zunG+70r|bXH38LMffa|^%=K+q0%abHv)BU?E+&uPJR=~L_|4(!+3;mLl55$vJ0j%1 zKBYuDlptIiRIDPRXN#>5vhR$|Hn_w*Wo*yQna9&zZ-gPj&-N=fx8tY>Fat&-&P$_k zNK3(lf#HT4Q$Qd8YXep$Ty~N9rUJ6vxqyb+3{R9{JgP$EIVV@j7&*VuuY9Y$DRSsJ zp0Mzn|3mn7G!Gj3i)+99ufh*8pXwjsw|#07har)w9d1|rl)GIkQAbUje>}uWaldGo z?}Q4Gb9b8HhkSAe(f1!-!b+9 zG@6@o2%Pb&REai(op=eIaS2Pl&hbOIm+7&T^;Ki8PS{ZiF8A_*w1hE}c`^SKyY(Af z*oC#Jp$U%vf5H$`M5{tUal0~lY0K^L@B(UYg1_ek-!MnvK>T7~J-tZlV6&LgqNZz5+d3eOMS#=iUfq3s!NbzWj} zp^TH^2iNX;npjIe8{azf{HOU@m>BkG@nug7R+AC=_GRynrMp-A4w+xnZROk_q;IdX@`H@wwM2Q+fbU@I)OgdxwCemi(Hrc^eW;Y z{`O9c`A?UVm4Ku!a;8j{K}CW6JXy9t@mt0px#Ib3CuBPvIcgU$yaQM~CoczYCl?QU z=d0m!uOHhvUVg<=gIC{pY7D@8h{b2K@ziFvN<8=p{{J@TZY(O(ADi$!6qsKfDzOOU zH)pZUv~!}r*vpY+zwMPAPi2gbXDQ~! zvpPw%UYx0?KWh8(1&xG-J-YEHbBk(Z!COd(@IN-iD$_;E8G3SKm~t*-P9A<;CEVCD z)~`(Dc>Bd{(~5`7HiDzqN~QMKN+DXIpg5I}QuhXFUhPw&^-Ek8q?H9#7{9o!+IX2u zW}WT;g+}S31aX$PhWxR?SfW49p1;Y4MDCNDYqn~kQg)3LC1#e<5nTDw<6b|FC=5$oWbLr8f{Eb{!=O`{H zl6*wJdz%xL&nra2W{Fk>Q<0k6Px${6OpR3jzrj?Ef=q&Ke=^mc?=q-GlE=+*?2JM; zsX4%aVJ1NU%kecE=>~W~xP`O_-uB~-0z+yI4@qaw`~l2H?#*g~Phm`_2u-LSxA zP1FG&$BMW_tHSk8zZFKrMYv~$uixDIH8C}HuAC3ttSd53v%Zy7gVSH(awuLe zRiMCKo9k8A9}%Bfcygrvb)EHeh`L8{g05G4RH-Mk@{ES~f=|hr6ksNnx$~Gd$uFzS zFHVZddr`TzzlG&h4oB^wG5anT(!NlkqPqd5I`GW#vg;G_VM zTNL<~{m&(zyEcUtmVl@>Z$%A4*i{e9?&ud14|_|JP!L&PWzAl=`7}((>MnarR7Yz~ z=-zd|xbecL*SW37?JnT4N8|$L2&A?XlzsOD+tjcgxwK~I6R_m9}{AE^fs;1lOf=`fy5#c zcyd+i=r!sW_P1;A;;-ynk$oA6_(7f%XPuhwWX#b zRvyf;0IX~o>9VX_QI4jVxQ8SweC%i{PL3&8npA?+6h2T`CSPI37Z$&2JbU%OBY6TE z3Co};_qm|D(0Nkt)g zeO_0+?`IWC+Mjx-Xu;us567)9=j`@uLC%C3L@x6tNl5~31eJMemkAOw>Ce@s)ke7X zzHuZ=9|u|nd+pm#j2M@`@qV<6X0K<6biQyK#J*jUTnwE9I~;6W7`@}g$Yn> z(d%54IkdaNNj#p0K{X=r6M7Tu1K$b_rS7A(^g=&Zy$?cl5oQ%AM4UMfR z?0xukQ}rY>cIp`eds2C4jA3N2<>%ZVK6SMwx_oGW85;Ur@VBGK>{NOEIT)lbf z8H}#vef_7s3NS>DW5X%f3g8EJtXizN1nQ05QhR|-(Jw61D!=-7^EHje{Di5fyVhY6In0=5O3d~u;Z0+&rI+8Hf<)G&914&( z;|E)~CE=)P1o55sItO6t5W{Nms@4EUeZq(2o5e@w9%TEyf-x@FdIcakisR%HIxri} zyn2jBiQGYh6WOB;U-cF-y!B%k%#ma6^8!*6lH|qpNb@b_y-4;`%)#0XG{pCzn!-lW zL&*5g>HQmx5lhHkv`T8z(Ia>{v@_(j#Qr)oE|A%xaXbTii$2fyr;7(4ZgeQ300#h? z`B;<>iaFhs5ZeNt`3@hyyFqM>IDpl#2mC7kbCij%KL@PQp*$a!*)N6mStF0iVfQWh z+05Vvq^SQCZmJDDbu^RwY@$z*a!&!z@@XznEDJ_$m``E1?G28J?MW~>8s>DE6y*WJ z5I`_#!C zCO?lPkZG^)d6@1ijoLk6umpLicvlEN{KOBCzy}r<3R?#H$ozhN*8%Ge#orms_$p5Y zJgE6^oE(Scx^|D3fgNX`zPxmnRy?}m{E&7S=um?i?U}R5F(w;iDZzK2Qwe9gqd!BA zJC7(>R6{s!hIK&a0=lxxB*%=$O^UZZ<{4;a@!Xh7YYuS+?4^eYU|{}Yd2tOBk5UzI z%|EfY#NZWM_5aKTbBLUXD`{mmbNCN6(0R~|DKj7~LLv&q>-kB^WEfIx*vwz;%HQ9G zln0XfufhflUxKzUg;?|1O`HQvGBJ zh9ET*ZmVJ%$1;M_=N41A60k;5^7-e~`L5iG1D|4jDqLSFc42sSJ+EdhM9?zBO;=9txGghySMRy%L&`W#KXV5_ zJ#U^q?ml&`2krj(5U0EJ31F8qY-n^l?Q}T_7y90k4!wZvhZCtzRsml>^mbWvCwnXH zJ8kD*{|u45R8B~*_-Gh?i&{GQrnmSnHIrNh*9G@WOZ|PEW54oc<=O*jdozfsFzcJ1 z2BhO8LVd$eO`_GYTrX_Qe`0+v>7eZtFxVXdK#@JADnGc3xR}gI? z*fm$$eQ=8TT4pTgCz-@}Lt+N_-dkqK`EAkQvUm`vKZdE;ln3~!Fd!r`(HfAq$lm!Pm)l@0I*B$C_Z=lGwR zI!z4r;3{PBPkZ4ql}29uO?a`*DH%U*X)2l3btt>oplL|NK;_(I&28BGDs&^;kTYS! zu_~>DBH;Oo++_RL!M|CVM#;(2>Abv@X7zKoL*>K&re#_)BoK{a*CiwE9}NyDFNvFe zpZsJ+o!R3$HpxIk@~Om;3o)Dbl%#e$vt|ytXk=qTKEwX>co!$w64b;o0t@&G!jw}c+G1W_LXEm5D&Wm$`1#4GcrLY65w z^12Osr|W+AVe`GO@8!*rSy|vhEUjD%1xhbhT_^X{(=M5HZ%74m1XR;Anhe^}IgprTKwE^q_EXg7||KjMT5l0SAe&+i# zI4>OndNP&8q~0DiLb7BKG~O$f^#yA%X~sMi-9QcnTRsA9-7#0)3lebK7lNO zcMGryzhXIb=Q!Izs(qJQGJ8<~av}9SLul>m8o+p6%W_(MnJTNGar6-U+$wRJEw);N zcKU&e+pUo=iaHBTnl{3@ftoY~zdNvA{HwrmO}coCFyj0EQx7-Y3gS-PimrzCrp`(UJ)U*|29-J>Gh{EZ=BpU4)bp8sR8SIcn z3^*0uWUk*eJQg3?^I0klM!bLf4$m2gBazqUhE?{Zz`ytm|5c5i*1(F>BJghVtq3#x9s}>c$ z|6Kg`)jy%#|t(4xA2PHTku~*ongn_QNoe!!J~L5H`loG_Ixse!`ty! z)8O*VB7=H@fjpG+y%icEwYb?I8M%i|dGeNzup-~seVnZbys@g-wIt^nxU266nfx5G zEhmcFrm>}c(6MzC{eU(xoxqv}2d^PdO5lskaL@%P@~Xl+uo2O?X)kS`5%rRsAT$ zd%Mt22EF-qc+@ETU>;MY)@~(=_q1ZK+5R!d*P<;xfRKWNZ+fGBezlwKkR$Sv(>8Ms zF#RSkiy-2B{9Op&zmTp|o1-XP;fx|krgp$Avy(Jx$v&5Fm9s$1xo`3+!Vz86DwHXz; z#vZm8ju7Ld`T^7m{faGNV=|;noJZ4)OAWB$#;QtFwDU79okzFU%CA5VcEZp&v(F80>i8;2@Oc|t5`6)3g#9Ee}x?Z$zB%iSM#hBAMPDvem8~o_Ve-p zgWmS~)?eoy4~xL9T`isW4?fD%X-LecZjVRRsoBSS7eBbvp0+sS?$;e3EpeM_`mIgz zr`$YzT)Yi99A#W&{%+6b;t)?UDUfKxFSkiZ475x+Mhqa;|ZuisDH|33BT+T2|K z5#lDJY!i*cgLd8c^dhs`I|%VsG1t}6jNf^DOqx9J2~%|P7T5|pC9g;Gk=KVV_@Rzv zFmsp?9V2QxSkn{8Yp_=ehWp`O9ln&_Hu4?yJ8BPg1|+$!=%tfWHQwm{K;P+E6}A|-tVyhGQU_Lmc%@eJDA1X^A_eMBIpxeAI=VZID*!oXJ%YgJs2Pa6Hjd?} zFCO&2Or>YvFXR_KJ(vdi0Sq~1)u+r2gI$}Rp8rE4&vD^$Fp+iJB76P2qzl`S)N+eHfCc(2rQKo-T)6JuE&JjA{ zI9_X}Iw5v=n3MisRh-T65sZ`SjV$x-)8BxPNd~XMQPEK+ucUu(=0Si4FlzBT&<32{ z@(vV_FLnphpM&b!4Z{EGkG@)(Cnh_Cv<>!epFvp7FHe<1&VjazSub209_Q!+*9YgQ z$3N#Qg&S;@BYe(&Dql^;DC#!YP9?En?km+1zfr{}tuz#g#FtI&op83SG#u)>o@;Ay z7VG;o_BUASs)rDH+bm}3L>4cEd>r(BK3*s+W}U~F{^wnzeLIyuw_02NdeMHt)Y-a$ zNOa5k7qjJq5mWBUuu<^@dc5!h^ZoO*DE&tfOUAstpd9gmrVQFPHvs=3#P94EnQke6 zh8POD3Py|WJdI?H%fIs!jhPPi#?1PLVi?xw8#2#+U~iVPVj0qEO7C-|c6j`>G38lR zx~JMMA(LiGg|n;{air*R8t#Sk7aSibrWXN;RSpj7qXI38T{ath)Sz|_RDhUu&?HQ< zBt3oOw|A>*e*BnBm){FktkFcrpc0g0kcpB7hWGKBSg-Yr)C0GE>uDi zBb6cQq4aW&5=YlY&ln4*nf&3%d?{ zZoZ|3if4on#f3y5!fojPjLkW&Lbx{U;}8%oJ)D@J7z1q4rZkfpp2XlHH>ebc* z<*45$MMFU(5so6tiDz-##z^qtXwIwU1KJU72&g0FE1{l2m?bATl9+l(Biz(2NDePXo|Ksq)`MesY5A$f8U6Bl@pvIT-{0@6v z7P(_}k!37Ixe$7B#TfVc%rnRAUNH<9vDh1OQu5NV3be&O=&LJ#k6%uxTJ7YL{fyrr zh-*Bp`_Qo?f(Rt)2Q1>rT_IT0@W)>}b_P#S?DOHv(_gZFU~)o z_4a0{(YS&DUbQmv0{Si_RF3PoAc=s9w8c(E1KOC32g8>iYeA;oXt(xT-6y z4G!7nqMA~|0%9qUEpojuqxgCKVItfw;fGBJ3Z=M#?%>cY_QAVI; z(4Wt*p*Vk>1f(`aD^%2=DDXb@KW6k*?~u@8)<6M+ljKuLe{b~RT@_yA-!y7J`#*@n zi+97Ue3K<3^MvfVtVsw%^$N>5MH_^!qeK_Th?Rh8M=zuqI;7M|a$&!l-(Zi7r@tb% zjM1j-6>HzZfkDOc*WGJPctoNv8`45YYWH^+c8@0$L!l4s5H0pjk3dUKH-tN;a1wlf zMov2r_pK-T~AYmD5yP zHT#1oGnIHMOd_vT&uG4KHI!R%RGoO5so!qyq(b^y3fL#1h@E%Y=D2IG`f}Ekl{Hsm z`Q!i6%yp869K}02_GD?zO>Mu;5SP>|RN8%Fo<%yOyclp~6sk@q7^C*Pe?MhaOuXEh zLWBR>Bie}V*W*rriO$ZbBPSkFG+^`{lj*mFTQLeV(J~o7fw=9-PO+FE!xqnE8GlE0lyM*- z;9f42x&m2{y%EpDEfCZ~e&MGNot~Z+)21|1<&rXqLQ}9;FErh66`cJ{1%JChG8US^ zVJ&rt4=daHW0qyakqTN@g=t%Sa7wRErIv!IWjABG&O^)a)C7+f_g4rnoU;xg=vy%5 z0qI8}|y(6ak z_~E>T;bwVK_@zMy+=xv>S^m^VFx5nm(K9;3Fl;OZ>*bdTQ;2>4Ol|X$P7Qx~haU!9 z4VzMOiaw(UlkXYW@^5)XObGQls0kV1H9ArZIf$5=+!QnOGg zW}!+^P(u4a#8EU7Tf4tnDFVLYJP}t0JEcv)F7L|F zL8rvgh~l973tBNC8f{pyc>kF>?74bcj*^DnQk1SRBreD!oIxX-Pf((U1?j{ys!*lk zAF2ykD>X<)R05`4+9i&Sxn?~t2pA5gZm;BZRieaOPiNr?`mSeXc)vlgR&6tw!pDtr zCp+bqkSOVy9WF$17L4L!P?rT$u@zxSU-V6xrRwG;P}CgMq>V~EP+Ip=6{w!Ddz_q? zRJCiwsUAOO3(9~$hBew2zU_jWRubQUj3x7o?|nbtSbe$-A-%%5g9=iB{ zUj){5dR+do0+XJXU4u8>qe>q)EAj=Js{{Bri4iN{&~- z_$bTsAw7VrHw8sb(~%EFeqfz}|Mmp5f}`o=zn+7css0$iI>@yYx|xzMrZrDF4b|8n zR&+0|z7{&JM)ilYk?~QBxln3<8)6x4O}wyVpd2H|l5^ljcf6_E8ZRtWj0?hoZP?9? z%KT2Yi$I~Kt2$7NHbcT3YL|(mV!yR^00q|A1l{vHM2?I{J2VZEM|}~tJtpi-4h8(* zU}s{b9OCA7G%JOkF1&~V&xz}y z4-i9Ky#bzexv$=wA$ctv>|eef?iyd--82K81)f~~0!Tf?A}=!15}vIkwckMlMtmat zU{C(1tL?kJ_UxzHvLF!Y`|UNgJt&VCWIqqv;O5Zt^hDg;o!lF1X1e(OI^v&1JrAR>L!Nb#VLC<%6@Dg zAUf7`I8yG8`iQC(Q>?xazHKDr3E(>q)G=b^T>i7MJU~BiAO)1YUVB|S{Fe8k8gx6y z`o8VNMnnzmjZ+D!y2y`Iz(a|Wop4K0w({RpzY2ZUP=&+(~}p>D~MZ~hVwODi$JQcd-iK`Jq_UcYyCfT6r( zi5UR7!y5cgGJc4OJ#$f!4?PAD6xKK%_ z!FQY#&n?Co=bCDR!ZVx7zO?^u>ii7HU2=-3Nq(X|qakKuRVePZZ6L|!8Y!KA9(h2Q zF~xjN9<(tD(3+(^Cv_h_y&hfS)bLJt)%3U;+T~LROA7NUN;+An(QF*bL6myG{Rcu? zMd~6hc{1cEj()TDc|h$Oq|@(~B}1u%Uzj1m^=&&tZu`IR$uL!O9w>$%^2~LSJXd~v z60*$S>+=VOBImykBGHy5zD6g0O^7~6Ktq8}w5b)gv{G`HoiX|~8 znHBy?L#deaw^Ebl#{Ta}T;wrV^>7CcO%X1;{UG6?CK9Vp`(ozQMTIdxXYVx|$&5^* zfDUFplQ5KIiF@!s`d5}tGbC2zM8VXX3$vRGtVEgA(LdvqMg=!?x12r+GkSzM9;TI= ztV|0(^L)PX*Lo%WnSr4DE4L9Gd#I)IIGzrcjCYz~m`*DYrftWDPT@^EY(@%$7}te8 zX%hOYmWSjxs+N?QaUZJ@!n7?M%CF1-0iX@3E#yuWoYG|D@Zz-4V|N@#{`m3U>j~*X zo2iZXefLm7`imqkSQIGe82puWAlbI&8Xzy8$S_0I8TYHXP$i2Q7DWA38CwLzsVTag6aVk=*m!Rh3H-JW=M!DS1_ z>etzgao_j8Pt4RuITUl`g<>z=O3L1KdAhJ(e>DxT=)~@p_9q-8d=)E@IxV2kF_vLg z^-neR)j#F1CEb2Diw1p8=G=72>Ga*j$y*jGb`z_ZsoYO+&OwG=(yA@u(@7A-wXRku zqzb6klt+(Itxb2CFU0t3$54JvPE9R#S1E8M;&gx2UMH5gj3w`S;Y+iw8FH&8a)Ink zS?8KK{DrpmrBaV6S9mDLVk-B?gfAIldQ$&)DWktCtlL&dP_j_dDL3hM&}~Zbs-_2Y z=hU;mF}|&Umn^+$BMI!EoJw`7DWCfX*2WgorN7u+t)Py;)6EXY!1Oh667PfQ z8d&GNNhbAm(|8|j$yhRDb(DFoe>9v5g7Wx{tMU@g#GGj&@XBO3$z$J6;P&gu8kq($2ZQ%DDef2Pj8gI%go`yY-9%kcd7k5P79ZkK}W1H-5B^?AR zDV`6>rB8#~f+6T?!NPWBFPoWtO^NS^-&E<Q|(tahM8zl6o+8qOlxD$iGeqB?KdW zoU_FDr*^;-K{tXS>&=xd_z6+1=Iszfo)f;;mHISw{{HT64z5X59{^VF0ID{@kEoFP z)!^0hAZTuo&O^OSf(?)5*cwKh+nwQY1$()G9wa~IP`Us%cCX+QpL6dY~SJ_;cM3-NydD!&$h literal 0 HcmV?d00001 diff --git a/apigateway/Chart.lock b/apigateway/Chart.lock new file mode 100644 index 0000000..a03a65a --- /dev/null +++ b/apigateway/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: v7-traceability + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + version: 1.2.33 +- name: v7-discovery + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + version: 1.2.35 +digest: sha256:d915ca1c97e84d73df217e13ce6791c09046e174de59edb28146219b7902af36 +generated: "2025-10-13T15:23:00.877522205Z" diff --git a/apigateway/Chart.yaml b/apigateway/Chart.yaml new file mode 100644 index 0000000..f7be9b6 --- /dev/null +++ b/apigateway/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + charts.openshift.io/name: axway +apiVersion: v2 +appVersion: 7.7.0.20250830-3-BN0276-ubi9 +dependencies: +- alias: traceability-agent + condition: traceability-agent.enabled + name: v7-traceability + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + tags: + - agents + version: v1.2.33 +- alias: discovery-agent + condition: discovery-agent.enabled + name: v7-discovery + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + tags: + - agents + version: v1.2.35 +description: API Gateway Helm chart +kubeVersion: '>=1.22.0-0' +name: apigateway +type: application +version: 1.18.0 diff --git a/apigateway/README.md b/apigateway/README.md new file mode 100644 index 0000000..e3cf324 --- /dev/null +++ b/apigateway/README.md @@ -0,0 +1,7 @@ +# apigw-helm + +Helm chart for API Gateway + +## Documentation + +[https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/deployment_flows/axway_image_deployment/helm_deployment/index.html](https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/deployment_flows/axway_image_deployment/helm_deployment/index.html) diff --git a/apigateway/charts/v7-discovery/.helmignore b/apigateway/charts/v7-discovery/.helmignore new file mode 100644 index 0000000..f32cfa1 --- /dev/null +++ b/apigateway/charts/v7-discovery/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +jfrog.yml +.gitlab-ci.yml +polaris.json diff --git a/apigateway/charts/v7-discovery/Chart.yaml b/apigateway/charts/v7-discovery/Chart.yaml new file mode 100644 index 0000000..cc5630d --- /dev/null +++ b/apigateway/charts/v7-discovery/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.2.35 +description: V7 discovery agent +maintainers: +- name: axway/beano +name: v7-discovery +sources: +- https://git.ecd.axway.org/apigov/v7_discovery_agent +type: application +version: 1.2.35 diff --git a/apigateway/charts/v7-discovery/README.md b/apigateway/charts/v7-discovery/README.md new file mode 100644 index 0000000..3335637 --- /dev/null +++ b/apigateway/charts/v7-discovery/README.md @@ -0,0 +1,33 @@ + +## Prerequisites + +Before the chart can be installed make sure to have the secrets installed/available. + +i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files. + +discovery-creds can be applied by using the following format for the secret. +Make sure all the values are base64 encoded before applying it in the cluster. + +kubectl apply -f +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: discovery-creds +data: + APIMANAGER_AUTH_USERNAME: "" + APIMANAGER_AUTH_PASSWORD: "" + APIGATEWAY_AUTH_USERNAME: "" + APIGATEWAY_AUTH_PASSWORD: "" +``` + +kubectl apply -f +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: discovery-keys +data: + private_key: + public_key: +``` \ No newline at end of file diff --git a/apigateway/charts/v7-discovery/templates/NOTES.txt b/apigateway/charts/v7-discovery/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/apigateway/charts/v7-discovery/templates/_helpers.tpl b/apigateway/charts/v7-discovery/templates/_helpers.tpl new file mode 100644 index 0000000..82f355b --- /dev/null +++ b/apigateway/charts/v7-discovery/templates/_helpers.tpl @@ -0,0 +1,78 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "v7-discovery.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "v7-discovery.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "v7-discovery.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "v7-discovery.labels" -}} +helm.sh/chart: {{ include "v7-discovery.chart" . }} +{{ include "v7-discovery.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "v7-discovery.selectorLabels" -}} +app.kubernetes.io/name: {{ include "v7-discovery.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "v7-discovery.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "v7-discovery.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the image name +*/}} +{{- define "v7-discovery.imageName" -}} +{{- if .Values.image.fullPath }} +{{- .Values.image.fullPath }} +{{- else }} +{{- $tag := default .Chart.AppVersion .Values.image.tag -}} +{{- if .Values.image.registry }} +{{- printf "%s/%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.name $tag }} +{{- else }} +{{- printf "%s/%s:%s" .Values.image.repository .Values.image.name $tag }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-discovery/templates/deployment.yaml b/apigateway/charts/v7-discovery/templates/deployment.yaml new file mode 100644 index 0000000..5fa47b4 --- /dev/null +++ b/apigateway/charts/v7-discovery/templates/deployment.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "v7-discovery.fullname" . }} + labels: + {{- include "v7-discovery.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "v7-discovery.selectorLabels" . | nindent 6 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "v7-discovery.selectorLabels" . | nindent 8 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + spec: + {{- if .Values.image.pullSecret }} + imagePullSecrets: + - name: {{ .Values.image.pullSecret }} + {{- end }} + serviceAccountName: {{ include "v7-discovery.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ include "v7-discovery.imageName" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: probe-port + containerPort: {{ .Values.statusPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.livenessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.readinessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + env: + {{- with .Values.env }} + {{- range $key, $value := . }} + {{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + - name: APIMANAGER_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_USERNAME + - name: APIMANAGER_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_PASSWORD + volumeMounts: + - name: "discovery-keys-secrets" + mountPath: "/keys" + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: discovery-keys-secrets + secret: + secretName: {{ .Values.secrets.keys }} + items: + - key: private_key + path: private_key.pem + - key: public_key + path: public_key.pem + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/apigateway/charts/v7-discovery/templates/serviceaccount.yaml b/apigateway/charts/v7-discovery/templates/serviceaccount.yaml new file mode 100644 index 0000000..9b974c5 --- /dev/null +++ b/apigateway/charts/v7-discovery/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "v7-discovery.serviceAccountName" . }} + labels: + {{- include "v7-discovery.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/charts/v7-discovery/values.yaml b/apigateway/charts/v7-discovery/values.yaml new file mode 100644 index 0000000..c0dff90 --- /dev/null +++ b/apigateway/charts/v7-discovery/values.yaml @@ -0,0 +1,67 @@ +replicaCount: 1 +image: + # blank by default, set this to override all other properties that create the path + fullPath: "" + registry: docker.repository.axway.com + repository: ampc-docker-prod/1.2 + name: v7-discovery-agent + pullPolicy: IfNotPresent + pullSecret: + # Overrides the image tag whose default is the chart appVersion. + tag: "1.2.35" +nameOverride: "" +fullnameOverride: "" +# Health Check port +statusPort: 8989 +# Info on how to fetch the values for the env parameters can ve found in the below doc. +# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-discovery-agent-environment-variable-file +# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents +env: + LOG_LEVEL: info + APIMANAGER_PORT: "443" + # flip to true if API manager is using a self signed certificate + APIMANAGER_SSL_INSECURESKIPVERIFY: false +# The below secret are a pre-requisite. Please refer to the readme file for more info on it. +secrets: + credentials: "discovery-creds" + keys: "discovery-keys" +podAnnotations: +podSecurityContext: + supplementalGroups: [2500] + fsGroupChangePolicy: "OnRootMismatch" +securityContext: +tolerations: +affinity: +nodeSelector: {} +# Add additional labels to the agent deployment which may be required based on your configuration +additionalLabels: +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 diff --git a/apigateway/charts/v7-traceability/.helmignore b/apigateway/charts/v7-traceability/.helmignore new file mode 100644 index 0000000..f32cfa1 --- /dev/null +++ b/apigateway/charts/v7-traceability/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +jfrog.yml +.gitlab-ci.yml +polaris.json diff --git a/apigateway/charts/v7-traceability/Chart.yaml b/apigateway/charts/v7-traceability/Chart.yaml new file mode 100644 index 0000000..fe63085 --- /dev/null +++ b/apigateway/charts/v7-traceability/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.2.33 +description: V7 traceability agent +maintainers: +- name: axway/beano +name: v7-traceability +sources: +- https://git.ecd.axway.org/apigov/v7_traceability_agent +type: application +version: 1.2.33 diff --git a/apigateway/charts/v7-traceability/README.md b/apigateway/charts/v7-traceability/README.md new file mode 100644 index 0000000..ed2223f --- /dev/null +++ b/apigateway/charts/v7-traceability/README.md @@ -0,0 +1,42 @@ + +# Helm chart + +## Prerequisites + +Before the chart can be installed make sure to have the secrets installed/available. + +i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files. + +Required credentials can be applied by using the below format for the secret. +Make sure all the values are base64 encoded before applying it in the cluster. + +kubectl apply -f + +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: traceability-creds +type: Opaque +stringData: + APIMANAGER_AUTH_USERNAME: "" + APIMANAGER_AUTH_PASSWORD: "" + APIGATEWAY_AUTH_USERNAME: "" + APIGATEWAY_AUTH_PASSWORD: "" +``` + +kubectl apply -f + +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: traceability-keys +data: + private_key: + public_key: +``` + +## Limitations + +The traceability agent requires a 1 to 1 relationship of agent to events volume. Within your overrides it is important to specify a nodeSelector and/of affinity so the daemon set is deployed to exactly 1 node. By default the traceability agent will deploy to a node with a label named traceability-agent and value of "true". diff --git a/apigateway/charts/v7-traceability/templates/NOTES.txt b/apigateway/charts/v7-traceability/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/apigateway/charts/v7-traceability/templates/_helpers.tpl b/apigateway/charts/v7-traceability/templates/_helpers.tpl new file mode 100644 index 0000000..7206eb9 --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/_helpers.tpl @@ -0,0 +1,78 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "v7-traceability.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "v7-traceability.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "v7-traceability.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "v7-traceability.labels" -}} +helm.sh/chart: {{ include "v7-traceability.chart" . }} +{{ include "v7-traceability.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "v7-traceability.selectorLabels" -}} +app.kubernetes.io/name: {{ include "v7-traceability.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "v7-traceability.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "v7-traceability.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the image name +*/}} +{{- define "v7-traceability.imageName" -}} +{{- if .Values.image.fullPath }} +{{- .Values.image.fullPath }} +{{- else }} +{{- $tag := default .Chart.AppVersion .Values.image.tag -}} +{{- if .Values.image.registry }} +{{- printf "%s/%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.name $tag }} +{{- else }} +{{- printf "%s/%s:%s" .Values.image.repository .Values.image.name $tag }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-traceability/templates/daemonset.yaml b/apigateway/charts/v7-traceability/templates/daemonset.yaml new file mode 100644 index 0000000..cfff576 --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/daemonset.yaml @@ -0,0 +1,174 @@ +{{- if not .Values.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "v7-traceability.fullname" . }} + labels: + {{- include "v7-traceability.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "v7-traceability.selectorLabels" . | nindent 6 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "v7-traceability.selectorLabels" . | nindent 8 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + spec: + {{- if .Values.image.pullSecret }} + imagePullSecrets: + - name: {{ .Values.image.pullSecret }} + {{- end }} + {{- if .Values.initContainer.enabled }} + initContainers: + - name: init + image: "{{ .Values.initContainer.image.name }}" + imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} + securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }} + command: + - sh + - -c + - chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data; + volumeMounts: + - name: data + mountPath: /data + {{- end }} + serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ include "v7-traceability.imageName" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: probe-port + containerPort: {{ .Values.statusPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.livenessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.readinessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + env: + {{- with .Values.env }} + {{- range $key, $value := . }} + {{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- if not .Values.env.CENTRAL_USAGEREPORTING_OFFLINE }} + {{- if not .Values.env.APIGATEWAY_ONLY }} + - name: APIMANAGER_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_USERNAME + - name: APIMANAGER_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_PASSWORD + {{- end}} + {{- if and .Values.env.EVENT_LOG_INPUT .Values.env.APIGATEWAY_GETHEADERS }} + - name: APIGATEWAY_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIGATEWAY_AUTH_USERNAME + - name: APIGATEWAY_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIGATEWAY_AUTH_PASSWORD + {{- end}} + {{- end}} + volumeMounts: + {{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}} + - name: "traceability-keys-secrets" + mountPath: /keys + {{- end}} + - name: events + mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }} + - name: data + mountPath: /data + - name: logs + mountPath: /logs + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: events + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.events.name }} + - name: logs + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.logs.name }} + {{- if (.Values.dataVolume.useHostPath) }} + - name: data + hostPath: + path: {{ .Values.dataVolume.hostPath }} + type: DirectoryOrCreate + {{- else }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.data.name }} + {{- end }} + {{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}} + - name: traceability-keys-secrets + secret: + secretName: {{ .Values.secrets.keys }} + items: + - key: private_key + path: private_key.pem + - key: public_key + path: public_key.pem + {{- end}} + {{- if .Values.nodeSelector }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} + nodeSelector: + traceability-agent: "true" + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-traceability/templates/job.yaml b/apigateway/charts/v7-traceability/templates/job.yaml new file mode 100644 index 0000000..4b84b55 --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/job.yaml @@ -0,0 +1,91 @@ +{{- if not (.Values.dataVolume.useHostPath) }} +{{- if .Values.nodeSelector -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "v7-traceability.fullname" . }}-migrate-to-pvc + labels: + {{- include "v7-traceability.labels" . | nindent 4 }} +spec: + template: + metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-2" + "helm.sh/hook-delete-policy": "before-hook-creation" + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "v7-traceability.selectorLabels" . | nindent 8 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + spec: + restartPolicy: OnFailure + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.initContainer.enabled }} + initContainers: + {{- end }} + serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: migrate + image: "{{ .Values.initContainer.image.name }}" + imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} + securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }} + command: + - sh + - -c + - | + echo "checking if data should be migrated" + if test -f /data-old/meta.json; then + # if a meta.json file exists in the old directory then migrate the data + if test -d /data; then + # clean the destination directory before migration + echo "clean the destination directory before migration" + rm -r /data/* + fi + echo "migrating the data now" + mv /data-old/* /data/ + fi + volumeMounts: + - name: data + mountPath: /data + - name: data-old + mountPath: /data-old + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.data.name }} + - name: data-old + hostPath: + path: {{ .Values.dataVolume.hostPath }} + type: DirectoryOrCreate + {{- if .Values.nodeSelector }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} + nodeSelector: + traceability-agent: "true" + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-traceability/templates/pvc.yaml b/apigateway/charts/v7-traceability/templates/pvc.yaml new file mode 100644 index 0000000..67fa15d --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/pvc.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.persistentVolumeClaimConfig.logs.name }} + namespace: {{ .Release.Namespace }} +spec: + accessModes: + - ReadWriteOnce + storageClassName: {{ .Values.persistentVolumeClaimConfig.logs.storageClass }} + resources: + requests: + storage: 2Gi + +{{- if not (.Values.dataVolume.useHostPath) }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.persistentVolumeClaimConfig.data.name }} + namespace: {{ .Release.Namespace }} +spec: + accessModes: + - ReadWriteOnce + storageClassName: {{ .Values.persistentVolumeClaimConfig.data.storageClass }} + resources: + requests: + storage: 2Gi +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-traceability/templates/serviceaccount.yaml b/apigateway/charts/v7-traceability/templates/serviceaccount.yaml new file mode 100644 index 0000000..6a737b2 --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "v7-traceability.serviceAccountName" . }} + labels: + {{- include "v7-traceability.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/charts/v7-traceability/templates/statefulset.yaml b/apigateway/charts/v7-traceability/templates/statefulset.yaml new file mode 100644 index 0000000..7add04d --- /dev/null +++ b/apigateway/charts/v7-traceability/templates/statefulset.yaml @@ -0,0 +1,164 @@ +{{- if .Values.statefulSet.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "v7-traceability.fullname" . }} + labels: + {{- include "v7-traceability.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "v7-traceability.selectorLabels" . | nindent 6 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + serviceName: {{ include "v7-traceability.fullname" . }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "v7-traceability.selectorLabels" . | nindent 8 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + spec: + {{- if .Values.image.pullSecret }} + imagePullSecrets: + - name: {{ .Values.image.pullSecret }} + {{- end }} + {{- if .Values.initContainer.enabled }} + initContainers: + - name: init + image: "{{ .Values.initContainer.image.name }}" + imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} + securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }} + command: + - sh + - -c + - chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data; + volumeMounts: + - name: data + mountPath: /data + {{- end }} + serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ include "v7-traceability.imageName" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: probe-port + containerPort: {{ .Values.statusPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.livenessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.readinessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + env: + {{- with .Values.env }} + {{- range $key, $value := . }} + {{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- if not .Values.env.CENTRAL_USAGEREPORTING_OFFLINE }} + {{- if not .Values.env.APIGATEWAY_ONLY }} + - name: APIMANAGER_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_USERNAME + - name: APIMANAGER_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_PASSWORD + {{- end}} + {{- if and .Values.env.EVENT_LOG_INPUT .Values.env.APIGATEWAY_GETHEADERS }} + - name: APIGATEWAY_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIGATEWAY_AUTH_USERNAME + - name: APIGATEWAY_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIGATEWAY_AUTH_PASSWORD + {{- end}} + {{- end}} + volumeMounts: + {{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}} + - name: "traceability-keys-secrets" + mountPath: /keys + {{- end}} + - name: events + mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }} + - name: data + mountPath: /data + - name: logs + mountPath: /logs + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: events + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.events.name }} + - name: logs + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.logs.name }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.data.name }} + {{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}} + - name: traceability-keys-secrets + secret: + secretName: {{ .Values.secrets.keys }} + items: + - key: private_key + path: private_key.pem + - key: public_key + path: public_key.pem + {{- end}} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/apigateway/charts/v7-traceability/values.yaml b/apigateway/charts/v7-traceability/values.yaml new file mode 100644 index 0000000..d6cbc34 --- /dev/null +++ b/apigateway/charts/v7-traceability/values.yaml @@ -0,0 +1,113 @@ +image: + # blank by default, set this to override all other properties that create the path + fullPath: "" + registry: docker.repository.axway.com + repository: ampc-docker-prod/1.2 + name: v7-traceability-agent + pullPolicy: IfNotPresent + pullSecret: + # Overrides the image tag whose default is the chart appVersion. + tag: "1.2.33" +nameOverride: "" +fullnameOverride: "" +statefulSet: + enabled: false # setting to true uses a statefulset instead of the default deployment set +# Health Check port +statusPort: 8990 +# Info on how to fetch the values for the env parameters can ve found in the below doc. +# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-traceability-agent-environment-variable-file +# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents +env: + LOG_LEVEL: info + CENTRAL_DEPLOYMENT: "prod" + CENTRAL_USAGEREPORTING_OFFLINE: false + # EVENT_LOG_PATHS: "/opt/Axway/apigateway/events/axwaydemo_traffic-*.log" + EVENT_LOG_PATHS: "/events/*.log" + EVENT_LOG_INPUT: true + OPENTRAFFIC_LOG_INPUT: false + OPENTRAFFIC_LOG_PATHS: /events/*.log + TRACEABILITY_HOST: "ingestion.datasearch.axway.com:5044" + TRACEABILITY_PROTOCOL: "tcp" + TRACEABILITY_SAMPLING_PERCENTAGE: 1 + TRACEABILITY_SAMPLING_ONLYERRORS: false + APIMANAGER_PORT: "443" + # flip to true if API manager is using a self signed certificate + APIMANAGER_SSL_INSECURESKIPVERIFY: false + APIGATEWAY_ONLY: false + APIGATEWAY_PORT: "443" + APIGATEWAY_GETHEADERS: true + # flip to true if API gateway is using a self signed certificate + APIGATEWAY_SSL_INSECURESKIPVERIFY: false + APIGATEWAY_HEALTHCHECKPORT: 8090 + APIGATEWAY_HEALTHCHECKPROTOCOL: "https" + APIGATEWAY_HEALTHCHECKURI: login +# The below secrets are a pre-requisite. Please refer to the readme file for more info +secrets: + credentials: "traceability-creds" + keys: "traceability-keys" +podAnnotations: +initContainer: + enabled: true + image: + name: alpine + pullPolicy: IfNotPresent + securityContext: + runAsUser: 0 +podSecurityContext: + fsGroup: 2500 + supplementalGroups: [2500] + fsGroupChangePolicy: "OnRootMismatch" +securityContext: +tolerations: +affinity: +# specify the nodeSelector in overrides to change the default nodeSelector in the chart +# nodeSelector: {} + +# Add additional labels to the agent deployment which may be required based on your configuration +additionalLabels: +# Add selector labels for deployment purposes +selectorLabels: +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +dataVolume: + useHostPath: false + hostPath: /mnt/traceability-agent/data +persistentVolumeClaimConfig: + logs: + storageClass: gp2-csi + name: logs-claim + data: + # storage class to persist contents of data directory in the agent - should be available in the cluster i.e gp2, gp2-csi, default + storageClass: gp2-csi + name: data-claim + events: + name: events-claim + mountPath: /events +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 diff --git a/apigateway/samples/multigroup/apim-ext.yaml b/apigateway/samples/multigroup/apim-ext.yaml new file mode 100644 index 0000000..0a4518a --- /dev/null +++ b/apigateway/samples/multigroup/apim-ext.yaml @@ -0,0 +1,357 @@ +nameOverride: gateway +global: + domainName: example.com + defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 + imagePullPolicy: Always + imagePullSecrets: + - name: mycreds + initContainers: + image: "docker.io/busybox:1.34" + resources: + limits: + memory: "50Mi" + cpu: "50m" + requests: + memory: "5Mi" + cpu: "50m" + securityContext: + runAsNonRoot: false + database: + host: mysql.testmetrics.svc.cluster.local + metrics: + enabled: true + username: "root" + password: "password" + cassandra: + enabled: true + hosts: + - variable: CASS_HOST + hostname: cassandra.testcassandra.svc.cluster.local + username: cassandra + password: cassandra + keyspace: apigw + tkeyspace: apigwks + tests: + images: + curl: + tag: 7.83.1 + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 100m + memory: 50Mi + storage: + provisioningType: "dynamic" + storageClassName: "nfs-client" + volumes: + - name: events + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi +#This is set to false when the pv is created by the AAOI helm chart + - name: opentraffic + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: gw-external-config + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: aga-external-config + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: anm-external-config + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + +anm: + logs: + opentraffic: + output: "file" + enabled: false + hostname: "apim-int-gateway-anm.apim-internal.svc.cluster.local:8090" + image: + repository: "admin-nodemanager" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: anm.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - anm.ext.mydomain.com + #service: + # port: 8091 + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + - persistentVolumeClaim: + claimName: events + name: events + +apimgr: + logs: + opentraffic: + output: "file" + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + groupId: "SecondGroup" + resources: + limits: + memory: "2Gi" + cpu: 2 + requests: + memory: "0.5Gi" + cpu: 0.5 + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apimgr.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apimgr.ext.mydomain.com + service: + port: 8075 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +apitraffic: + logs: + opentraffic: + output: "file" + replicaCount: 1 + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 20 + #targetMemoryUtilizationPercentage: 30 + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + groupId: "SecondGroup" + resources: + limits: + memory: "3Gi" + cpu: 3 + requests: + memory: "2Gi" + cpu: 2 + securityContext: + runAsNonRoot: false + oauth: + route: + enabled: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apitraffic.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apitraffic.ext.mydomain.com + service: + port: 8065 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +aga: + securityContext: + runAsNonRoot: false + enabled: false + route: + enabled: false + image: + repository: "analytics" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: aga.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - aga.ext.mydomain.com + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + extraVolumeMounts: + - name: aga-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: aga-external-config + name: aga-external-config + - persistentVolumeClaim: + claimName: events + name: events + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add diff --git a/apigateway/samples/multigroup/apim-int.yaml b/apigateway/samples/multigroup/apim-int.yaml new file mode 100644 index 0000000..b9afecb --- /dev/null +++ b/apigateway/samples/multigroup/apim-int.yaml @@ -0,0 +1,357 @@ +nameOverride: gateway +global: + domainName: example.com + defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 + imagePullPolicy: Always + imagePullSecrets: + - name: mycreds + initContainers: + image: "docker.io/busybox:1.34" + resources: + limits: + memory: "50Mi" + cpu: "50m" + requests: + memory: "5Mi" + cpu: "50m" + securityContext: + runAsNonRoot: false + database: + host: mysql.testmetrics.svc.cluster.local + metrics: + enabled: true + username: "root" + password: "password" + cassandra: + enabled: true + hosts: + - variable: CASS_HOST + hostname: cassandra.testcassandra.svc.cluster.local + username: cassandra + password: cassandra + keyspace: apigw + tkeyspace: apigwks + tests: + images: + curl: + tag: 7.83.1 + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 100m + memory: 50Mi + storage: + provisioningType: "dynamic" + storageClassName: "nfs-client" + volumes: + - name: events + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi +#This is set to false when the pv is created by the AAOI helm chart + - name: opentraffic + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: gw-external-config + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: aga-external-config + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: anm-external-config + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi + +anm: + logs: + opentraffic: + output: "file" + hostname: "apim-int-gateway-anm:8090" + enabled: true + image: + repository: "admin-nodemanager" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: anm.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - anm.int.mydomain.com + #service: + # port: 8091 + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + - persistentVolumeClaim: + claimName: events + name: events + +apimgr: + logs: + opentraffic: + output: "file" + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" +# groupId: "Demo-Group" + resources: + limits: + memory: "2Gi" + cpu: 2 + requests: + memory: "0.5Gi" + cpu: 0.5 + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apimgr.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apimgr.int.mydomain.com + service: + port: 8075 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +apitraffic: + logs: + opentraffic: + output: "file" + replicaCount: 1 + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 20 + #targetMemoryUtilizationPercentage: 30 + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" +# groupId: "Demo-Group" + resources: + limits: + memory: "3Gi" + cpu: 3 + requests: + memory: "2Gi" + cpu: 2 + securityContext: + runAsNonRoot: false + oauth: + route: + enabled: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apitraffic.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apitraffic.int.mydomain.com + service: + port: 8065 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +aga: + securityContext: + runAsNonRoot: false + enabled: false + route: + enabled: false + image: + repository: "analytics" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: aga.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - aga.int.mydomain.com + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + extraVolumeMounts: + - name: aga-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: aga-external-config + name: aga-external-config + - persistentVolumeClaim: + claimName: events + name: events + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add diff --git a/apigateway/templates/NOTES.txt b/apigateway/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/apigateway/templates/_gateway_helpers.tpl b/apigateway/templates/_gateway_helpers.tpl new file mode 100644 index 0000000..89ca6c6 --- /dev/null +++ b/apigateway/templates/_gateway_helpers.tpl @@ -0,0 +1,50 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create the name of the service account to use +*/}} +{{- define "gateway.apitraffic.serviceAccountName" -}} +{{- if .Values.apitraffic.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apitraffic.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.anm.serviceAccountName" -}} +{{- if .Values.anm.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.anm.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.apimgr.serviceAccountName" -}} +{{- if .Values.apimgr.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apimgr.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.aga.serviceAccountName" -}} +{{- if .Values.aga.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.aga.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Secret name for metrics db credentials, either the existing one or the one created by this chart +*/}} +{{- define "gateway.metrics-db.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }} +{{- end }} + +{{/* +Secret name for domain key passphrase +*/}} +{{- define "gateway.domainkeypassphrase.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "domainkeypassphrase") .Values.global.domainkeypassphrase.name }} +{{- end }} + diff --git a/apigateway/templates/_helpers.tpl b/apigateway/templates/_helpers.tpl new file mode 100644 index 0000000..1854fa1 --- /dev/null +++ b/apigateway/templates/_helpers.tpl @@ -0,0 +1,141 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "gateway.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gateway.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gateway.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gateway.labels" -}} +helm.sh/chart: {{ include "gateway.chart" . }} +{{ include "gateway.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gateway.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gateway.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gateway.apitraffic.serviceAccountName" -}} +{{- if .Values.apitraffic.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apitraffic.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.anm.serviceAccountName" -}} +{{- if .Values.anm.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.anm.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.apimgr.serviceAccountName" -}} +{{- if .Values.apimgr.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apimgr.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.aga.serviceAccountName" -}} +{{- if .Values.aga.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.aga.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.tests.serviceAccountName" -}} +{{- if .Values.global.tests.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "tests") .Values.global.tests.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.global.tests.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Secret name for metrics db credentials, either the existing one or the one created by this chart +*/}} +{{- define "gateway.metrics-db.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }} +{{- end }} + +{{/* +Secret name for cassandra password, either the existing one or the one created by this chart +*/}} +{{- define "gateway.cassandra.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "cassandra") .Values.global.cassandra.existingSecret.name }} +{{- end }} +{{/* + +Filters the API GW related volumes from the global section +Usage (example with traffic, can also be anm, aga, apimgr, portal): +{{ include "gateway.volumeMounts" (dict "component" "traffic" "storage" .Values.global.storage) }} +*/}} +{{- define "gateway.volumeMounts" -}} + {{- $component := .component }} + {{- $volumeMounts := list }} + {{- range .storage.volumes }} + {{- if and (or (empty $component) (has $component .usedBy)) .enabled }} + {{- $mountPath := .mountPath | default .mountPoint | default (printf "/opt/Axway/apigateway/%s" .name) }} + {{- $volumeMounts = append $volumeMounts (dict "name" .name "mountPath" $mountPath) }} + {{- end }} + {{- end }} + {{- toYaml $volumeMounts }} +{{- end }} + +{{/* +Usage (example with traffic, can also be anm, aga, apimgr, portal): +{{ include "gateway.volumes" (dict "component" "traffic" "storage" .Values.global.storage) }} +*/}} +{{- define "gateway.volumes" -}} + {{- $component := .component }} + {{- $volumes := list }} + {{- range .storage.volumes }} + {{- if and (or (empty $component) (has $component .usedBy)) .enabled }} + {{- $volumes = append $volumes (dict "name" .name "persistentVolumeClaim" (dict "claimName" (coalesce .claimName .name))) }} + {{- end }} + {{- end }} + {{- toYaml $volumes }} +{{- end }} diff --git a/apigateway/templates/_portal_helpers.tpl b/apigateway/templates/_portal_helpers.tpl new file mode 100644 index 0000000..fdeb99c --- /dev/null +++ b/apigateway/templates/_portal_helpers.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create the name of the service account to use +*/}} +{{- define "gateway.apiportal.serviceAccountName" -}} +{{- if .Values.apiportal.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal") .Values.aga.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apiportal.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Secret name for mysql db credentials, either the existing one or the one created by this chart +*/}} +{{- define "gateway.apiportal.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal-db") .Values.apiportal.mysql.existingSecret.name }} +{{- end }} diff --git a/apigateway/templates/aga/aga-configmap.yaml b/apigateway/templates/aga/aga-configmap.yaml new file mode 100644 index 0000000..827ebfa --- /dev/null +++ b/apigateway/templates/aga/aga-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.aga.enabled .Values.aga.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-aga-license-config +data: +{{- range $path, $config := .Values.aga.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/apigateway/templates/aga/aga-deployment.yaml b/apigateway/templates/aga/aga-deployment.yaml new file mode 100644 index 0000000..980ee33 --- /dev/null +++ b/apigateway/templates/aga/aga-deployment.yaml @@ -0,0 +1,122 @@ +{{- if .Values.aga.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + {{- if not .Values.aga.autoscaling.enabled }} + replicas: {{ .Values.aga.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.aga.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.aga.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: aga + {{- with .Values.aga.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.aga.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: aga + {{- with .Values.aga.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.aga.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.aga.podSecurityContext | nindent 8 }} + {{- if .Values.aga.extraInitContainers }} + initContainers: + {{ toYaml (.Values.aga.extraInitContainers) | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.aga.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.aga.image.registry }}/{{ .Values.aga.image.repository }}:{{ .Values.aga.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.aga.service.ports.ui.port }} + protocol: {{ .Values.aga.service.ports.ui.protocol }} + {{- with .Values.aga.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.aga.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.aga.resources | nindent 12 }} + env: + {{- with .Values.aga.extraEnvVars }} + {{ toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + {{- if .Values.aga.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.aga.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.aga.extraVolumeMounts }} + volumeMounts: + {{- toYaml ( .Values.aga.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.aga.license }} + - name: license + mountPath: "/opt/Axway/analytics/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} + {{- if .Values.aga.extraVolumes }} + volumes: + {{- if .Values.aga.license }} + - name: license + configMap: + name: {{ .Release.Name }}-aga-license-config + {{- end }} +{{ toYaml ( .Values.aga.extraVolumes ) | indent 8 }} + {{- end }} + {{- with .Values.aga.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.aga.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.aga.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/aga/aga-hpa.yaml b/apigateway/templates/aga/aga-hpa.yaml new file mode 100644 index 0000000..7a3bccb --- /dev/null +++ b/apigateway/templates/aga/aga-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.aga.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-aga" + minReplicas: {{ .Values.aga.autoscaling.minReplicas }} + maxReplicas: {{ .Values.aga.autoscaling.maxReplicas }} + metrics: + {{- if .Values.aga.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.aga.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.aga.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.aga.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/aga/aga-ingress.yaml b/apigateway/templates/aga/aga-ingress.yaml new file mode 100644 index 0000000..63e3135 --- /dev/null +++ b/apigateway/templates/aga/aga-ingress.yaml @@ -0,0 +1,97 @@ +{{- if .Values.aga.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.aga.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-aga + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.aga.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.aga.ingress.className }} + ingressClassName: {{ .Values.aga.ingress.className }} + {{- end }} + {{- if .Values.aga.ingress.tls }} + tls: + {{- range .Values.aga.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.aga.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-aga + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} + +--- + +{{- if .Values.aga.extraIngress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.aga.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-aga-extra + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.aga.extraIngress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.aga.extraIngress.className }} + ingressClassName: {{ .Values.aga.extraIngress.className }} + {{- end }} + {{- if .Values.aga.extraIngress.tls }} + tls: + {{- range .Values.aga.extraIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.aga.extraIngress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-aga + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/aga/aga-routes.yaml b/apigateway/templates/aga/aga-routes.yaml new file mode 100644 index 0000000..81be78b --- /dev/null +++ b/apigateway/templates/aga/aga-routes.yaml @@ -0,0 +1,40 @@ +{{- if and .Values.aga.enabled .Values.aga.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + {{- if .Values.global.domainName }} + host: aga.{{ .Values.global.domainName }} + {{- end }} + port: + targetPort: {{ tpl .Values.aga.route.targetPort . }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-aga" +{{- if .Values.aga.route.tls.enabled }} + tls: + termination: {{ .Values.aga.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.aga.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.aga.route.tls.key }} + key: |- + {{- .Values.aga.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.aga.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.aga.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.aga.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.aga.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.aga.route.tls.certificate }} + certificate: |- + {{- .Values.aga.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/apigateway/templates/aga/aga-service.yaml b/apigateway/templates/aga/aga-service.yaml new file mode 100644 index 0000000..6dfea75 --- /dev/null +++ b/apigateway/templates/aga/aga-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.aga.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + type: {{ .Values.aga.service.type }} + ports: + - port: {{ .Values.aga.service.ports.ui.port }} + targetPort: {{ .Values.aga.service.ports.ui.port }} + protocol: {{ .Values.aga.service.ports.ui.protocol }} + name: apianalyticsui + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: aga +{{- end }} diff --git a/apigateway/templates/aga/aga-serviceaccount.yaml b/apigateway/templates/aga/aga-serviceaccount.yaml new file mode 100644 index 0000000..c98a8fc --- /dev/null +++ b/apigateway/templates/aga/aga-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.aga.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.aga.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga + {{- with .Values.aga.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/anm/anm-configmap.yaml b/apigateway/templates/anm/anm-configmap.yaml new file mode 100644 index 0000000..525db8b --- /dev/null +++ b/apigateway/templates/anm/anm-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.anm.enabled .Values.anm.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-anm-license-config +data: +{{- range $path, $config := .Values.anm.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/apigateway/templates/anm/anm-deployment.yaml b/apigateway/templates/anm/anm-deployment.yaml new file mode 100644 index 0000000..f00a7b4 --- /dev/null +++ b/apigateway/templates/anm/anm-deployment.yaml @@ -0,0 +1,162 @@ +{{- if .Values.anm.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + {{- if not .Values.anm.autoscaling.enabled }} + replicas: {{ .Values.anm.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.anm.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.anm.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: anm + {{- with .Values.anm.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.anm.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: anm + {{- with .Values.anm.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.anm.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.anm.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.anm.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.anm.image.registry }}/{{ .Values.anm.image.repository }}:{{ .Values.anm.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.anm.service.ports.traffic.port }} + protocol: {{ .Values.anm.service.ports.traffic.protocol }} + - containerPort: {{ .Values.anm.service.ports.ui.port }} + protocol: {{ .Values.anm.service.ports.ui.protocol }} + {{- with .Values.anm.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.anm.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.anm.resources | nindent 12 }} + env: + {{- with .Values.anm.extraEnvVars }} + {{ toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.anm.FIPS.enabled }} + - name: EMT_FIPS_MODE + value: {{ .Values.anm.FIPS.enabled | quote }} + {{- end }} + {{- if .Values.anm.jvmHeapSize }} + - name: EMT_HEAP_SIZE_MB + value: {{ .Values.anm.jvmHeapSize | quote }} + {{- end }} + {{- if .Values.anm.logs.trace.level }} + - name: EMT_TRACE_LEVEL + value: {{ .Values.anm.logs.trace.level | quote }} + {{- end }} + {{- if .Values.anm.logs.trace.disk }} + - name: APIGW_LOG_TRACE_TO_FILE + value: {{ .Values.anm.logs.trace.disk | quote }} + {{- end }} + - name: APIGW_LOG_TRACE_JSON_TO_STDOUT + value: {{ default .Values.anm.logs.trace.stdoutJSON false | quote }} + {{- if .Values.global.domainkeypassphrase }} + - name: DOMAIN_KEY_PASSPHRASE + valueFrom: + secretKeyRef: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + key: passphrase + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + {{- if .Values.anm.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.anm.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.anm.extraVolumeMounts }} + volumeMounts: + {{- if .Values.anm.license }} + - name: license + mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} + {{- toYaml ( .Values.anm.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.anm.extraVolumes }} + volumes: + {{- if .Values.anm.license }} + - name: license + configMap: + name: {{ .Release.Name }}-anm-license-config + {{- end }} +{{ toYaml ( .Values.anm.extraVolumes ) | indent 8 }} + {{- end }} + initContainers: + {{- if .Values.global.database.metrics.enabled }} + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: ['sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;'] + {{- with .Values.global.initContainers.resources }} + resources: + {{ toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.anm.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.anm.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.anm.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.anm.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/anm/anm-hpa.yaml b/apigateway/templates/anm/anm-hpa.yaml new file mode 100644 index 0000000..057158c --- /dev/null +++ b/apigateway/templates/anm/anm-hpa.yaml @@ -0,0 +1,35 @@ +{{- if .Values.anm.enabled }} +{{- if .Values.anm.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-anm" + minReplicas: {{ .Values.anm.autoscaling.minReplicas }} + maxReplicas: {{ .Values.anm.autoscaling.maxReplicas }} + metrics: + {{- if .Values.anm.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.anm.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.anm.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.anm.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} +{{- end }} diff --git a/apigateway/templates/anm/anm-ingress.yaml b/apigateway/templates/anm/anm-ingress.yaml new file mode 100644 index 0000000..2e06e9c --- /dev/null +++ b/apigateway/templates/anm/anm-ingress.yaml @@ -0,0 +1,97 @@ +{{- if .Values.anm.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.anm.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-anm + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.anm.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.anm.ingress.className }} + ingressClassName: {{ .Values.anm.ingress.className }} + {{- end }} + {{- if .Values.anm.ingress.tls }} + tls: + {{- range .Values.anm.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.anm.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-anm + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} + +--- + +{{- if .Values.anm.extraIngress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.anm.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-anm-extra + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.anm.extraIngress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.anm.extraIngress.className }} + ingressClassName: {{ .Values.anm.extraIngress.className }} + {{- end }} + {{- if .Values.anm.extraIngress.tls }} + tls: + {{- range .Values.anm.extraIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.anm.extraIngress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-anm + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/anm/anm-routes.yaml b/apigateway/templates/anm/anm-routes.yaml new file mode 100644 index 0000000..336ef44 --- /dev/null +++ b/apigateway/templates/anm/anm-routes.yaml @@ -0,0 +1,42 @@ +{{- if .Values.anm.enabled }} +{{- if .Values.anm.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + {{- if .Values.global.domainName }} + host: anm.{{ .Values.global.domainName }} + {{- end }} + port: + targetPort: {{ tpl .Values.anm.route.targetPort . }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-anm" +{{- if .Values.anm.route.tls.enabled }} + tls: + termination: {{ .Values.anm.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.anm.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.anm.route.tls.key }} + key: |- + {{- .Values.anm.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.anm.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.anm.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.anm.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.anm.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.anm.route.tls.certificate }} + certificate: |- + {{- .Values.anm.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} +{{- end }} diff --git a/apigateway/templates/anm/anm-service.yaml b/apigateway/templates/anm/anm-service.yaml new file mode 100644 index 0000000..6d1bd18 --- /dev/null +++ b/apigateway/templates/anm/anm-service.yaml @@ -0,0 +1,23 @@ +{{- if .Values.anm.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + type: {{ .Values.anm.service.type }} + ports: + - port: {{ .Values.anm.service.ports.traffic.port }} + targetPort: {{ .Values.anm.service.ports.traffic.port }} + protocol: {{ .Values.anm.service.ports.traffic.protocol }} + name: gatewaymanager + - port: {{ .Values.anm.service.ports.ui.port }} + targetPort: {{ .Values.anm.service.ports.ui.port }} + protocol: {{ .Values.anm.service.ports.ui.protocol }} + name: gatewaymanagerui + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: anm +{{- end }} diff --git a/apigateway/templates/anm/anm-serviceaccount.yaml b/apigateway/templates/anm/anm-serviceaccount.yaml new file mode 100644 index 0000000..c45a485 --- /dev/null +++ b/apigateway/templates/anm/anm-serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.anm.enabled }} +{{- if .Values.anm.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ include "gateway.anm.serviceAccountName" . }}" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm + {{- with .Values.anm.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/apigateway/templates/apimgr/apimgr-configmap.yaml b/apigateway/templates/apimgr/apimgr-configmap.yaml new file mode 100644 index 0000000..5d95117 --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.apimgr.enabled .Values.apimgr.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-apimgr-license-config +data: +{{- range $path, $config := .Values.apimgr.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/apigateway/templates/apimgr/apimgr-deployment.yaml b/apigateway/templates/apimgr/apimgr-deployment.yaml new file mode 100644 index 0000000..71ed90b --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-deployment.yaml @@ -0,0 +1,225 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + {{- if not .Values.apimgr.autoscaling.enabled }} + replicas: {{ .Values.apimgr.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apimgr.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apimgr.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: apimgr + {{- with .Values.apimgr.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.apimgr.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: apimgr + {{- with .Values.apimgr.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.apimgr.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.apimgr.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.global.cassandra.enabled }} + - name: init-cassandra + image: {{ .Values.global.initContainers.image | quote }} + command: ["sh", "-c", "c=0; x={{ len .Values.global.cassandra.hosts }}; until [ $(( c * 100 / x )) -ge 50 ]; do c=0; for host in {{- range .Values.global.cassandra.hosts }} {{ .hostname }} {{- end }}; do echo waiting for ${host}; if nc -w 3 -v ${host} {{ .Values.global.cassandra.port }};then c=$((c+1)); fi done; sleep 2; done;"] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + - name: init-anm + image: {{ .Values.global.initContainers.image | quote }} + {{- if .Values.anm.hostname }} + command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"] + {{- else }} + command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"] + {{- end }} + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apimgr.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.apimgr.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.apimgr.image.registry }}/{{ .Values.apimgr.image.repository }}:{{ .Values.apimgr.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.apimgr.service.ports.ui.port }} + protocol: {{ .Values.apimgr.service.ports.ui.protocol }} + {{- with .Values.apimgr.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apimgr.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.apimgr.resources | nindent 12 }} + env: + {{- with .Values.apimgr.extraEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.apimgr.FIPS.enabled }} + - name: EMT_FIPS_MODE + value: {{ .Values.apimgr.FIPS.enabled | quote }} + {{- end }} + {{- if .Values.apimgr.jvmHeapSize }} + - name: EMT_HEAP_SIZE_MB + value: {{ .Values.apimgr.jvmHeapSize | quote }} + {{- end }} + {{- if .Values.apimgr.logs.trace.level }} + - name: EMT_TRACE_LEVEL + value: {{ .Values.apimgr.logs.trace.level | quote }} + {{- end }} + {{- if .Values.apimgr.logs.trace.disk }} + - name: APIGW_LOG_TRACE_TO_FILE + value: {{ .Values.apimgr.logs.trace.disk | quote }} + {{- end }} + - name: APIGW_LOG_TRACE_JSON_TO_STDOUT + value: {{ default .Values.apimgr.logs.trace.stdoutJSON false | quote }} + {{- if .Values.apimgr.logs.opentraffic.output | quote }} + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: {{ .Values.apimgr.logs.opentraffic.output | quote }} + {{- end }} + {{- if .Values.global.domainkeypassphrase }} + - name: DOMAIN_KEY_PASSPHRASE + valueFrom: + secretKeyRef: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + key: passphrase + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + {{- if .Values.anm.hostname }} + - name: EMT_ANM_HOSTS + value: {{ .Values.anm.hostname | quote }} + {{- else }} + - name: EMT_ANM_HOSTS + value: "{{ include "gateway.fullname" . }}-anm:8090" + {{- end }} + - name: GROUP_ID + value: {{ .Values.apimgr.groupId }} + {{- if .Values.global.domainId }} + - name: DOMAIN_ID + value: {{ .Values.global.domainId }} + {{- end }} + {{- if .Values.global.cassandra.enabled }} + {{- range .Values.global.cassandra.hosts }} + - name: {{ .variable }} + value: {{ .hostname | quote }} + {{- end }} + - name: CASS_PORT + value: {{ .Values.global.cassandra.port | quote }} + - name: CASS_KEYSPACE + value: {{ tpl .Values.global.cassandra.keyspace . | quote }} + - name: CASS_TKEYSPACE + value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }} + - name: CASS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + - name: CASS_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + {{- end }} + {{- if .Values.apimgr.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.apimgr.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.apimgr.extraVolumeMounts }} + volumeMounts: + {{- if .Values.apimgr.license }} + - name: license + mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} + {{- toYaml ( .Values.apimgr.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.apimgr.extraVolumes }} + volumes: + {{- if .Values.apimgr.license }} + - name: license + configMap: + name: {{ .Release.Name }}-apimgr-license-config + {{- end }} +{{ toYaml ( .Values.apimgr.extraVolumes ) | indent 8 }} + {{- end }} + {{- with .Values.apimgr.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apimgr.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apimgr.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/apigateway/templates/apimgr/apimgr-hpa.yaml b/apigateway/templates/apimgr/apimgr-hpa.yaml new file mode 100644 index 0000000..bc44e60 --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.apimgr.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-apimgr" + minReplicas: {{ .Values.apimgr.autoscaling.minReplicas }} + maxReplicas: {{ .Values.apimgr.autoscaling.maxReplicas }} + metrics: + {{- if .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apimgr/apimgr-ingress.yaml b/apigateway/templates/apimgr/apimgr-ingress.yaml new file mode 100644 index 0000000..0d42c15 --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-ingress.yaml @@ -0,0 +1,97 @@ +{{- if .Values.apimgr.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apimgr.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apimgr + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apimgr.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apimgr.ingress.className }} + ingressClassName: {{ .Values.apimgr.ingress.className }} + {{- end }} + {{- if .Values.apimgr.ingress.tls }} + tls: + {{- range .Values.apimgr.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apimgr.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apimgr + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} + +--- + +{{- if .Values.apimgr.extraIngress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apimgr.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apimgr-extra + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apimgr.extraIngress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apimgr.extraIngress.className }} + ingressClassName: {{ .Values.apimgr.extraIngress.className }} + {{- end }} + {{- if .Values.apimgr.extraIngress.tls }} + tls: + {{- range .Values.apimgr.extraIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apimgr.extraIngress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apimgr + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apimgr/apimgr-routes.yaml b/apigateway/templates/apimgr/apimgr-routes.yaml new file mode 100644 index 0000000..8a2ad9e --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-routes.yaml @@ -0,0 +1,40 @@ +{{- if .Values.apimgr.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + {{- if .Values.global.domainName }} + host: apimgr.{{ .Values.global.domainName }} + {{- end }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-apimgr" + port: + targetPort: {{ tpl .Values.apimgr.route.targetPort . }} +{{- if .Values.apimgr.route.tls.enabled }} + tls: + termination: {{ .Values.apimgr.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apimgr.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apimgr.route.tls.key }} + key: |- + {{- .Values.apimgr.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apimgr.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apimgr.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apimgr.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apimgr.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apimgr.route.tls.certificate }} + certificate: |- + {{- .Values.apimgr.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/apigateway/templates/apimgr/apimgr-service.yaml b/apigateway/templates/apimgr/apimgr-service.yaml new file mode 100644 index 0000000..9151bb5 --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + type: {{ .Values.apimgr.service.type }} + ports: + - port: {{ .Values.apimgr.service.ports.ui.port }} + targetPort: {{ .Values.apimgr.service.ports.ui.port }} + protocol: {{ .Values.apimgr.service.ports.ui.protocol }} + name: apimanagerui + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apimgr diff --git a/apigateway/templates/apimgr/apimgr-serviceaccount.yaml b/apigateway/templates/apimgr/apimgr-serviceaccount.yaml new file mode 100644 index 0000000..e7bb2db --- /dev/null +++ b/apigateway/templates/apimgr/apimgr-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.apimgr.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.apimgr.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr + {{- with .Values.apimgr.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-db-secret.yaml b/apigateway/templates/apiportal/apiportal-db-secret.yaml new file mode 100644 index 0000000..102c437 --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-db-secret.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.apiportal.enabled (not .Values.apiportal.mysql.existingSecret) -}} +apiVersion: v1 +data: + username: {{ .Values.apiportal.mysql.username | b64enc }} + password: {{ .Values.apiportal.mysql.password | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.apiportal.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-deployment.yaml b/apigateway/templates/apiportal/apiportal-deployment.yaml new file mode 100644 index 0000000..b96a2ae --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-deployment.yaml @@ -0,0 +1,170 @@ +{{- if .Values.apiportal.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-apiportal" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + replicas: {{ .Values.apiportal.replicaCount }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apiportal.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apiportal.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: apiportal + {{- with .Values.apiportal.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.apiportal.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: apiportal + {{- with .Values.apiportal.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.apiportal.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.apiportal.podSecurityContext | nindent 8 }} + containers: + - name: "{{ include "gateway.fullname" . }}-apiportal" + securityContext: + {{- toYaml .Values.apiportal.securityContext | nindent 12 }} + command: ["/usr/local/bin/entrypoint.sh", "apiportal"] + {{- with .Values.apiportal.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apiportal.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.apiportal.resources | nindent 12 }} + env: + - name: MYSQL_HOST + value: {{ default .Values.global.database.host .Values.apiportal.mysql.host | quote }} + - name: MYSQL_PORT + value: {{ tpl .Values.apiportal.mysql.port . | quote }} + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ include "gateway.apiportal.secretName" . }} + key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "gateway.apiportal.secretName" . }} + key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + - name: MYSQL_DATABASE + value: {{ .Values.apiportal.mysql.databaseName | quote }} + - name: MYSQL_SSL_ON + value: {{ .Values.apiportal.mysql.sslOn | quote }} + - name: MYSQL_SSL_VERIFY_CERT + value: {{ .Values.apiportal.mysql.sslVerifyCert | quote }} + {{- if .Values.apiportal.redis.enabled }} + - name: REDIS_CONFIGURED + value: "1" + - name: REDIS_ON + value: "1" + - name: REDIS_HOST + value: {{ required "A redis host should be specified" .Values.apiportal.redis.host | quote }} + - name: REDIS_PORT + value: {{ default "6379" .Values.apiportal.redis.port | quote }} + - name: REDIS_CACHE_TIMEOUT_SEC + value: {{ default "600" .Values.apiportal.redis.cacheTimeout | quote }} + {{- end }} + - name: APACHE_SSL_ON + value: {{ .Values.apiportal.apache.sslOn | quote }} + - name: APIMANAGER_CONFIGURED + value: {{ default "1" .Values.apiportal.apiManager.configured | quote }} + - name: API_WHITELIST_CONFIGURED + value: "1" + - name: API_WHITELIST + value: "apitraffic.{{ .Values.global.domainName }}" + - name: APIMANAGER_NAME + value: {{ .Values.apiportal.apiManager.name | quote }} + - name: APIMANAGER_HOST + value: "{{ include "gateway.fullname" . }}-apimgr" + - name: APIMANAGER_PORT + value: {{ .Values.apimgr.service.ports.ui.port | quote }} + - name: HTTP_PORT + value: {{ .Values.apiportal.service.ports.http.port | quote }} + - name: HTTPS_PORT + value: {{ .Values.apiportal.service.ports.https.port | quote }} + - name: HTTPS_FORCE_PORT + value: {{ .Values.apiportal.service.ports.force.port | quote }} + - name: T4_DOWNLOADED + value: {{ .Values.apiportal.t4_downloaded | quote }} + {{- if .Values.apiportal.extraEnvVars }} + {{- toYaml .Values.apiportal.extraEnvVars | nindent 12 }} + {{- end }} + image: "{{ default .Values.global.defaultRegistry .Values.apiportal.image.registry }}/{{ .Values.apiportal.image.repository }}:{{ .Values.apiportal.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - name: "apiportal" + containerPort: {{ .Values.apiportal.service.ports.force.port }} + protocol: TCP + volumeMounts: + {{- $mounts := list }} + {{- if .Values.apiportal.mysql.sslOn }} + {{- $mounts = append $mounts (dict "name" "mysql-certs" "mountPath" "/opt/axway/apiportal/certs/mysql/mysql-ca.pem" "subPath" "mysql-ca.pem") }} + {{- end }} + {{- if .Values.apiportal.apache.sslOn }} + {{- $mounts = append $mounts (dict "name" "apache" "mountPath" "/opt/axway/apiportal/certs/apache/") }} + {{- end }} + {{- include "gateway.volumeMounts" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $mounts | default list | toYaml | nindent 12 }} + initContainers: + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: [ 'sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port }}; do echo waiting for MySQL; sleep 2; done;' ] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.apiportal.apiManager.configured }} + - name: init-apimanager + image: {{ .Values.global.initContainers.image | quote }} + command: [ 'sh', '-c', 'until nc -w 3 -v {{ include "gateway.fullname" . }}-apimgr 8075; do echo waiting for API Manager; sleep 2; done;' ] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.apiportal.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- $vols := list }} + {{- if .Values.apiportal.mysql.sslOn }} + {{- $vols = append $vols (dict "name" "mysql-certs" "secret" (dict "secretName" "mysql-ca-cert" "items" (list (dict "key" "mysql-ca.pem" "path" "mysql-ca.pem")))) }} + {{- end }} + {{- if .Values.apiportal.apache.sslOn }} + {{- $vols = append $vols (dict "name" "apache" "secret" (dict "secretName" "apache" "items" (list (dict "key" "tls.key" "path" "apache.key") (dict "key" "tls.crt" "path" "apache.crt")))) }} + {{- end }} + {{- include "gateway.volumes" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $vols | default list | toYaml | nindent 8 }} +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-ingress.yaml b/apigateway/templates/apiportal/apiportal-ingress.yaml new file mode 100644 index 0000000..248abd6 --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-ingress.yaml @@ -0,0 +1,97 @@ +{{- if and .Values.apiportal.enabled .Values.apiportal.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apiportal.service.ports.target.port }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apiportal + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apiportal.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apiportal.ingress.className }} + ingressClassName: {{ .Values.apiportal.ingress.className }} + {{- end }} + {{- if .Values.apiportal.ingress.tls }} + tls: + {{- range .Values.apiportal.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apiportal.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apiportal + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} + +--- + +{{- if and .Values.apiportal.enabled .Values.apiportal.extraIngress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apiportal.service.ports.target.port }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apiportal-extra + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apiportal.extraIngress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apiportal.extraIngress.className }} + ingressClassName: {{ .Values.apiportal.extraIngress.className }} + {{- end }} + {{- if .Values.apiportal.extraIngress.tls }} + tls: + {{- range .Values.apiportal.extraIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apiportal.extraIngress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apiportal + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-rbac.yaml b/apigateway/templates/apiportal/apiportal-rbac.yaml new file mode 100644 index 0000000..682d95c --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-rbac.yaml @@ -0,0 +1,37 @@ +{{- if .Values.apiportal.enabled -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: apiportalscc + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - nonroot + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: apiportalscc + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +subjects: +- kind: ServiceAccount + name: {{ include "gateway.apiportal.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: Role + name: apiportalscc + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-routes.yaml b/apigateway/templates/apiportal/apiportal-routes.yaml new file mode 100644 index 0000000..836d1d6 --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-routes.yaml @@ -0,0 +1,40 @@ +{{- if and .Values.apiportal.enabled .Values.apiportal.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-apiportal" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + to: + kind: Service + name: {{ include "gateway.fullname" . }}-apiportal + {{- if .Values.global.domainName }} + host: apiportal.{{ .Values.global.domainName }} + {{- end }} + port: + targetPort: {{ tpl .Values.apiportal.route.targetPort . }} +{{- if .Values.apiportal.route.tls.enabled }} + tls: + termination: {{ .Values.apiportal.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apiportal.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apiportal.route.tls.key }} + key: |- + {{- .Values.apiportal.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apiportal.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apiportal.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apiportal.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apiportal.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apiportal.route.tls.certificate }} + certificate: |- + {{- .Values.apiportal.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-service.yaml b/apigateway/templates/apiportal/apiportal-service.yaml new file mode 100644 index 0000000..d834292 --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.apiportal.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gateway.fullname" . }}-apiportal + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + type: ClusterIP + ports: + - port: {{ .Values.apiportal.service.ports.http.port }} + targetPort: {{ .Values.apiportal.service.ports.http.port }} + protocol: TCP + name: {{ include "gateway.fullname" . }}-apiportal-http + - port: {{ .Values.apiportal.service.ports.https.port }} + targetPort: {{ .Values.apiportal.service.ports.https.port }} + protocol: TCP + name: {{ include "gateway.fullname" . }}-apiportal-https + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +{{- end }} diff --git a/apigateway/templates/apiportal/apiportal-serviceaccount.yaml b/apigateway/templates/apiportal/apiportal-serviceaccount.yaml new file mode 100644 index 0000000..a337358 --- /dev/null +++ b/apigateway/templates/apiportal/apiportal-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.apiportal.enabled .Values.apiportal.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.apiportal.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal + {{- with .Values.apiportal.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apiportal/storage/apiportal-pvc.yaml b/apigateway/templates/apiportal/storage/apiportal-pvc.yaml new file mode 100644 index 0000000..d7f1f37 --- /dev/null +++ b/apigateway/templates/apiportal/storage/apiportal-pvc.yaml @@ -0,0 +1,53 @@ +{{- if .Values.apiportal.enabled }} +{{- range .Values.apiportal.storage.volumes }} +{{- if .enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }} + resources: + requests: + storage: {{ default "1Mi" .capacity | quote }} +{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "static" }} +# PersistentVolume needs to be created only for Static storage provisioning +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "gateway.fullname" $ }}-{{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + capacity: + storage: {{ .capacity | quote }} + volumeMode: Filesystem + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }} + csi: + driver: {{ .persistentVolume.csiDriver }} + volumeHandle: {{ .persistentVolume.volumeHandle }} + claimRef: + name: {{ .name | lower }} + namespace: {{ $.Release.Namespace | quote }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/apigateway/templates/apiportal/storage/storage-class.yaml b/apigateway/templates/apiportal/storage/storage-class.yaml new file mode 100644 index 0000000..0f92a71 --- /dev/null +++ b/apigateway/templates/apiportal/storage/storage-class.yaml @@ -0,0 +1,26 @@ +{{ if .Values.apiportal.enabled }} +{{- range .Values.apiportal.storage.classes }} +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} +provisioner: {{ .provisioner | quote }} +{{- with .allowVolumeExpansion }} +allowVolumeExpansion: {{ . }} +{{- end }} +{{- with .parameters }} +parameters: {{- tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- with .mountOptions }} +mountOptions: {{- toYaml . | nindent 2 }} +{{- end }} +{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "dynamic" }} +volumeBindingMode: WaitForFirstConsumer +{{- else }} +volumeBindingMode: Immediate +{{- end }} +{{- end }} +{{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-configmap.yaml b/apigateway/templates/apitraffic/apitraffic-configmap.yaml new file mode 100644 index 0000000..50e111e --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.apitraffic.enabled .Values.apitraffic.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-apitraffic-license-config +data: +{{- range $path, $config := .Values.apitraffic.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/apigateway/templates/apitraffic/apitraffic-deployment.yaml b/apigateway/templates/apitraffic/apitraffic-deployment.yaml new file mode 100644 index 0000000..b154a8c --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-deployment.yaml @@ -0,0 +1,226 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + {{- if not .Values.apitraffic.autoscaling.enabled }} + replicas: {{ .Values.apitraffic.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apitraffic.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apitraffic.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: apitraffic + {{- with .Values.apitraffic.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.apitraffic.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: apitraffic + {{- with .Values.apitraffic.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.apitraffic.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.apitraffic.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.global.cassandra.enabled }} + - name: init-cassandra + image: {{ .Values.global.initContainers.image | quote }} + command: ["sh", "-c", "c=0; x={{ len .Values.global.cassandra.hosts }}; until [ $(( c * 100 / x )) -ge 50 ]; do c=0; for host in {{- range .Values.global.cassandra.hosts }} {{ .hostname }} {{- end }}; do echo waiting for ${host}; if nc -w 3 -v ${host} {{ .Values.global.cassandra.port }};then c=$((c+1)); fi done; sleep 2; done;"] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + - name: init-anm + image: {{ .Values.global.initContainers.image | quote }} + {{- if .Values.anm.hostname }} + command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"] + {{- else }} + command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"] + {{- end }} + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apitraffic.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.apitraffic.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.apitraffic.image.registry }}/{{ .Values.apitraffic.image.repository }}:{{ .Values.apitraffic.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.apitraffic.service.ports.traffic.port }} + protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }} + {{- with .Values.apitraffic.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apitraffic.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.apitraffic.resources | nindent 12 }} + env: + {{- with .Values.apitraffic.extraEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.apitraffic.FIPS.enabled }} + - name: EMT_FIPS_MODE + value: {{ .Values.apitraffic.FIPS.enabled | quote }} + {{- end }} + {{- if .Values.apitraffic.jvmHeapSize }} + - name: EMT_HEAP_SIZE_MB + value: {{ .Values.apitraffic.jvmHeapSize | quote }} + {{- end }} + {{- if .Values.apitraffic.logs.trace.level }} + - name: EMT_TRACE_LEVEL + value: {{ .Values.apitraffic.logs.trace.level | quote }} + {{- end }} + {{- if .Values.apitraffic.logs.trace.disk }} + - name: APIGW_LOG_TRACE_TO_FILE + value: {{ .Values.apitraffic.logs.trace.disk | quote }} + {{- end }} + - name: APIGW_LOG_TRACE_JSON_TO_STDOUT + value: {{ default .Values.apitraffic.logs.trace.stdoutJSON false | quote }} + {{- if .Values.apitraffic.logs.opentraffic.output | quote}} + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: {{ .Values.apitraffic.logs.opentraffic.output | quote }} + {{- end }} + {{- if .Values.global.domainkeypassphrase }} + - name: DOMAIN_KEY_PASSPHRASE + valueFrom: + secretKeyRef: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + key: passphrase + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + - name: GROUP_ID + value: {{ .Values.apitraffic.groupId }} + {{- if .Values.global.domainId }} + - name: DOMAIN_ID + value: {{ .Values.global.domainId }} + {{- end }} + {{- if .Values.global.cassandra.enabled }} + {{- range .Values.global.cassandra.hosts }} + - name: {{ .variable }} + value: {{ .hostname | quote }} + {{- end }} + - name: CASS_PORT + value: {{ .Values.global.cassandra.port | quote }} + - name: CASS_KEYSPACE + value: {{ tpl .Values.global.cassandra.keyspace . | quote }} + - name: CASS_TKEYSPACE + value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }} + - name: CASS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + - name: CASS_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + + {{- end }} + {{- if .Values.apitraffic.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.apitraffic.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.anm.hostname }} + - name: EMT_ANM_HOSTS + value: {{ .Values.anm.hostname | quote }} + {{- else }} + - name: EMT_ANM_HOSTS + value: "{{ include "gateway.fullname" . }}-anm:8090" + {{- end }} + {{- if .Values.apitraffic.extraVolumeMounts }} + volumeMounts: + {{- if .Values.apitraffic.license }} + - name: license + mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} +{{- toYaml ( .Values.apitraffic.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.apitraffic.extraVolumes }} + volumes: + {{- if .Values.apitraffic.license }} + - name: license + configMap: + name: {{ .Release.Name }}-apitraffic-license-config + {{- end }} +{{ toYaml ( .Values.apitraffic.extraVolumes ) | indent 8 }} + {{- end }} + {{- with .Values.apitraffic.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apitraffic.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apitraffic.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-hpa.yaml b/apigateway/templates/apitraffic/apitraffic-hpa.yaml new file mode 100644 index 0000000..9f0143e --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.apitraffic.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-apitraffic" + minReplicas: {{ .Values.apitraffic.autoscaling.minReplicas }} + maxReplicas: {{ .Values.apitraffic.autoscaling.maxReplicas }} + metrics: + {{- if .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-ingress.yaml b/apigateway/templates/apitraffic/apitraffic-ingress.yaml new file mode 100644 index 0000000..840d129 --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-ingress.yaml @@ -0,0 +1,97 @@ +{{- if .Values.apitraffic.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apitraffic.service.ports.traffic.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apitraffic + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apitraffic.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apitraffic.ingress.className }} + ingressClassName: {{ .Values.apitraffic.ingress.className }} + {{- end }} + {{- if .Values.apitraffic.ingress.tls }} + tls: + {{- range .Values.apitraffic.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apitraffic.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apitraffic + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} + +--- + +{{- if .Values.apitraffic.extraIngress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apitraffic.service.ports.traffic.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apitraffic-extra + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apitraffic.extraIngress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apitraffic.extraIngress.className }} + ingressClassName: {{ .Values.apitraffic.extraIngress.className }} + {{- end }} + {{- if .Values.apitraffic.extraIngress.tls }} + tls: + {{- range .Values.apitraffic.extraIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apitraffic.extraIngress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apitraffic + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-routes.yaml b/apigateway/templates/apitraffic/apitraffic-routes.yaml new file mode 100644 index 0000000..e71e718 --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-routes.yaml @@ -0,0 +1,40 @@ +{{- if .Values.apitraffic.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + {{- if .Values.global.domainName }} + host: apitraffic.{{ .Values.global.domainName }} + {{- end }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-apitraffic" + port: + targetPort: {{ tpl .Values.apitraffic.route.targetPort . }} +{{- if .Values.apitraffic.route.tls.enabled }} + tls: + termination: {{ .Values.apitraffic.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apitraffic.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apitraffic.route.tls.key }} + key: |- + {{- .Values.apitraffic.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apitraffic.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apitraffic.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.route.tls.certificate }} + certificate: |- + {{- .Values.apitraffic.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-service.yaml b/apigateway/templates/apitraffic/apitraffic-service.yaml new file mode 100644 index 0000000..9b061c6 --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-service.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + type: {{ .Values.apitraffic.service.type }} + ports: + - port: {{ .Values.apitraffic.service.ports.traffic.port }} + targetPort: {{ .Values.apitraffic.service.ports.traffic.port }} + protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }} + name: apigatewaytraffic + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic + +--- + +{{- if eq .Values.apitraffic.oauth.enabled true }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-oauth" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + type: {{ .Values.apitraffic.oauth.type }} + ports: + - port: {{ .Values.apitraffic.oauth.port }} + targetPort: {{ .Values.apitraffic.oauth.port }} + protocol: {{ .Values.apitraffic.oauth.protocol }} + name: oauth + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +{{- end }} diff --git a/apigateway/templates/apitraffic/apitraffic-serviceaccount.yaml b/apigateway/templates/apitraffic/apitraffic-serviceaccount.yaml new file mode 100644 index 0000000..8336544 --- /dev/null +++ b/apigateway/templates/apitraffic/apitraffic-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.apitraffic.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.apitraffic.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic + {{- with .Values.apitraffic.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apitraffic/oauth-ingress.yaml b/apigateway/templates/apitraffic/oauth-ingress.yaml new file mode 100644 index 0000000..ea45eb5 --- /dev/null +++ b/apigateway/templates/apitraffic/oauth-ingress.yaml @@ -0,0 +1,45 @@ +{{- if .Values.apitraffic.oauth.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apitraffic.oauth.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-oauth + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apitraffic.oauth.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apitraffic.oauth.ingress.className }} + ingressClassName: {{ .Values.apitraffic.oauth.ingress.className }} + {{- end }} + {{- if .Values.apitraffic.oauth.ingress.tls }} + tls: + {{- range .Values.apitraffic.oauth.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apitraffic.oauth.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-oauth + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/apitraffic/oauth-routes.yaml b/apigateway/templates/apitraffic/oauth-routes.yaml new file mode 100644 index 0000000..59e1b72 --- /dev/null +++ b/apigateway/templates/apitraffic/oauth-routes.yaml @@ -0,0 +1,40 @@ +{{- if .Values.apitraffic.oauth.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-oauth" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: oauth +spec: + {{- if .Values.global.domainName }} + host: oauth.{{ .Values.global.domainName }} + {{- end }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-oauth" + port: + targetPort: {{ tpl .Values.apitraffic.oauth.route.targetPort . }} +{{- if .Values.apitraffic.oauth.route.tls.enabled }} + tls: + termination: {{ .Values.apitraffic.oauth.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apitraffic.oauth.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apitraffic.oauth.route.tls.key }} + key: |- + {{- .Values.apitraffic.oauth.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.oauth.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apitraffic.oauth.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.oauth.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apitraffic.oauth.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.oauth.route.tls.certificate }} + certificate: |- + {{- .Values.apitraffic.oauth.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/apigateway/templates/common/cassandra-secret.yaml b/apigateway/templates/common/cassandra-secret.yaml new file mode 100644 index 0000000..fa7d964 --- /dev/null +++ b/apigateway/templates/common/cassandra-secret.yaml @@ -0,0 +1,11 @@ +{{- if (not .Values.global.cassandra.existingSecret) -}} +apiVersion: v1 +data: + username: {{ .Values.global.cassandra.username | b64enc }} + password: {{ .Values.global.cassandra.password | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.cassandra.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} +{{- end }} diff --git a/apigateway/templates/common/domain-key-secret.yaml b/apigateway/templates/common/domain-key-secret.yaml new file mode 100644 index 0000000..bbad1dc --- /dev/null +++ b/apigateway/templates/common/domain-key-secret.yaml @@ -0,0 +1,10 @@ +{{- if ((.Values.global.domainkeypassphrase).passphrase) -}} +apiVersion: v1 +data: + passphrase: {{ .Values.global.domainkeypassphrase.passphrase | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} +{{- end }} diff --git a/apigateway/templates/common/metrics-db-secret.yaml b/apigateway/templates/common/metrics-db-secret.yaml new file mode 100644 index 0000000..16be0d4 --- /dev/null +++ b/apigateway/templates/common/metrics-db-secret.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.global.database.metrics.enabled (not .Values.global.database.metrics.existingSecret) -}} +apiVersion: v1 +data: + username: {{ .Values.global.database.metrics.username | b64enc }} + password: {{ .Values.global.database.metrics.password | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.metrics-db.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} +{{- end }} diff --git a/apigateway/templates/cronjob/cronjob.yaml b/apigateway/templates/cronjob/cronjob.yaml new file mode 100644 index 0000000..12c9bb2 --- /dev/null +++ b/apigateway/templates/cronjob/cronjob.yaml @@ -0,0 +1,59 @@ +{{- if .Values.cronjob.enabled -}} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: purge-files + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: cronjob +spec: + schedule: "{{ .Values.cronjob.schedule }}" + jobTemplate: + spec: + ttlSecondsAfterFinished: {{ .Values.cronjob.job_ttl }} + template: + metadata: + labels: + {{- include "gateway.labels" . | nindent 12 }} + app.kubernetes.io/component: cronjob + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 12 }} + {{- end }} + containers: + - name: purge-files-job + image: {{ default .Values.global.initContainers.image .Values.cronjob.image | quote }} + args: + - /bin/sh + - -c + - echo "purging event files older than {{ .Values.cronjob.older_than }}"; find /events -type f -mtime {{ .Values.cronjob.older_than }} -exec rm -rf {} \; + volumeMounts: + - name: eventsvol + mountPath: "/events" + {{- with .Values.global.initContainers.resources }} + resources: + {{ toYaml . | nindent 14 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 14 }} + {{- end }} + restartPolicy: OnFailure + volumes: + - name: eventsvol + persistentVolumeClaim: + claimName: {{ .Values.cronjob.claimName }} + {{- with .Values.cronjob.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.cronjob.affinity }} + affinity: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.cronjob.tolerations }} + tolerations: + {{- toYaml . | nindent 12 }} + {{- end }} +{{- end }} diff --git a/apigateway/templates/storage/pvc.yaml b/apigateway/templates/storage/pvc.yaml new file mode 100644 index 0000000..78edca0 --- /dev/null +++ b/apigateway/templates/storage/pvc.yaml @@ -0,0 +1,50 @@ +{{- range .Values.global.storage.volumes }} +{{- if .enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} +spec: + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }} + resources: + requests: + storage: {{ default "1Mi" .capacity | quote }} +{{- if eq $.Values.global.storage.provisioningType "static" }} +# PersistentVolume needs to be created only for Static storage provisioning +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "gateway.fullname" $ }}-{{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + capacity: + storage: {{ .capacity | quote }} + volumeMode: Filesystem + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }} + csi: + driver: {{ .persistentVolume.csiDriver }} + volumeHandle: {{ .persistentVolume.volumeHandle }} + claimRef: + name: {{ .name | lower }} + namespace: {{ $.Release.Namespace | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/apigateway/templates/storage/storage-class.yaml b/apigateway/templates/storage/storage-class.yaml new file mode 100644 index 0000000..9106def --- /dev/null +++ b/apigateway/templates/storage/storage-class.yaml @@ -0,0 +1,24 @@ +{{- range .Values.global.storage.classes }} +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} +provisioner: {{ .provisioner | quote }} +{{- if .allowVolumeExpansion }} +allowVolumeExpansion: {{ .allowVolumeExpansion }} +{{- end }} +{{- with .parameters }} +parameters: {{- tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- with .mountOptions }} +mountOptions: {{- toYaml . | nindent 2 }} +{{- end }} +{{- if eq $.Values.global.storage.provisioningType "dynamic" }} +volumeBindingMode: WaitForFirstConsumer +{{- else }} +volumeBindingMode: Immediate +{{- end }} +{{- end }} diff --git a/apigateway/templates/tests/gw-test-connection.yaml b/apigateway/templates/tests/gw-test-connection.yaml new file mode 100644 index 0000000..316d011 --- /dev/null +++ b/apigateway/templates/tests/gw-test-connection.yaml @@ -0,0 +1,114 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-anm-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-anm:{{ .Values.anm.service.ports.traffic.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apimgr:{{ .Values.apimgr.service.ports.ui.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apitraffic:{{ .Values.apitraffic.service.ports.traffic.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +--- +{{- if .Values.aga.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-aga-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-aga:{{ .Values.aga.service.ports.ui.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +{{- end }} diff --git a/apigateway/templates/tests/test-connection-serviceaccount.yaml b/apigateway/templates/tests/test-connection-serviceaccount.yaml new file mode 100644 index 0000000..5a949c6 --- /dev/null +++ b/apigateway/templates/tests/test-connection-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.global.tests.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.tests.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: test-connection + {{- with .Values.global.tests.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/apigateway/values.schema.json b/apigateway/values.schema.json new file mode 100644 index 0000000..20f97e1 --- /dev/null +++ b/apigateway/values.schema.json @@ -0,0 +1,2314 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "aga": { + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "enabled": { + "type": "boolean" + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "ui": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + } + } + }, + "anm": { + "type": "object", + "required": [ + "image", + "extraEnvVars" + ], + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "required": [ + "repository" + ], + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "traffic": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + }, + "ui": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "number", + "string" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "number", + "string" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "LoadBalancer", + "NodePort", + "ExternalName" + ] + } + } + }, + "serviceAccount": { + "type": "object", + "required": [ + "create" + ], + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "apimgr": { + "required": [ + "license" + ], + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "ui": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "number", + "string" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "number", + "string" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "apitraffic": { + "required": [ + "license" + ], + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "oauth": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + } + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "traffic": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "apiportal": { + "type": "object", + "properties": { + "apache": { + "type": "object", + "properties": { + "sslOn": { + "type": "integer", + "minimum": 0, + "maximum": 1 + } + } + }, + "apiManager": { + "type": "object", + "properties": { + "configured": { + "type": "integer", + "minimum": 0, + "maximum": 1 + + }, + "name": { + "type": "string" + } + } + }, + "enabled": { + "type": "boolean" + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "mysql": { + "type": "object", + "properties": { + "databaseName": { + "type": "string" + }, + "existingSecret": { + "type": "object", + "description": "Use an existing secrets which already stores your credentials, will ignore apiportal.mysql.password and apiportal.mysql.username", + "properties": { + "name": { + "type": "string" + }, + "keyMapping": { + "type": "object", + "properties": { + "password": { + "type": "string" + }, + "username": { + "type": "string" + } + } + } + } + }, + "username": { + "type": "string", + "description": "Username" + }, + "password": { + "type": "string", + "description": "Password" + }, + "sslOn": { + "type": "integer", + "minimum": 0, + "maximum": 1 + }, + "sslVerifyCert": { + "type": "integer", + "minimum": 0, + "maximum": 1 + } + } + }, + "redis": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "cacheTimeout": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "trafficForcePort": { + "type": "integer" + }, + "trafficPlainPort": { + "type": "integer" + }, + "trafficPort": { + "type": "integer" + } + } + }, + "storage": { + "type": "object", + "description": "Storage Options", + "properties": { + "classes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "provisioner": { + "type": "string" + }, + "allowVolumeExpansion": { + "type": "boolean" + }, + "mountOptions": { + "type": "array", + "items": { + "type": "string" + } + }, + "parameters": { + "type": "object" + } + } + } + }, + "provisioningType": { + "type": "string", + "enum": [ + "dynamic", + "static" + ] + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "required": [ + "capacity", + "enabled", + "name" + ], + "properties": { + "accessModes": { + "type": "array", + "description": "Access Modes", + "minItems": 1, + "maxItems": 3, + "uniqueItems": true, + "items": [ + { + "type": "string", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce" + ] + } + ] + }, + "capacity": { + "type": "string", + "description": "Storage Capacity, with unit (example: 5Gi)" + }, + "claimName": { + "type": "string", + "description": "Claim name, if empty the name property will be used instead" + }, + "enabled": { + "type": "boolean" + }, + "mountPath": { + "type": "string" + }, + "name": { + "type": "string", + "description": "Name of the PVC" + }, + "persistentVolume": { + "type": "object", + "properties": { + "csiDriver": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string", + "description": "Reclaim Policy", + "enum": [ + "Delete", + "Retain" + ] + }, + "volumeHandle": { + "type": "string", + "description": "Volume handle, mostly for AWS EFS. Only set if persistentVolume.create is true" + } + } + }, + "storageClassName": { + "type": "string", + "description": "For dynamic provisioning, the persistent volume will be created based on the storage class specs" + }, + "usedBy": { + "type": "array", + "items": [ + { + "type": "string", + "enum": [ + "portal" + ] + } + ] + } + } + } + } + } + }, + "updateStrategy": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "discovery-agent": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "traceability-agent": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "global": { + "type": "object", + "required": [ + "imagePullPolicy", + "storage" + ], + "properties": { + "apimVersion": { + "type": "string", + "description": "Gateway version. If apimVersion is not set, the appVersion in Chart.yaml will be used" + }, + "domainName": { + "type": "string", + "description": "Domain Name" + }, + "domainId": { + "type": "string", + "description": "Domain Id" + }, + "defaultRegistry": { + "type": "string", + "description": "Default image registry" + }, + "imagePullPolicy": { + "type": "string", + "description": "Image Pull Policy", + "enum": [ + "None", + "IfNotPresent", + "Always" + ] + }, + "imagePullSecrets": { + "type": "array" + }, + "initContainers": { + "type": "object", + "properties": { + "image": { + "type": "string", + "description": "image used in init containers" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object" + } + } + }, + "updateStrategy": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + }, + "storage": { + "type": "object", + "description": "Storage Options", + "required": [ + "classes", + "provisioningType", + "volumes" + ], + "properties": { + "classes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "provisioner": { + "type": "string" + }, + "allowVolumeExpansion": { + "type": "boolean" + }, + "mountOptions": { + "type": "array", + "items": { + "type": "string" + } + }, + "parameters": { + "type": "object" + } + } + } + }, + "provisioningType": { + "type": "string", + "enum": [ + "dynamic", + "static" + ] + }, + "storageClassName": { + "type": "string", + "description": "Default storage class name. For dynamic provisioning, persistent volumes will be created based on the storage class specs" + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "required": [ + "capacity", + "enabled", + "name" + ], + "properties": { + "accessModes": { + "type": "array", + "description": "Access Modes", + "minItems": 1, + "maxItems": 3, + "uniqueItems": true, + "items": [ + { + "type": "string", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce" + ] + } + ] + }, + "capacity": { + "type": "string", + "description": "Storage Capacity, with unit (example: 5Gi)" + }, + "claimName": { + "type": "string", + "description": "Claim name, if empty the name property will be used instead" + }, + "enabled": { + "type": "boolean" + }, + "mountPath": { + "type": "string" + }, + "name": { + "type": "string", + "description": "Name of the PVC" + }, + "persistentVolume": { + "type": "object", + "properties": { + "csiDriver": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string", + "description": "Reclaim Policy", + "enum": [ + "Delete", + "Retain" + ] + }, + "volumeHandle": { + "type": "string", + "description": "Volume handle, mostly for AWS EFS. Only set if persistentVolume.create is true" + } + } + }, + "storageClassName": { + "type": "string", + "description": "For dynamic provisioning, the persistent volume will be created based on the storage class specs" + }, + "usedBy": { + "type": "array", + "items": [ + { + "type": "string", + "enum": [ + "aga", + "anm", + "apimgr", + "traffic", + "portal" + ] + } + ] + } + } + } + } + } + }, + "database": { + "type": "object", + "description": "Mysql Database Instance Options", + "properties": { + "host": { + "type": "string", + "description": "Database hostname" + }, + "port": { + "type": "integer", + "description": "Database port" + }, + "metrics": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "databaseName": { + "type": "string" + }, + "url": { + "type": "string", + "description": "Metrics DB JDBC URL" + }, + "useSSL": { + "type": "string" + }, + "verifyServerCertificate": { + "type": "boolean" + }, + "sslMode": { + "type": "string", + "enum": [ + "NONE", + "0", + "PREFERRED", + "1", + "REQUIRED", + "2", + "VERIFY_CA", + "3", + "VERIFY_IDENTITY", + "4" + ] + }, + "existingSecret": { + "type": "object", + "description": "Use an existing secrets which already stores your credentials, will ignore database.metrics.password and database.metrics.username", + "properties": { + "name": { + "type": "string" + }, + "keyMapping": { + "type": "object", + "properties": { + "password": { + "type": "string" + }, + "username": { + "type": "string" + } + } + } + } + }, + "username": { + "type": "string", + "description": "Username" + }, + "password": { + "type": "string", + "description": "Password" + } + } + } + } + }, + "domainkeypassphrase": { + "type": "object", + "properties": { + "passphrase": { + "type": "string" + } + } + }, + "cassandra": { + "type": "object", + "description": "Cassandra Options", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "existingSecret": { + "type": "object", + "description": "Use an existing secrets which already stores your password data, will ignore cassandra.password", + "properties": { + "name": { + "type": "string" + }, + "keyMapping": { + "type": "object", + "properties": { + "password": { + "type": "string" + } + } + } + } + }, + "hosts": { + "type": "array", + "description": "List of Cassandra hostnames, the variable property should match the variables names in the FED", + "items": { + "type": "object", + "properties": { + "variable": { + "type": "string" + }, + "hostname": { + "type": "string" + } + } + } + }, + "password": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "keyspace": { + "type": "string" + }, + "tkeyspace": { + "type": "string" + }, + "username": { + "type": "string" + } + } + } + } + }, + "tests": { + "type": "object", + "properties": { + "images": { + "type": "object", + "properties": { + "curl": { + "type": "object", + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": [ + "string", + "number" + ] + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + } + } + } + }, + "required": [ + "global", + "anm", + "apimgr", + "apitraffic", + "aga" + ], + "title": "Values" +} diff --git a/apigateway/values.yaml b/apigateway/values.yaml new file mode 100644 index 0000000..45fb6e2 --- /dev/null +++ b/apigateway/values.yaml @@ -0,0 +1,1251 @@ +# Structural changes to this file should be reflected in values.schema.yaml +# +# Sample values for different use cases are available in the samples folder + +# override for the name of the chart +nameOverride: "" +# override for the fully qualified name +fullnameOverride: "" + +# global values that can be read by all components of the APIM solution +global: + # if apimVersion is not set, the appVersion in Chart.yaml will be used + apimVersion: "" + # domain used in the ingresses or routes + domainName: "" + # NOTE: if not using the default domain certs set domainId to the Unique ID (or Common Name) that was used to create custom domain certs + domainId: "" + # default docker registry + defaultRegistry: "" + imagePullSecrets: [] + imagePullPolicy: IfNotPresent + initContainers: + image: "docker.io/busybox:1.34" + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + updateStrategy: + # RollingUpdate or Recreate + type: RollingUpdate + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + storage: + # static (a template will be created for the PV), + # or dynamic (default, a storage class is used, and PV doesnt' require a template) + provisioningType: "dynamic" + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # global storage class name, will be used by all volumes not overriding it + # leave empty for static provisioning + # can be the name of a storage class specified in `classes` below, or an external one + storageClassName: "" + # storage class managed by this chart + classes: [] + # - name: "" + # # provisioner (CSI driver), example: efs.csi.aws.com + # provisioner: "" + # allowVolumeExpansion: true + # mountOptions: [] + # # storage class parameters to use if create is true + # parameters: {} + # # example + # # provisioningMode: "efs-ap" + # # fileSystemId: "fs-05d1bd09462e124d8" + # # directoryPerms: "770" + volumes: + - name: events + enabled: false + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + - name: gw-external-config + enabled: true + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "nfs-client" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + - name: aga-external-config + enabled: true + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "nfs-client" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + - name: anm-external-config + enabled: true + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "nfs-client" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + # Database server instance used for metrics and for API Portal + database: + # templating available + # host: example-mysql.{{ .Values.global.domainName }} + host: "" + port: 3306 + # database name for the metrics, used by gateway components + metrics: + enabled: false + # a database with this name has to be created in the MySQL instance as a prerequisite + databaseName: metrics + # 8.0.12 and earlier, useSSL is a string, verifyServerCertificate is a boolean value + useSSL: "false" + # verifyServerCertificate: true + # 8.0.13 and later: Server Certificate Verification is enabled when the sslMode property is set to VERIFY_CA or VERIFY_IDENTITY + # sslMode: "NONE" + # MySQL JDBC URL + url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}" + # additional QueryString parameters in jdbc url can be added as shown below + # encoding: "UTF-8" + # url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}&{{ .Values.global.database.metrics.encoding }}" + # if the credentials are already available in a secret, set existingSecret + existingSecret: {} + # name: "mysql-credentials" + # keyMapping: + # password: metricsDbPasswordKey + # username: metricsDbUsernameKey + # else, set username and password, this will create a new secret + username: "" + password: "" + # portal database is only used by the portal pods, so it's configuration is in the apiportal section + # cassandra connection configuration + cassandra: + enabled: false + # if the credentials are already available in a secret, set existingSecret + # if not, set username and password + existingSecret: {} + # name: cassandra + # keyMapping: + # username: myCassandraUsernameKey + # password: myCassandraPasswordKey + # list of hostnames and name of the env var passed to the gateway image, + # the variable name should be consistent with the content of the FED + hosts: [] + ## single cassandra node, or service of a containerized cassandra: + # - variable: CASS_HOST + # hostname: cassandra.cassandra + ## multi node cassandra: + # - variable: CASS_HOST_1 + # hostname: cassandra-1 + # - variable: CASS_HOST_2 + # hostname: cassandra-2 + # - variable: CASS_HOST_3 + # hostname: cassandra-3 + username: "" + password: "" + port: 9042 + # templating available + # keyspace: keyspace-{{ .Values.global.domainID }} + # tkeyspace: tkeyspace-{{ .Values.global.domainID }} + keyspace: "" + tkeyspace: "" + # Set the domain key passphrase. If passphrase is blank, do not set. + # domainkeypassphrase: + # passphrase: "" + tests: + images: + curl: + registry: docker.io + repository: "curlimages/curl" + # leave empty for "latest" or specify an immutable tag + tag: "" + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # cpu: 100m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +anm: + # a single replica is the only supported value for ANM + enabled: true + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + # Enables FIPS mode + FIPS: + enabled: false + logs: + trace: + # FATAL, ERROR, INFO, DEBUG, DATA + level: INFO + # Write trace logs to file on disk + disk: true + # Write trace logs to stdout in JSON Format + stdoutJSON: false + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + podSecurityContext: + # set user id for k8s, set null for openshift + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + traffic: + port: 8090 + protocol: TCP + ui: + port: 8091 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #set if extra ANM ingress required + extraIngress: + enabled: false + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.anm.service.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + # JVM Heap Size in MB + jvmHeapSize: "1024" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.anm + path: /healthcheck + port: 8091 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.anm + path: /healthcheck + port: 8091 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 +# extraVolumeMounts: +# - name: events +# mountPath: /opt/Axway/apigateway/logs/events +# extraVolumes: +# - persistentVolumeClaim: +# claimName: events +# name: events + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + +apimgr: + enabled: true + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + groupId: "DefaultGroup" + # Enables FIPS mode + FIPS: + enabled: false + logs: + trace: + # FATAL, ERROR, INFO, DEBUG, DATA + level: INFO + # Write trace logs to file on disk + disk: true + # Write trace logs to stdout in JSON Format + stdoutJSON: false + opentraffic: + # none, file or stdout + output: stdout + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + podSecurityContext: + # set user id for k8s, set null for openshift + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + ui: + port: 8075 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #set if extra API Manager ingress required + extraIngress: + enabled: false + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.apimgr.service.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2Gi" + # cpu: 2 + # requests: + # memory: "0.5Gi" + # cpu: 0.5 + # JVM Heap Size in MB + jvmHeapSize: "1512" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apimgr + path: /healthcheck + port: 8075 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apimgr + path: /healthcheck + port: 8075 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 +# extraVolumeMounts: +# - name: events +# mountPath: /opt/Axway/apigateway/logs/events +# - name: opentraffic +# mountPath: /opt/Axway/apigateway/logs/opentraffic +# extraVolumes: +# - persistentVolumeClaim: +# claimName: events +# name: events +# - persistentVolumeClaim: +# claimName: opentraffic +# name: opentraffic + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + license: + license.lic: | +# FIPS=1 +# Mock Connector=1 +# SalesForce Connector=1 +# ServiceNow Connector=1 +# analytics=1 +# api_visual_mapper=1 +# apiportal=1 +# expires=Sun, 05 May 2025 00:00:00 GMT +# mcafee=1 +# mobile integration=1 +# unrestricted=1 +# # SIGNATURE: abc123 + + +apitraffic: + enabled: true + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + groupId: "DefaultGroup" + # Enables FIPS mode + FIPS: + enabled: false + logs: + trace: + # FATAL, ERROR, INFO, DEBUG or DATA + level: INFO + # Write trace logs to file on disk + disk: true + # Write trace logs to stdout in JSON Format + stdoutJSON: false + opentraffic: + # none, file or stdout + output: stdout + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + podSecurityContext: + # set user id for k8s, set null for openshift + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + traffic: + port: 8065 + protocol: TCP + oauth: + enabled: true + type: ClusterIP + port: 8089 + protocol: TCP + route: + enabled: true + targetPort: "{{ .Values.apitraffic.oauth.port }}" + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + #oauth ingress + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #apitraffic ingress + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #set if extra apitraffic ingress required + extraIngress: + enabled: false + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.apitraffic.service.ports.traffic.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2Gi" + # cpu: 2 + # requests: + # memory: "0.5Gi" + # cpu: 0.5 + # JVM Heap Size in MB + jvmHeapSize: "1512" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apitraffic + path: /healthcheck + port: 8065 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apitraffic + path: /healthcheck + port: 8065 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 +# extraVolumeMounts: +# - name: events +# mountPath: /opt/Axway/apigateway/logs/events +# - name: opentraffic +# mountPath: /opt/Axway/apigateway/logs/opentraffic +# extraVolumes: +# - persistentVolumeClaim: +# claimName: events +# name: events +# - persistentVolumeClaim: +# claimName: opentraffic +# name: opentraffic + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + license: + license.lic: | +# FIPS=1 +# Mock Connector=1 +# SalesForce Connector=1 +# ServiceNow Connector=1 +# analytics=1 +# api_visual_mapper=1 +# apiportal=1 +# expires=Sun, 05 May 2025 00:00:00 GMT +# mcafee=1 +# mobile integration=1 +# unrestricted=1 +# # SIGNATURE: abc123 + + +aga: + enabled: false + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + podSecurityContext: + # set user id for k8s, set null for openshift + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + ui: + port: 8040 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #set if extra Analytics(aga) ingress required + extraIngress: + enabled: false + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.aga.service.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers// + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apimgr + path: /healthcheck + port: 8040 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apimgr + path: /healthcheck + port: 8040 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + #extraVolumeMounts: + #- name: events + # mountPath: /opt/Axway/apigateway/logs/events + #extraVolumes: + #- persistentVolumeClaim: + # claimName: events + # name: events + extraVolumeMounts: + - name: aga-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: aga-external-config + name: aga-external-config + + +apiportal: + enabled: false + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + service: + type: ClusterIP + ports: + target: + port: 8443 + https: + port: 8443 + protocol: TCP + http: + port: 8080 + protocol: TCP + force: + port: 443 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #set if extra Apiportal ingress required + extraIngress: + enabled: false + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.apiportal.service.ports.http.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: edge + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + apiManager: + configured: 1 + name: Main + # host: "" + # port: 8075 + # database settings for API Portal, also check the instance settings in global section + mysql: + # if the credentials are already available in a secret, set existingSecret + existingSecret: {} + # name: "mysql-credentials" + # keyMapping: + # password: portalDbPasswordKey + # username: portalDbUsernameKey + # else, set username and password, this will create a new secret + username: "" + password: "" + # With empty host the value from global section will be used + host: "" + port: "{{ .Values.global.database.port }}" + # if it doesn't exist, a database with this name will be created by the app + databaseName: "portal" + # When mysql ssl is enabled, a k8s tls secret must be created, named 'mysql-certs': + # kubectl create secret tls mysql-certs --cert=mysql-cert.pem --key=mysql-key.pem + sslOn: 0 + sslVerifyCert: 0 + redis: + enabled: false + host: "" + port: 6379 + cacheTimeout: 600 + apache: + # When apache ssl is enabled, a k8s tls secret must be created, named 'apache': + # kubectl create secret tls apache --cert=apache-cert.pem --key=apache-key.pem + sslOn: 0 + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + podAnnotations: {} + podLabels: {} + podSecurityContext: + runAsUser: 1048 + runAsGroup: 1048 + fsGroup: 1048 + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + # + # Flag indicating that the user has downloaded + # their own copy of the T4 Page Builder component from Joomlart + # (https://www.joomlart.com/member/downloads/joomlart/t4/t4-page-builder). + # Joomlart require registration prior to free download. + # Valid values: 0 or 1 + t4_downloaded: 1 + storage: + # if provisioningType=static, a template will be created for the PV, + # if provisioningType=dynamic (default), a storage class is used, and PV doesn't require a template + provisioningType: "dynamic" + classes: [] + volumes: + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "enckey" + usedBy: + - portal + capacity: 3Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/enckey" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + reclaimPolicy: Delete + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "images" + usedBy: + - portal + capacity: 100Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/images" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "language" + usedBy: + - portal + capacity: 10Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/language" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "templates" + usedBy: + - portal + capacity: 100Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/templates" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "admlanguage" + usedBy: + - portal + capacity: 10Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/administrator/admlanguage" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "certs" + usedBy: + - portal + capacity: 10Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/administrator/components/com_apiportal/assets/cert" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + +cronjob: + # If enabled a cronjob will be created which runs according to the schedule you set and removes event files + enabled: false + # Schedule - i.e how often to run the cronjob to purge the event log files + # * * * * * + # | | | | | + # | | | | day of the week (0–6) (Sunday to Saturday) * means every day + # | | | month of the year (1–12); * means every month + # | | day of the month (1–31); "*/n" means every n days;* means all days + # | hour of the day (0–23); * means every hours + # minute of the hour (0–59); "*/n" means every n minutes; * means every minute + # further details here: https://en.wikipedia.org/wiki/Cron + # By default the schedule is set to run every 60 minutes + schedule: "*/60 * * * *" + # When purging remove files older than the number of days set in older_than. Set to 30 days by default + older_than: 30 + # If the schedule is frequent then the number of jobs will build up. job_ttl allows these to be cleaned up + # Number of seconds a job should live after it is finished. Default is 3600 which matches the default + # schedule interval + job_ttl: 3600 + # image defaults to init container image which is docker.io/busybox:1.34 but can be overwritten + image: "" + # claimName defaults to events - i.e the claimName used to store events + claimName: events + nodeSelector: {} + tolerations: [] + affinity: {} + +tests: + images: + curl: + registry: docker.io + repository: "curlimages/curl" + # leave empty for "latest" or specify an immutable tag + tag: "" + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # cpu: 100m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +## Configuration for v7-discovery subchart +discovery-agent: + # Deploy the discovery agent + enabled: false + + +## Configuration for v7-traceability subchart +traceability-agent: + ## Deploy the traceability agent + enabled: false diff --git a/values-override.yaml b/values-override.yaml index 2665e1a..585cb62 100644 --- a/values-override.yaml +++ b/values-override.yaml @@ -103,7 +103,7 @@ global: anm: image: repository: "admin-nodemanager" - tag: "7.7.0.20240228-1-BN0065-ubi9" + tag: "7.7.0.20250830-3-BN0276-ubi9" generalConditions: accept: "yes" resources: @@ -117,6 +117,7 @@ anm: runAsNonRoot: true route: enabled: true + targetPort: "{{ .Values.anm.service.ports.traffic.port }}" host: apimgr.apilab.us annotations: cert-manager.io/issuer-kind: ClusterIssuer @@ -128,27 +129,34 @@ anm: key: destinationCACertificate: | -----BEGIN CERTIFICATE----- - MIIC0jCCAbqgAwIBAgIGAY4J1hijMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNVBAMM - DURlZmF1bHREb21haW4wIBcNMjQwMjI2MTQyMDEwWhgPMjEyNDAyMDkxNDIwMTBa + MIIC0jCCAbqgAwIBAgIGAZnKuRjxMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNVBAMM + DURlZmF1bHREb21haW4wIBcNMjUxMDAyMjA0NTUyWhgPMjEyNTA5MTUyMDQ1NTJa MBgxFjAUBgNVBAMMDURlZmF1bHREb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IB - DwAwggEKAoIBAQDCEooOITaf9yC63uqIABDpWcd4o17fVIqkb9u7DT4ZyJSWAaL8 - 8t+k866EtppNTLn/3tntoG+G6XZiNTZfyT6rLad/3GVpkX78P9eqwUS5CpKWbBFd - KzYV6YC4Zw44SG8aX0A98T7Hz5j67EDkvY0VY9TWBSTpiWZum+R5mpayCfnfEjSz - XQ6+Y+YVusbJk+EjJEENGkmnT5/pQHTnSAGH0aHkeY84OiW7ZwMqysEXlXvRWKHn - Ul5cEkugM7BQVJak/q+XbKWjWdczLWByA5DzXOvhu7TdynEA5f0rNOaYc8O5N3yr - U1K7rikQaVih+paJhM+XE5p0zZvUgYDTsEMbAgMBAAGjIDAeMA8GA1UdEwQIMAYB - Af8CAQAwCwYDVR0PBAQDAgK8MA0GCSqGSIb3DQEBCwUAA4IBAQDB0KvpqfCOil00 - 1qdx2RwZtc3ichIcClPlv51d4E9nEM3Q3VbC1h3Fdvz4PqELfhKC1vB5Z7bvZXXo - 0Jb/T3z608PnglEuCYJBD77JOQIwNAD4gWW8TmS/bWkemaPZRwTSONWVbdZ/KBZ6 - 3t7EB2UwyvT1XAGn1/EzN1xW8SN9tHqyt19R0/ZWt2KQ4Gdx+Ht0pbXYkuNw0oUz - gay9sGl0B1cipRabreApN/R7AuPxxvBx9YuXuMxYkLIRXyqZUmxXAzUdxi5ZfPaA - 7a1XW5OSfgFYwSJavp6gD4VxrD5DLqhqLz5yjlPBm6AiYNm2pqN1zciSGPaOcqAX - N4Ij70Th + DwAwggEKAoIBAQDlpLz2niUTMnLxf0n0EHRmXOYJahhKsCvyq6mUHwyQKgG893RB + KwY7tfoHDAsx8WAF1UFLKAXgBDlo2wXrKC0xCEZknM5UfzCHDz7ajGG0CEFPtWXw + Z1/0Q0t9Zjc+VKP5oVM/X7kM7mPVFabbCJ6hieAUadguKTtd19CIECu9my41xcYS + cj3Bd7LAIW1DepniK/mnRfzOGWYdzv5iiWo6aR8I3ZAvLXB8BgpAd2ym927kFG8f + C6xR8xLnSaXdZ7QMDi3zO2TN7AxdKYPi/5Yh7UHm0RqSa9gbuIbQq/Pxb7QZHzWP + U4Y44TX0BNUTkDB2Gv9Yu+rtghdEgPbwp+CxAgMBAAGjIDAeMA8GA1UdEwQIMAYB + Af8CAQAwCwYDVR0PBAQDAgK8MA0GCSqGSIb3DQEBCwUAA4IBAQCljlVdbRf/cQh+ + pXH8hJiImTWU7xZTDm8PnOEk6h6ORrrqNh42vF1lugwgV13itO24vtleurB6tw95 + 9YeypwTPfWdFdKiKcDbQ6JZy+dnEfIp4vtgN4bHtKGqkOtigpZiZA/IJ2Xwi/YGB + QPLg6MGWm+eyvBvIIXRI3LT59UZ2PPtzCs9FehbzNCJ4sxyzSQKrszatar/bD4SO + kNjZ+33KD6PJ3EnzTUAR4D7BRdcnRXQNR/1EwqF3uOoL7MBJFxna9tjeTPvyZ9Zl + TmWZ1GKi2rAtXyJiFXDbBJg5gfUngMENldHGxCSyFvIbtivefw6nZiCHMaiAuV5a + 2XdVfapG -----END CERTIFICATE----- caCertificate: certificate: service: - port: 8090 + type: ClusterIP + ports: + traffic: + port: 8090 + protocol: TCP + ui: + port: 8091 + protocol: TCP extraVolumeMounts: - name: anm-external-config mountPath: /merge @@ -180,7 +188,7 @@ apimgr: name: apimgr image: repository: "gateway" - tag: "7.7.0.20240228-1-BN0065-ubi9" + tag: "7.7.0.20250830-3-BN0276-ubi9" generalConditions: accept: "yes" groupId: Group1 @@ -289,7 +297,7 @@ apimgr: apitraffic: image: repository: "gateway" - tag: "7.7.0.20240228-1-BN0065-ubi9" + tag: "7.7.0.20250830-3-BN0276-ubi9" generalConditions: accept: "yes" groupId: Group1 @@ -477,7 +485,7 @@ apiportal: # if registry is left empty, global.defaultRegistry will be used registry: docker.repository.axway.com/apiportal-docker-prod/7.7 repository: "apiportal" - tag: "7.7.20240228-BN1285" + tag: "7.7.0.20250830-3-BN0276-ubi9" generalConditions: accept: "yes" serviceAccount: @@ -597,7 +605,7 @@ aga: # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used repository: "analytics" - tag: "7.7.0.20240228-1-BN0065-ubi9" + tag: "7.7.0.20250830-3-BN0276-ubi9" # Overrides the image tag whose default is the chart appVersion. generalConditions: accept: "yes"