cscott/apigateway-ocp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated to 7.7.0.20250830-3-BN0276-ubi

Browse Source 
Updated ANM destinationCertCA for 7.7.0.20250830-3-BN0276-ubi
This commit is contained in:
Conan Scott
2025-11-20 15:56:45 +08:00
parent 0a203fc035
commit 555c441ad1
79 changed files with 8102 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
apigateway/charts/v7-discovery/.helmignore Normal file
View File

@@ -0,0 +1,26 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
jfrog.yml
.gitlab-ci.yml
polaris.json

10
apigateway/charts/v7-discovery/Chart.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v2
appVersion: 1.2.35
description: V7 discovery agent
maintainers:
- name: axway/beano
name: v7-discovery
sources:
- https://git.ecd.axway.org/apigov/v7_discovery_agent
type: application
version: 1.2.35

33
apigateway/charts/v7-discovery/README.md Normal file
View File

@@ -0,0 +1,33 @@
## Prerequisites
Before the chart can be installed make sure to have the secrets installed/available.
i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files.
discovery-creds can be applied by using the following format for the secret.
Make sure all the values are base64 encoded before applying it in the cluster.
kubectl apply -f <creds-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: discovery-creds
data:
APIMANAGER_AUTH_USERNAME: ""
APIMANAGER_AUTH_PASSWORD: ""
APIGATEWAY_AUTH_USERNAME: ""
APIGATEWAY_AUTH_PASSWORD: ""
```
kubectl apply -f <keys-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: discovery-keys
data:
private_key: <PRIVATE_KEY_BASE64>
public_key: <PUBLIC_KEY_BASE64>
```

0
apigateway/charts/v7-discovery/templates/NOTES.txt Normal file
View File

78
apigateway/charts/v7-discovery/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,78 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "v7-discovery.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "v7-discovery.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "v7-discovery.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "v7-discovery.labels" -}}
helm.sh/chart: {{ include "v7-discovery.chart" . }}
{{ include "v7-discovery.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "v7-discovery.selectorLabels" -}}
app.kubernetes.io/name: {{ include "v7-discovery.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "v7-discovery.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "v7-discovery.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create the image name
*/}}
{{- define "v7-discovery.imageName" -}}
{{- if .Values.image.fullPath }}
{{- .Values.image.fullPath }}
{{- else }}
{{- $tag := default .Chart.AppVersion .Values.image.tag -}}
{{- if .Values.image.registry }}
{{- printf "%s/%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.name $tag }}
{{- else }}
{{- printf "%s/%s:%s" .Values.image.repository .Values.image.name $tag }}
{{- end }}
{{- end }}
{{- end }}

112
apigateway/charts/v7-discovery/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,112 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "v7-discovery.fullname" . }}
labels:
{{- include "v7-discovery.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "v7-discovery.selectorLabels" . | nindent 6 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "v7-discovery.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.image.pullSecret }}
imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
serviceAccountName: {{ include "v7-discovery.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ include "v7-discovery.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: probe-port
containerPort: {{ .Values.statusPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.livenessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
readinessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.readinessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
env:
{{- with .Values.env }}
{{- range $key, $value := . }}
{{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
- name: APIMANAGER_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_USERNAME
- name: APIMANAGER_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_PASSWORD
volumeMounts:
- name: "discovery-keys-secrets"
mountPath: "/keys"
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: discovery-keys-secrets
secret:
secretName: {{ .Values.secrets.keys }}
items:
- key: private_key
path: private_key.pem
- key: public_key
path: public_key.pem
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

12
apigateway/charts/v7-discovery/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "v7-discovery.serviceAccountName" . }}
labels:
{{- include "v7-discovery.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

67
apigateway/charts/v7-discovery/values.yaml Normal file
View File

@@ -0,0 +1,67 @@
replicaCount: 1
image:
# blank by default, set this to override all other properties that create the path
fullPath: ""
registry: docker.repository.axway.com
repository: ampc-docker-prod/1.2
name: v7-discovery-agent
pullPolicy: IfNotPresent
pullSecret:
# Overrides the image tag whose default is the chart appVersion.
tag: "1.2.35"
nameOverride: ""
fullnameOverride: ""
# Health Check port
statusPort: 8989
# Info on how to fetch the values for the env parameters can ve found in the below doc.
# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-discovery-agent-environment-variable-file
# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents
env:
LOG_LEVEL: info
APIMANAGER_PORT: "443"
# flip to true if API manager is using a self signed certificate
APIMANAGER_SSL_INSECURESKIPVERIFY: false
# The below secret are a pre-requisite. Please refer to the readme file for more info on it.
secrets:
credentials: "discovery-creds"
keys: "discovery-keys"
podAnnotations:
podSecurityContext:
supplementalGroups: [2500]
fsGroupChangePolicy: "OnRootMismatch"
securityContext:
tolerations:
affinity:
nodeSelector: {}
# Add additional labels to the agent deployment which may be required based on your configuration
additionalLabels:
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3

26
apigateway/charts/v7-traceability/.helmignore Normal file
View File

@@ -0,0 +1,26 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
jfrog.yml
.gitlab-ci.yml
polaris.json

10
apigateway/charts/v7-traceability/Chart.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v2
appVersion: 1.2.33
description: V7 traceability agent
maintainers:
- name: axway/beano
name: v7-traceability
sources:
- https://git.ecd.axway.org/apigov/v7_traceability_agent
type: application
version: 1.2.33

42
apigateway/charts/v7-traceability/README.md Normal file
View File

@@ -0,0 +1,42 @@
# Helm chart
## Prerequisites
Before the chart can be installed make sure to have the secrets installed/available.
i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files.
Required credentials can be applied by using the below format for the secret.
Make sure all the values are base64 encoded before applying it in the cluster.
kubectl apply -f <creds-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: traceability-creds
type: Opaque
stringData:
APIMANAGER_AUTH_USERNAME: ""
APIMANAGER_AUTH_PASSWORD: ""
APIGATEWAY_AUTH_USERNAME: ""
APIGATEWAY_AUTH_PASSWORD: ""
```
kubectl apply -f <keys-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: traceability-keys
data:
private_key: <PRIVATE_KEY_BASE64>
public_key: <PUBLIC_KEY_BASE64>
```
## Limitations
The traceability agent requires a 1 to 1 relationship of agent to events volume. Within your overrides it is important to specify a nodeSelector and/of affinity so the daemon set is deployed to exactly 1 node. By default the traceability agent will deploy to a node with a label named traceability-agent and value of "true".

0
apigateway/charts/v7-traceability/templates/NOTES.txt Normal file
View File

78
apigateway/charts/v7-traceability/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,78 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "v7-traceability.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "v7-traceability.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "v7-traceability.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "v7-traceability.labels" -}}
helm.sh/chart: {{ include "v7-traceability.chart" . }}
{{ include "v7-traceability.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "v7-traceability.selectorLabels" -}}
app.kubernetes.io/name: {{ include "v7-traceability.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "v7-traceability.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "v7-traceability.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create the image name
*/}}
{{- define "v7-traceability.imageName" -}}
{{- if .Values.image.fullPath }}
{{- .Values.image.fullPath }}
{{- else }}
{{- $tag := default .Chart.AppVersion .Values.image.tag -}}
{{- if .Values.image.registry }}
{{- printf "%s/%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.name $tag }}
{{- else }}
{{- printf "%s/%s:%s" .Values.image.repository .Values.image.name $tag }}
{{- end }}
{{- end }}
{{- end }}

174
apigateway/charts/v7-traceability/templates/daemonset.yaml Normal file
View File

@@ -0,0 +1,174 @@
{{- if not .Values.statefulSet.enabled -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "v7-traceability.fullname" . }}
labels:
{{- include "v7-traceability.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "v7-traceability.selectorLabels" . | nindent 6 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "v7-traceability.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.image.pullSecret }}
imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{- if .Values.initContainer.enabled }}
initContainers:
- name: init
image: "{{ .Values.initContainer.image.name }}"
imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }}
command:
- sh
- -c
- chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data;
volumeMounts:
- name: data
mountPath: /data
{{- end }}
serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ include "v7-traceability.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: probe-port
containerPort: {{ .Values.statusPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.livenessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
readinessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.readinessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
env:
{{- with .Values.env }}
{{- range $key, $value := . }}
{{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if not .Values.env.CENTRAL_USAGEREPORTING_OFFLINE }}
{{- if not .Values.env.APIGATEWAY_ONLY }}
- name: APIMANAGER_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_USERNAME
- name: APIMANAGER_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_PASSWORD
{{- end}}
{{- if and .Values.env.EVENT_LOG_INPUT .Values.env.APIGATEWAY_GETHEADERS }}
- name: APIGATEWAY_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIGATEWAY_AUTH_USERNAME
- name: APIGATEWAY_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIGATEWAY_AUTH_PASSWORD
{{- end}}
{{- end}}
volumeMounts:
{{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}}
- name: "traceability-keys-secrets"
mountPath: /keys
{{- end}}
- name: events
mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }}
- name: data
mountPath: /data
- name: logs
mountPath: /logs
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: events
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.events.name }}
- name: logs
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.logs.name }}
{{- if (.Values.dataVolume.useHostPath) }}
- name: data
hostPath:
path: {{ .Values.dataVolume.hostPath }}
type: DirectoryOrCreate
{{- else }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.data.name }}
{{- end }}
{{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}}
- name: traceability-keys-secrets
secret:
secretName: {{ .Values.secrets.keys }}
items:
- key: private_key
path: private_key.pem
- key: public_key
path: public_key.pem
{{- end}}
{{- if .Values.nodeSelector }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
nodeSelector:
traceability-agent: "true"
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

91
apigateway/charts/v7-traceability/templates/job.yaml Normal file
View File

@@ -0,0 +1,91 @@
{{- if not (.Values.dataVolume.useHostPath) }}
{{- if .Values.nodeSelector -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "v7-traceability.fullname" . }}-migrate-to-pvc
labels:
{{- include "v7-traceability.labels" . | nindent 4 }}
spec:
template:
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": "before-hook-creation"
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "v7-traceability.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.initContainer.enabled }}
initContainers:
{{- end }}
serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: migrate
image: "{{ .Values.initContainer.image.name }}"
imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }}
command:
- sh
- -c
- |
echo "checking if data should be migrated"
if test -f /data-old/meta.json; then
# if a meta.json file exists in the old directory then migrate the data
if test -d /data; then
# clean the destination directory before migration
echo "clean the destination directory before migration"
rm -r /data/*
fi
echo "migrating the data now"
mv /data-old/* /data/
fi
volumeMounts:
- name: data
mountPath: /data
- name: data-old
mountPath: /data-old
volumes:
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.data.name }}
- name: data-old
hostPath:
path: {{ .Values.dataVolume.hostPath }}
type: DirectoryOrCreate
{{- if .Values.nodeSelector }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
nodeSelector:
traceability-agent: "true"
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

29
apigateway/charts/v7-traceability/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.persistentVolumeClaimConfig.logs.name }}
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
storageClassName: {{ .Values.persistentVolumeClaimConfig.logs.storageClass }}
resources:
requests:
storage: 2Gi
{{- if not (.Values.dataVolume.useHostPath) }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.persistentVolumeClaimConfig.data.name }}
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
storageClassName: {{ .Values.persistentVolumeClaimConfig.data.storageClass }}
resources:
requests:
storage: 2Gi
{{- end }}

12
apigateway/charts/v7-traceability/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "v7-traceability.serviceAccountName" . }}
labels:
{{- include "v7-traceability.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

164
apigateway/charts/v7-traceability/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,164 @@
{{- if .Values.statefulSet.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "v7-traceability.fullname" . }}
labels:
{{- include "v7-traceability.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "v7-traceability.selectorLabels" . | nindent 6 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
serviceName: {{ include "v7-traceability.fullname" . }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "v7-traceability.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.image.pullSecret }}
imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{- if .Values.initContainer.enabled }}
initContainers:
- name: init
image: "{{ .Values.initContainer.image.name }}"
imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }}
command:
- sh
- -c
- chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data;
volumeMounts:
- name: data
mountPath: /data
{{- end }}
serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ include "v7-traceability.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: probe-port
containerPort: {{ .Values.statusPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.livenessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
readinessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.readinessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
env:
{{- with .Values.env }}
{{- range $key, $value := . }}
{{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if not .Values.env.CENTRAL_USAGEREPORTING_OFFLINE }}
{{- if not .Values.env.APIGATEWAY_ONLY }}
- name: APIMANAGER_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_USERNAME
- name: APIMANAGER_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_PASSWORD
{{- end}}
{{- if and .Values.env.EVENT_LOG_INPUT .Values.env.APIGATEWAY_GETHEADERS }}
- name: APIGATEWAY_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIGATEWAY_AUTH_USERNAME
- name: APIGATEWAY_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIGATEWAY_AUTH_PASSWORD
{{- end}}
{{- end}}
volumeMounts:
{{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}}
- name: "traceability-keys-secrets"
mountPath: /keys
{{- end}}
- name: events
mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }}
- name: data
mountPath: /data
- name: logs
mountPath: /logs
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: events
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.events.name }}
- name: logs
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.logs.name }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.data.name }}
{{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}}
- name: traceability-keys-secrets
secret:
secretName: {{ .Values.secrets.keys }}
items:
- key: private_key
path: private_key.pem
- key: public_key
path: public_key.pem
{{- end}}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

113
apigateway/charts/v7-traceability/values.yaml Normal file
View File

@@ -0,0 +1,113 @@
image:
# blank by default, set this to override all other properties that create the path
fullPath: ""
registry: docker.repository.axway.com
repository: ampc-docker-prod/1.2
name: v7-traceability-agent
pullPolicy: IfNotPresent
pullSecret:
# Overrides the image tag whose default is the chart appVersion.
tag: "1.2.33"
nameOverride: ""
fullnameOverride: ""
statefulSet:
enabled: false # setting to true uses a statefulset instead of the default deployment set
# Health Check port
statusPort: 8990
# Info on how to fetch the values for the env parameters can ve found in the below doc.
# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-traceability-agent-environment-variable-file
# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents
env:
LOG_LEVEL: info
CENTRAL_DEPLOYMENT: "prod"
CENTRAL_USAGEREPORTING_OFFLINE: false
# EVENT_LOG_PATHS: "/opt/Axway/apigateway/events/axwaydemo_traffic-*.log"
EVENT_LOG_PATHS: "/events/*.log"
EVENT_LOG_INPUT: true
OPENTRAFFIC_LOG_INPUT: false
OPENTRAFFIC_LOG_PATHS: /events/*.log
TRACEABILITY_HOST: "ingestion.datasearch.axway.com:5044"
TRACEABILITY_PROTOCOL: "tcp"
TRACEABILITY_SAMPLING_PERCENTAGE: 1
TRACEABILITY_SAMPLING_ONLYERRORS: false
APIMANAGER_PORT: "443"
# flip to true if API manager is using a self signed certificate
APIMANAGER_SSL_INSECURESKIPVERIFY: false
APIGATEWAY_ONLY: false
APIGATEWAY_PORT: "443"
APIGATEWAY_GETHEADERS: true
# flip to true if API gateway is using a self signed certificate
APIGATEWAY_SSL_INSECURESKIPVERIFY: false
APIGATEWAY_HEALTHCHECKPORT: 8090
APIGATEWAY_HEALTHCHECKPROTOCOL: "https"
APIGATEWAY_HEALTHCHECKURI: login
# The below secrets are a pre-requisite. Please refer to the readme file for more info
secrets:
credentials: "traceability-creds"
keys: "traceability-keys"
podAnnotations:
initContainer:
enabled: true
image:
name: alpine
pullPolicy: IfNotPresent
securityContext:
runAsUser: 0
podSecurityContext:
fsGroup: 2500
supplementalGroups: [2500]
fsGroupChangePolicy: "OnRootMismatch"
securityContext:
tolerations:
affinity:
# specify the nodeSelector in overrides to change the default nodeSelector in the chart
# nodeSelector: {}
# Add additional labels to the agent deployment which may be required based on your configuration
additionalLabels:
# Add selector labels for deployment purposes
selectorLabels:
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
dataVolume:
useHostPath: false
hostPath: /mnt/traceability-agent/data
persistentVolumeClaimConfig:
logs:
storageClass: gp2-csi
name: logs-claim
data:
# storage class to persist contents of data directory in the agent - should be available in the cluster i.e gp2, gp2-csi, default
storageClass: gp2-csi
name: data-claim
events:
name: events-claim
mountPath: /events
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3