cscott/apigateway-ocp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated to 7.7.0.20250830-3-BN0276-ubi

Browse Source 
Updated ANM destinationCertCA for 7.7.0.20250830-3-BN0276-ubi
This commit is contained in:
Conan Scott
2025-11-20 15:56:45 +08:00
parent 0a203fc035
commit 555c441ad1
79 changed files with 8102 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
apigateway-helm-prod-apigateway-1.18.0.tgz Normal file
View File

Binary file not shown.

9
apigateway/Chart.lock Normal file
View File

@@ -0,0 +1,9 @@
dependencies:
- name: v7-traceability
repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release
version: 1.2.33
- name: v7-discovery
repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release
version: 1.2.35
digest: sha256:d915ca1c97e84d73df217e13ce6791c09046e174de59edb28146219b7902af36
generated: "2025-10-13T15:23:00.877522205Z"

24
apigateway/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
annotations:
charts.openshift.io/name: axway
apiVersion: v2
appVersion: 7.7.0.20250830-3-BN0276-ubi9
dependencies:
- alias: traceability-agent
condition: traceability-agent.enabled
name: v7-traceability
repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release
tags:
- agents
version: v1.2.33
- alias: discovery-agent
condition: discovery-agent.enabled
name: v7-discovery
repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release
tags:
- agents
version: v1.2.35
description: API Gateway Helm chart
kubeVersion: '>=1.22.0-0'
name: apigateway
type: application
version: 1.18.0

7
apigateway/README.md Normal file
View File

@@ -0,0 +1,7 @@
# apigw-helm
Helm chart for API Gateway
## Documentation
[https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/deployment_flows/axway_image_deployment/helm_deployment/index.html](https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/deployment_flows/axway_image_deployment/helm_deployment/index.html)

26
apigateway/charts/v7-discovery/.helmignore Normal file
View File

@@ -0,0 +1,26 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
jfrog.yml
.gitlab-ci.yml
polaris.json

10
apigateway/charts/v7-discovery/Chart.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v2
appVersion: 1.2.35
description: V7 discovery agent
maintainers:
- name: axway/beano
name: v7-discovery
sources:
- https://git.ecd.axway.org/apigov/v7_discovery_agent
type: application
version: 1.2.35

33
apigateway/charts/v7-discovery/README.md Normal file
View File

@@ -0,0 +1,33 @@
## Prerequisites
Before the chart can be installed make sure to have the secrets installed/available.
i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files.
discovery-creds can be applied by using the following format for the secret.
Make sure all the values are base64 encoded before applying it in the cluster.
kubectl apply -f <creds-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: discovery-creds
data:
APIMANAGER_AUTH_USERNAME: ""
APIMANAGER_AUTH_PASSWORD: ""
APIGATEWAY_AUTH_USERNAME: ""
APIGATEWAY_AUTH_PASSWORD: ""
```
kubectl apply -f <keys-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: discovery-keys
data:
private_key: <PRIVATE_KEY_BASE64>
public_key: <PUBLIC_KEY_BASE64>
```

0
apigateway/charts/v7-discovery/templates/NOTES.txt Normal file
View File

78
apigateway/charts/v7-discovery/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,78 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "v7-discovery.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "v7-discovery.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "v7-discovery.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "v7-discovery.labels" -}}
helm.sh/chart: {{ include "v7-discovery.chart" . }}
{{ include "v7-discovery.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "v7-discovery.selectorLabels" -}}
app.kubernetes.io/name: {{ include "v7-discovery.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "v7-discovery.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "v7-discovery.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create the image name
*/}}
{{- define "v7-discovery.imageName" -}}
{{- if .Values.image.fullPath }}
{{- .Values.image.fullPath }}
{{- else }}
{{- $tag := default .Chart.AppVersion .Values.image.tag -}}
{{- if .Values.image.registry }}
{{- printf "%s/%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.name $tag }}
{{- else }}
{{- printf "%s/%s:%s" .Values.image.repository .Values.image.name $tag }}
{{- end }}
{{- end }}
{{- end }}

112
apigateway/charts/v7-discovery/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,112 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "v7-discovery.fullname" . }}
labels:
{{- include "v7-discovery.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "v7-discovery.selectorLabels" . | nindent 6 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "v7-discovery.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.image.pullSecret }}
imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
serviceAccountName: {{ include "v7-discovery.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ include "v7-discovery.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: probe-port
containerPort: {{ .Values.statusPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.livenessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
readinessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.readinessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
env:
{{- with .Values.env }}
{{- range $key, $value := . }}
{{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
- name: APIMANAGER_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_USERNAME
- name: APIMANAGER_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_PASSWORD
volumeMounts:
- name: "discovery-keys-secrets"
mountPath: "/keys"
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: discovery-keys-secrets
secret:
secretName: {{ .Values.secrets.keys }}
items:
- key: private_key
path: private_key.pem
- key: public_key
path: public_key.pem
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

12
apigateway/charts/v7-discovery/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "v7-discovery.serviceAccountName" . }}
labels:
{{- include "v7-discovery.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

67
apigateway/charts/v7-discovery/values.yaml Normal file
View File

@@ -0,0 +1,67 @@
replicaCount: 1
image:
# blank by default, set this to override all other properties that create the path
fullPath: ""
registry: docker.repository.axway.com
repository: ampc-docker-prod/1.2
name: v7-discovery-agent
pullPolicy: IfNotPresent
pullSecret:
# Overrides the image tag whose default is the chart appVersion.
tag: "1.2.35"
nameOverride: ""
fullnameOverride: ""
# Health Check port
statusPort: 8989
# Info on how to fetch the values for the env parameters can ve found in the below doc.
# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-discovery-agent-environment-variable-file
# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents
env:
LOG_LEVEL: info
APIMANAGER_PORT: "443"
# flip to true if API manager is using a self signed certificate
APIMANAGER_SSL_INSECURESKIPVERIFY: false
# The below secret are a pre-requisite. Please refer to the readme file for more info on it.
secrets:
credentials: "discovery-creds"
keys: "discovery-keys"
podAnnotations:
podSecurityContext:
supplementalGroups: [2500]
fsGroupChangePolicy: "OnRootMismatch"
securityContext:
tolerations:
affinity:
nodeSelector: {}
# Add additional labels to the agent deployment which may be required based on your configuration
additionalLabels:
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3

26
apigateway/charts/v7-traceability/.helmignore Normal file
View File

@@ -0,0 +1,26 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
jfrog.yml
.gitlab-ci.yml
polaris.json

10
apigateway/charts/v7-traceability/Chart.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v2
appVersion: 1.2.33
description: V7 traceability agent
maintainers:
- name: axway/beano
name: v7-traceability
sources:
- https://git.ecd.axway.org/apigov/v7_traceability_agent
type: application
version: 1.2.33

42
apigateway/charts/v7-traceability/README.md Normal file
View File

@@ -0,0 +1,42 @@
# Helm chart
## Prerequisites
Before the chart can be installed make sure to have the secrets installed/available.
i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files.
Required credentials can be applied by using the below format for the secret.
Make sure all the values are base64 encoded before applying it in the cluster.
kubectl apply -f <creds-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: traceability-creds
type: Opaque
stringData:
APIMANAGER_AUTH_USERNAME: ""
APIMANAGER_AUTH_PASSWORD: ""
APIGATEWAY_AUTH_USERNAME: ""
APIGATEWAY_AUTH_PASSWORD: ""
```
kubectl apply -f <keys-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: traceability-keys
data:
private_key: <PRIVATE_KEY_BASE64>
public_key: <PUBLIC_KEY_BASE64>
```
## Limitations
The traceability agent requires a 1 to 1 relationship of agent to events volume. Within your overrides it is important to specify a nodeSelector and/of affinity so the daemon set is deployed to exactly 1 node. By default the traceability agent will deploy to a node with a label named traceability-agent and value of "true".

0
apigateway/charts/v7-traceability/templates/NOTES.txt Normal file
View File

78
apigateway/charts/v7-traceability/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,78 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "v7-traceability.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "v7-traceability.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "v7-traceability.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "v7-traceability.labels" -}}
helm.sh/chart: {{ include "v7-traceability.chart" . }}
{{ include "v7-traceability.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "v7-traceability.selectorLabels" -}}
app.kubernetes.io/name: {{ include "v7-traceability.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "v7-traceability.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "v7-traceability.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create the image name
*/}}
{{- define "v7-traceability.imageName" -}}
{{- if .Values.image.fullPath }}
{{- .Values.image.fullPath }}
{{- else }}
{{- $tag := default .Chart.AppVersion .Values.image.tag -}}
{{- if .Values.image.registry }}
{{- printf "%s/%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.name $tag }}
{{- else }}
{{- printf "%s/%s:%s" .Values.image.repository .Values.image.name $tag }}
{{- end }}
{{- end }}
{{- end }}

174
apigateway/charts/v7-traceability/templates/daemonset.yaml Normal file
View File

@@ -0,0 +1,174 @@
{{- if not .Values.statefulSet.enabled -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "v7-traceability.fullname" . }}
labels:
{{- include "v7-traceability.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "v7-traceability.selectorLabels" . | nindent 6 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "v7-traceability.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.image.pullSecret }}
imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{- if .Values.initContainer.enabled }}
initContainers:
- name: init
image: "{{ .Values.initContainer.image.name }}"
imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }}
command:
- sh
- -c
- chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data;
volumeMounts:
- name: data
mountPath: /data
{{- end }}
serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ include "v7-traceability.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: probe-port
containerPort: {{ .Values.statusPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.livenessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
readinessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.readinessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
env:
{{- with .Values.env }}
{{- range $key, $value := . }}
{{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if not .Values.env.CENTRAL_USAGEREPORTING_OFFLINE }}
{{- if not .Values.env.APIGATEWAY_ONLY }}
- name: APIMANAGER_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_USERNAME
- name: APIMANAGER_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_PASSWORD
{{- end}}
{{- if and .Values.env.EVENT_LOG_INPUT .Values.env.APIGATEWAY_GETHEADERS }}
- name: APIGATEWAY_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIGATEWAY_AUTH_USERNAME
- name: APIGATEWAY_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIGATEWAY_AUTH_PASSWORD
{{- end}}
{{- end}}
volumeMounts:
{{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}}
- name: "traceability-keys-secrets"
mountPath: /keys
{{- end}}
- name: events
mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }}
- name: data
mountPath: /data
- name: logs
mountPath: /logs
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: events
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.events.name }}
- name: logs
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.logs.name }}
{{- if (.Values.dataVolume.useHostPath) }}
- name: data
hostPath:
path: {{ .Values.dataVolume.hostPath }}
type: DirectoryOrCreate
{{- else }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.data.name }}
{{- end }}
{{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}}
- name: traceability-keys-secrets
secret:
secretName: {{ .Values.secrets.keys }}
items:
- key: private_key
path: private_key.pem
- key: public_key
path: public_key.pem
{{- end}}
{{- if .Values.nodeSelector }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
nodeSelector:
traceability-agent: "true"
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

91
apigateway/charts/v7-traceability/templates/job.yaml Normal file
View File

@@ -0,0 +1,91 @@
{{- if not (.Values.dataVolume.useHostPath) }}
{{- if .Values.nodeSelector -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "v7-traceability.fullname" . }}-migrate-to-pvc
labels:
{{- include "v7-traceability.labels" . | nindent 4 }}
spec:
template:
metadata:
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": "before-hook-creation"
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "v7-traceability.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.initContainer.enabled }}
initContainers:
{{- end }}
serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: migrate
image: "{{ .Values.initContainer.image.name }}"
imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }}
command:
- sh
- -c
- |
echo "checking if data should be migrated"
if test -f /data-old/meta.json; then
# if a meta.json file exists in the old directory then migrate the data
if test -d /data; then
# clean the destination directory before migration
echo "clean the destination directory before migration"
rm -r /data/*
fi
echo "migrating the data now"
mv /data-old/* /data/
fi
volumeMounts:
- name: data
mountPath: /data
- name: data-old
mountPath: /data-old
volumes:
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.data.name }}
- name: data-old
hostPath:
path: {{ .Values.dataVolume.hostPath }}
type: DirectoryOrCreate
{{- if .Values.nodeSelector }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
nodeSelector:
traceability-agent: "true"
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

29
apigateway/charts/v7-traceability/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.persistentVolumeClaimConfig.logs.name }}
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
storageClassName: {{ .Values.persistentVolumeClaimConfig.logs.storageClass }}
resources:
requests:
storage: 2Gi
{{- if not (.Values.dataVolume.useHostPath) }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.persistentVolumeClaimConfig.data.name }}
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
storageClassName: {{ .Values.persistentVolumeClaimConfig.data.storageClass }}
resources:
requests:
storage: 2Gi
{{- end }}

12
apigateway/charts/v7-traceability/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "v7-traceability.serviceAccountName" . }}
labels:
{{- include "v7-traceability.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

164
apigateway/charts/v7-traceability/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,164 @@
{{- if .Values.statefulSet.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "v7-traceability.fullname" . }}
labels:
{{- include "v7-traceability.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "v7-traceability.selectorLabels" . | nindent 6 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
serviceName: {{ include "v7-traceability.fullname" . }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "v7-traceability.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.image.pullSecret }}
imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{- if .Values.initContainer.enabled }}
initContainers:
- name: init
image: "{{ .Values.initContainer.image.name }}"
imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
securityContext: {{- toYaml .Values.initContainer.securityContext | nindent 12 }}
command:
- sh
- -c
- chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data;
volumeMounts:
- name: data
mountPath: /data
{{- end }}
serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: {{ include "v7-traceability.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: probe-port
containerPort: {{ .Values.statusPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.livenessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
readinessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.readinessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
env:
{{- with .Values.env }}
{{- range $key, $value := . }}
{{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if not .Values.env.CENTRAL_USAGEREPORTING_OFFLINE }}
{{- if not .Values.env.APIGATEWAY_ONLY }}
- name: APIMANAGER_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_USERNAME
- name: APIMANAGER_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_PASSWORD
{{- end}}
{{- if and .Values.env.EVENT_LOG_INPUT .Values.env.APIGATEWAY_GETHEADERS }}
- name: APIGATEWAY_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIGATEWAY_AUTH_USERNAME
- name: APIGATEWAY_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIGATEWAY_AUTH_PASSWORD
{{- end}}
{{- end}}
volumeMounts:
{{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}}
- name: "traceability-keys-secrets"
mountPath: /keys
{{- end}}
- name: events
mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }}
- name: data
mountPath: /data
- name: logs
mountPath: /logs
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: events
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.events.name }}
- name: logs
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.logs.name }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.data.name }}
{{- if not (.Values.env.CENTRAL_USAGEREPORTING_OFFLINE)}}
- name: traceability-keys-secrets
secret:
secretName: {{ .Values.secrets.keys }}
items:
- key: private_key
path: private_key.pem
- key: public_key
path: public_key.pem
{{- end}}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

113
apigateway/charts/v7-traceability/values.yaml Normal file
View File

@@ -0,0 +1,113 @@
image:
# blank by default, set this to override all other properties that create the path
fullPath: ""
registry: docker.repository.axway.com
repository: ampc-docker-prod/1.2
name: v7-traceability-agent
pullPolicy: IfNotPresent
pullSecret:
# Overrides the image tag whose default is the chart appVersion.
tag: "1.2.33"
nameOverride: ""
fullnameOverride: ""
statefulSet:
enabled: false # setting to true uses a statefulset instead of the default deployment set
# Health Check port
statusPort: 8990
# Info on how to fetch the values for the env parameters can ve found in the below doc.
# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-traceability-agent-environment-variable-file
# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents
env:
LOG_LEVEL: info
CENTRAL_DEPLOYMENT: "prod"
CENTRAL_USAGEREPORTING_OFFLINE: false
# EVENT_LOG_PATHS: "/opt/Axway/apigateway/events/axwaydemo_traffic-*.log"
EVENT_LOG_PATHS: "/events/*.log"
EVENT_LOG_INPUT: true
OPENTRAFFIC_LOG_INPUT: false
OPENTRAFFIC_LOG_PATHS: /events/*.log
TRACEABILITY_HOST: "ingestion.datasearch.axway.com:5044"
TRACEABILITY_PROTOCOL: "tcp"
TRACEABILITY_SAMPLING_PERCENTAGE: 1
TRACEABILITY_SAMPLING_ONLYERRORS: false
APIMANAGER_PORT: "443"
# flip to true if API manager is using a self signed certificate
APIMANAGER_SSL_INSECURESKIPVERIFY: false
APIGATEWAY_ONLY: false
APIGATEWAY_PORT: "443"
APIGATEWAY_GETHEADERS: true
# flip to true if API gateway is using a self signed certificate
APIGATEWAY_SSL_INSECURESKIPVERIFY: false
APIGATEWAY_HEALTHCHECKPORT: 8090
APIGATEWAY_HEALTHCHECKPROTOCOL: "https"
APIGATEWAY_HEALTHCHECKURI: login
# The below secrets are a pre-requisite. Please refer to the readme file for more info
secrets:
credentials: "traceability-creds"
keys: "traceability-keys"
podAnnotations:
initContainer:
enabled: true
image:
name: alpine
pullPolicy: IfNotPresent
securityContext:
runAsUser: 0
podSecurityContext:
fsGroup: 2500
supplementalGroups: [2500]
fsGroupChangePolicy: "OnRootMismatch"
securityContext:
tolerations:
affinity:
# specify the nodeSelector in overrides to change the default nodeSelector in the chart
# nodeSelector: {}
# Add additional labels to the agent deployment which may be required based on your configuration
additionalLabels:
# Add selector labels for deployment purposes
selectorLabels:
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
dataVolume:
useHostPath: false
hostPath: /mnt/traceability-agent/data
persistentVolumeClaimConfig:
logs:
storageClass: gp2-csi
name: logs-claim
data:
# storage class to persist contents of data directory in the agent - should be available in the cluster i.e gp2, gp2-csi, default
storageClass: gp2-csi
name: data-claim
events:
name: events-claim
mountPath: /events
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3

357
apigateway/samples/multigroup/apim-ext.yaml Normal file
View File

@@ -0,0 +1,357 @@
nameOverride: gateway
global:
domainName: example.com
defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7
imagePullPolicy: Always
imagePullSecrets:
- name: mycreds
initContainers:
image: "docker.io/busybox:1.34"
resources:
limits:
memory: "50Mi"
cpu: "50m"
requests:
memory: "5Mi"
cpu: "50m"
securityContext:
runAsNonRoot: false
database:
host: mysql.testmetrics.svc.cluster.local
metrics:
enabled: true
username: "root"
password: "password"
cassandra:
enabled: true
hosts:
- variable: CASS_HOST
hostname: cassandra.testcassandra.svc.cluster.local
username: cassandra
password: cassandra
keyspace: apigw
tkeyspace: apigwks
tests:
images:
curl:
tag: 7.83.1
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
storage:
provisioningType: "dynamic"
storageClassName: "nfs-client"
volumes:
- name: events
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
#This is set to false when the pv is created by the AAOI helm chart
- name: opentraffic
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: gw-external-config
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: aga-external-config
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: anm-external-config
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
anm:
logs:
opentraffic:
output: "file"
enabled: false
hostname: "apim-int-gateway-anm.apim-internal.svc.cluster.local:8090"
image:
repository: "admin-nodemanager"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: anm.ext.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- anm.ext.mydomain.com
#service:
# port: 8091
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
- persistentVolumeClaim:
claimName: events
name: events
apimgr:
logs:
opentraffic:
output: "file"
image:
repository: "gateway"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
groupId: "SecondGroup"
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: apimgr.ext.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- apimgr.ext.mydomain.com
service:
port: 8075
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
- name: opentraffic
mountPath: /var/opentraffic
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: events
name: events
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add
apitraffic:
logs:
opentraffic:
output: "file"
replicaCount: 1
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 20
#targetMemoryUtilizationPercentage: 30
image:
repository: "gateway"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
groupId: "SecondGroup"
resources:
limits:
memory: "3Gi"
cpu: 3
requests:
memory: "2Gi"
cpu: 2
securityContext:
runAsNonRoot: false
oauth:
route:
enabled: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: apitraffic.ext.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- apitraffic.ext.mydomain.com
service:
port: 8065
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
- name: opentraffic
mountPath: /var/opentraffic
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: events
name: events
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add
aga:
securityContext:
runAsNonRoot: false
enabled: false
route:
enabled: false
image:
repository: "analytics"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: aga.ext.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- aga.ext.mydomain.com
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
extraVolumeMounts:
- name: aga-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: aga-external-config
name: aga-external-config
- persistentVolumeClaim:
claimName: events
name: events
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add

357
apigateway/samples/multigroup/apim-int.yaml Normal file
View File

@@ -0,0 +1,357 @@
nameOverride: gateway
global:
domainName: example.com
defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7
imagePullPolicy: Always
imagePullSecrets:
- name: mycreds
initContainers:
image: "docker.io/busybox:1.34"
resources:
limits:
memory: "50Mi"
cpu: "50m"
requests:
memory: "5Mi"
cpu: "50m"
securityContext:
runAsNonRoot: false
database:
host: mysql.testmetrics.svc.cluster.local
metrics:
enabled: true
username: "root"
password: "password"
cassandra:
enabled: true
hosts:
- variable: CASS_HOST
hostname: cassandra.testcassandra.svc.cluster.local
username: cassandra
password: cassandra
keyspace: apigw
tkeyspace: apigwks
tests:
images:
curl:
tag: 7.83.1
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
storage:
provisioningType: "dynamic"
storageClassName: "nfs-client"
volumes:
- name: events
enabled: true
accessModes:
- ReadWriteMany
capacity: 1Mi
#This is set to false when the pv is created by the AAOI helm chart
- name: opentraffic
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: gw-external-config
enabled: true
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: aga-external-config
enabled: true
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: anm-external-config
enabled: true
accessModes:
- ReadWriteMany
capacity: 1Mi
anm:
logs:
opentraffic:
output: "file"
hostname: "apim-int-gateway-anm:8090"
enabled: true
image:
repository: "admin-nodemanager"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: anm.int.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- anm.int.mydomain.com
#service:
# port: 8091
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
- persistentVolumeClaim:
claimName: events
name: events
apimgr:
logs:
opentraffic:
output: "file"
image:
repository: "gateway"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
# groupId: "Demo-Group"
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: apimgr.int.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- apimgr.int.mydomain.com
service:
port: 8075
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
- name: opentraffic
mountPath: /var/opentraffic
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: events
name: events
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add
apitraffic:
logs:
opentraffic:
output: "file"
replicaCount: 1
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 20
#targetMemoryUtilizationPercentage: 30
image:
repository: "gateway"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
# groupId: "Demo-Group"
resources:
limits:
memory: "3Gi"
cpu: 3
requests:
memory: "2Gi"
cpu: 2
securityContext:
runAsNonRoot: false
oauth:
route:
enabled: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: apitraffic.int.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- apitraffic.int.mydomain.com
service:
port: 8065
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
- name: opentraffic
mountPath: /var/opentraffic
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: events
name: events
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add
aga:
securityContext:
runAsNonRoot: false
enabled: false
route:
enabled: false
image:
repository: "analytics"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: aga.int.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- aga.int.mydomain.com
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
extraVolumeMounts:
- name: aga-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: aga-external-config
name: aga-external-config
- persistentVolumeClaim:
claimName: events
name: events
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add

0
apigateway/templates/NOTES.txt Normal file
View File

50
apigateway/templates/_gateway_helpers.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create the name of the service account to use
*/}}
{{- define "gateway.apitraffic.serviceAccountName" -}}
{{- if .Values.apitraffic.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apitraffic.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.anm.serviceAccountName" -}}
{{- if .Values.anm.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.anm.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.apimgr.serviceAccountName" -}}
{{- if .Values.apimgr.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apimgr.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.aga.serviceAccountName" -}}
{{- if .Values.aga.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.aga.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Secret name for metrics db credentials, either the existing one or the one created by this chart
*/}}
{{- define "gateway.metrics-db.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }}
{{- end }}
{{/*
Secret name for domain key passphrase
*/}}
{{- define "gateway.domainkeypassphrase.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "domainkeypassphrase") .Values.global.domainkeypassphrase.name }}
{{- end }}

141
apigateway/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,141 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "gateway.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "gateway.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "gateway.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "gateway.labels" -}}
helm.sh/chart: {{ include "gateway.chart" . }}
{{ include "gateway.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "gateway.selectorLabels" -}}
app.kubernetes.io/name: {{ include "gateway.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "gateway.apitraffic.serviceAccountName" -}}
{{- if .Values.apitraffic.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apitraffic.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.anm.serviceAccountName" -}}
{{- if .Values.anm.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.anm.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.apimgr.serviceAccountName" -}}
{{- if .Values.apimgr.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apimgr.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.aga.serviceAccountName" -}}
{{- if .Values.aga.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.aga.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.tests.serviceAccountName" -}}
{{- if .Values.global.tests.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "tests") .Values.global.tests.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.global.tests.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Secret name for metrics db credentials, either the existing one or the one created by this chart
*/}}
{{- define "gateway.metrics-db.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }}
{{- end }}
{{/*
Secret name for cassandra password, either the existing one or the one created by this chart
*/}}
{{- define "gateway.cassandra.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "cassandra") .Values.global.cassandra.existingSecret.name }}
{{- end }}
{{/*
Filters the API GW related volumes from the global section
Usage (example with traffic, can also be anm, aga, apimgr, portal):
{{ include "gateway.volumeMounts" (dict "component" "traffic" "storage" .Values.global.storage) }}
*/}}
{{- define "gateway.volumeMounts" -}}
{{- $component := .component }}
{{- $volumeMounts := list }}
{{- range .storage.volumes }}
{{- if and (or (empty $component) (has $component .usedBy)) .enabled }}
{{- $mountPath := .mountPath | default .mountPoint | default (printf "/opt/Axway/apigateway/%s" .name) }}
{{- $volumeMounts = append $volumeMounts (dict "name" .name "mountPath" $mountPath) }}
{{- end }}
{{- end }}
{{- toYaml $volumeMounts }}
{{- end }}
{{/*
Usage (example with traffic, can also be anm, aga, apimgr, portal):
{{ include "gateway.volumes" (dict "component" "traffic" "storage" .Values.global.storage) }}
*/}}
{{- define "gateway.volumes" -}}
{{- $component := .component }}
{{- $volumes := list }}
{{- range .storage.volumes }}
{{- if and (or (empty $component) (has $component .usedBy)) .enabled }}
{{- $volumes = append $volumes (dict "name" .name "persistentVolumeClaim" (dict "claimName" (coalesce .claimName .name))) }}
{{- end }}
{{- end }}
{{- toYaml $volumes }}
{{- end }}

18
apigateway/templates/_portal_helpers.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create the name of the service account to use
*/}}
{{- define "gateway.apiportal.serviceAccountName" -}}
{{- if .Values.apiportal.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal") .Values.aga.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apiportal.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Secret name for mysql db credentials, either the existing one or the one created by this chart
*/}}
{{- define "gateway.apiportal.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal-db") .Values.apiportal.mysql.existingSecret.name }}
{{- end }}

12
apigateway/templates/aga/aga-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.aga.enabled .Values.aga.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-aga-license-config
data:
{{- range $path, $config := .Values.aga.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

122
apigateway/templates/aga/aga-deployment.yaml Normal file
View File

@@ -0,0 +1,122 @@
{{- if .Values.aga.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
{{- if not .Values.aga.autoscaling.enabled }}
replicas: {{ .Values.aga.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.aga.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.aga.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: aga
{{- with .Values.aga.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.aga.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: aga
{{- with .Values.aga.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.aga.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.aga.podSecurityContext | nindent 8 }}
{{- if .Values.aga.extraInitContainers }}
initContainers:
{{ toYaml (.Values.aga.extraInitContainers) | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.aga.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.aga.image.registry }}/{{ .Values.aga.image.repository }}:{{ .Values.aga.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.aga.service.ports.ui.port }}
protocol: {{ .Values.aga.service.ports.ui.protocol }}
{{- with .Values.aga.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.aga.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.aga.resources | nindent 12 }}
env:
{{- with .Values.aga.extraEnvVars }}
{{ toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
{{- if .Values.aga.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.aga.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.aga.extraVolumeMounts }}
volumeMounts:
{{- toYaml ( .Values.aga.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.aga.license }}
- name: license
mountPath: "/opt/Axway/analytics/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- if .Values.aga.extraVolumes }}
volumes:
{{- if .Values.aga.license }}
- name: license
configMap:
name: {{ .Release.Name }}-aga-license-config
{{- end }}
{{ toYaml ( .Values.aga.extraVolumes ) | indent 8 }}
{{- end }}
{{- with .Values.aga.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.aga.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.aga.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

33
apigateway/templates/aga/aga-hpa.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.aga.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-aga"
minReplicas: {{ .Values.aga.autoscaling.minReplicas }}
maxReplicas: {{ .Values.aga.autoscaling.maxReplicas }}
metrics:
{{- if .Values.aga.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.aga.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.aga.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.aga.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

97
apigateway/templates/aga/aga-ingress.yaml Normal file
View File

@@ -0,0 +1,97 @@
{{- if .Values.aga.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.aga.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-aga
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.aga.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.aga.ingress.className }}
ingressClassName: {{ .Values.aga.ingress.className }}
{{- end }}
{{- if .Values.aga.ingress.tls }}
tls:
{{- range .Values.aga.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.aga.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-aga
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
---
{{- if .Values.aga.extraIngress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.aga.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-aga-extra
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.aga.extraIngress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.aga.extraIngress.className }}
ingressClassName: {{ .Values.aga.extraIngress.className }}
{{- end }}
{{- if .Values.aga.extraIngress.tls }}
tls:
{{- range .Values.aga.extraIngress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.aga.extraIngress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-aga
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
apigateway/templates/aga/aga-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if and .Values.aga.enabled .Values.aga.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
{{- if .Values.global.domainName }}
host: aga.{{ .Values.global.domainName }}
{{- end }}
port:
targetPort: {{ tpl .Values.aga.route.targetPort . }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-aga"
{{- if .Values.aga.route.tls.enabled }}
tls:
termination: {{ .Values.aga.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.aga.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.aga.route.tls.key }}
key: |-
{{- .Values.aga.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.aga.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.aga.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.aga.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.aga.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.aga.route.tls.certificate }}
certificate: |-
{{- .Values.aga.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

19
apigateway/templates/aga/aga-service.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.aga.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
type: {{ .Values.aga.service.type }}
ports:
- port: {{ .Values.aga.service.ports.ui.port }}
targetPort: {{ .Values.aga.service.ports.ui.port }}
protocol: {{ .Values.aga.service.ports.ui.protocol }}
name: apianalyticsui
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: aga
{{- end }}

13
apigateway/templates/aga/aga-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.aga.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.aga.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
{{- with .Values.aga.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

12
apigateway/templates/anm/anm-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.anm.enabled .Values.anm.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-anm-license-config
data:
{{- range $path, $config := .Values.anm.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

162
apigateway/templates/anm/anm-deployment.yaml Normal file
View File

@@ -0,0 +1,162 @@
{{- if .Values.anm.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
{{- if not .Values.anm.autoscaling.enabled }}
replicas: {{ .Values.anm.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.anm.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.anm.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: anm
{{- with .Values.anm.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.anm.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: anm
{{- with .Values.anm.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.anm.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.anm.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.anm.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.anm.image.registry }}/{{ .Values.anm.image.repository }}:{{ .Values.anm.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.anm.service.ports.traffic.port }}
protocol: {{ .Values.anm.service.ports.traffic.protocol }}
- containerPort: {{ .Values.anm.service.ports.ui.port }}
protocol: {{ .Values.anm.service.ports.ui.protocol }}
{{- with .Values.anm.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.anm.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.anm.resources | nindent 12 }}
env:
{{- with .Values.anm.extraEnvVars }}
{{ toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.anm.FIPS.enabled }}
- name: EMT_FIPS_MODE
value: {{ .Values.anm.FIPS.enabled | quote }}
{{- end }}
{{- if .Values.anm.jvmHeapSize }}
- name: EMT_HEAP_SIZE_MB
value: {{ .Values.anm.jvmHeapSize | quote }}
{{- end }}
{{- if .Values.anm.logs.trace.level }}
- name: EMT_TRACE_LEVEL
value: {{ .Values.anm.logs.trace.level | quote }}
{{- end }}
{{- if .Values.anm.logs.trace.disk }}
- name: APIGW_LOG_TRACE_TO_FILE
value: {{ .Values.anm.logs.trace.disk | quote }}
{{- end }}
- name: APIGW_LOG_TRACE_JSON_TO_STDOUT
value: {{ default .Values.anm.logs.trace.stdoutJSON false | quote }}
{{- if .Values.global.domainkeypassphrase }}
- name: DOMAIN_KEY_PASSPHRASE
valueFrom:
secretKeyRef:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
key: passphrase
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
{{- if .Values.anm.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.anm.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.anm.extraVolumeMounts }}
volumeMounts:
{{- if .Values.anm.license }}
- name: license
mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- toYaml ( .Values.anm.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.anm.extraVolumes }}
volumes:
{{- if .Values.anm.license }}
- name: license
configMap:
name: {{ .Release.Name }}-anm-license-config
{{- end }}
{{ toYaml ( .Values.anm.extraVolumes ) | indent 8 }}
{{- end }}
initContainers:
{{- if .Values.global.database.metrics.enabled }}
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: ['sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;']
{{- with .Values.global.initContainers.resources }}
resources:
{{ toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.anm.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.anm.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.anm.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.anm.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

35
apigateway/templates/anm/anm-hpa.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-anm"
minReplicas: {{ .Values.anm.autoscaling.minReplicas }}
maxReplicas: {{ .Values.anm.autoscaling.maxReplicas }}
metrics:
{{- if .Values.anm.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.anm.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.anm.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.anm.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
{{- end }}

97
apigateway/templates/anm/anm-ingress.yaml Normal file
View File

@@ -0,0 +1,97 @@
{{- if .Values.anm.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.anm.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-anm
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.anm.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.anm.ingress.className }}
ingressClassName: {{ .Values.anm.ingress.className }}
{{- end }}
{{- if .Values.anm.ingress.tls }}
tls:
{{- range .Values.anm.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.anm.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-anm
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
---
{{- if .Values.anm.extraIngress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.anm.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-anm-extra
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.anm.extraIngress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.anm.extraIngress.className }}
ingressClassName: {{ .Values.anm.extraIngress.className }}
{{- end }}
{{- if .Values.anm.extraIngress.tls }}
tls:
{{- range .Values.anm.extraIngress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.anm.extraIngress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-anm
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

42
apigateway/templates/anm/anm-routes.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
{{- if .Values.global.domainName }}
host: anm.{{ .Values.global.domainName }}
{{- end }}
port:
targetPort: {{ tpl .Values.anm.route.targetPort . }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-anm"
{{- if .Values.anm.route.tls.enabled }}
tls:
termination: {{ .Values.anm.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.anm.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.anm.route.tls.key }}
key: |-
{{- .Values.anm.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.anm.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.anm.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.anm.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.anm.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.anm.route.tls.certificate }}
certificate: |-
{{- .Values.anm.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}
{{- end }}

23
apigateway/templates/anm/anm-service.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.anm.enabled }}
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
type: {{ .Values.anm.service.type }}
ports:
- port: {{ .Values.anm.service.ports.traffic.port }}
targetPort: {{ .Values.anm.service.ports.traffic.port }}
protocol: {{ .Values.anm.service.ports.traffic.protocol }}
name: gatewaymanager
- port: {{ .Values.anm.service.ports.ui.port }}
targetPort: {{ .Values.anm.service.ports.ui.port }}
protocol: {{ .Values.anm.service.ports.ui.protocol }}
name: gatewaymanagerui
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: anm
{{- end }}

15
apigateway/templates/anm/anm-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ include "gateway.anm.serviceAccountName" . }}"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
{{- with .Values.anm.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

12
apigateway/templates/apimgr/apimgr-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.apimgr.enabled .Values.apimgr.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-apimgr-license-config
data:
{{- range $path, $config := .Values.apimgr.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

225
apigateway/templates/apimgr/apimgr-deployment.yaml Normal file
View File

@@ -0,0 +1,225 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
{{- if not .Values.apimgr.autoscaling.enabled }}
replicas: {{ .Values.apimgr.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apimgr.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apimgr.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: apimgr
{{- with .Values.apimgr.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.apimgr.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: apimgr
{{- with .Values.apimgr.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.apimgr.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.apimgr.podSecurityContext | nindent 8 }}
initContainers:
{{- if .Values.global.cassandra.enabled }}
- name: init-cassandra
image: {{ .Values.global.initContainers.image | quote }}
command: ["sh", "-c", "c=0; x={{ len .Values.global.cassandra.hosts }}; until [ $(( c * 100 / x )) -ge 50 ]; do c=0; for host in {{- range .Values.global.cassandra.hosts }} {{ .hostname }} {{- end }}; do echo waiting for ${host}; if nc -w 3 -v ${host} {{ .Values.global.cassandra.port }};then c=$((c+1)); fi done; sleep 2; done;"]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
- name: init-anm
image: {{ .Values.global.initContainers.image | quote }}
{{- if .Values.anm.hostname }}
command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"]
{{- else }}
command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"]
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apimgr.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.apimgr.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.apimgr.image.registry }}/{{ .Values.apimgr.image.repository }}:{{ .Values.apimgr.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.apimgr.service.ports.ui.port }}
protocol: {{ .Values.apimgr.service.ports.ui.protocol }}
{{- with .Values.apimgr.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apimgr.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.apimgr.resources | nindent 12 }}
env:
{{- with .Values.apimgr.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.apimgr.FIPS.enabled }}
- name: EMT_FIPS_MODE
value: {{ .Values.apimgr.FIPS.enabled | quote }}
{{- end }}
{{- if .Values.apimgr.jvmHeapSize }}
- name: EMT_HEAP_SIZE_MB
value: {{ .Values.apimgr.jvmHeapSize | quote }}
{{- end }}
{{- if .Values.apimgr.logs.trace.level }}
- name: EMT_TRACE_LEVEL
value: {{ .Values.apimgr.logs.trace.level | quote }}
{{- end }}
{{- if .Values.apimgr.logs.trace.disk }}
- name: APIGW_LOG_TRACE_TO_FILE
value: {{ .Values.apimgr.logs.trace.disk | quote }}
{{- end }}
- name: APIGW_LOG_TRACE_JSON_TO_STDOUT
value: {{ default .Values.apimgr.logs.trace.stdoutJSON false | quote }}
{{- if .Values.apimgr.logs.opentraffic.output | quote }}
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: {{ .Values.apimgr.logs.opentraffic.output | quote }}
{{- end }}
{{- if .Values.global.domainkeypassphrase }}
- name: DOMAIN_KEY_PASSPHRASE
valueFrom:
secretKeyRef:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
key: passphrase
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
{{- if .Values.anm.hostname }}
- name: EMT_ANM_HOSTS
value: {{ .Values.anm.hostname | quote }}
{{- else }}
- name: EMT_ANM_HOSTS
value: "{{ include "gateway.fullname" . }}-anm:8090"
{{- end }}
- name: GROUP_ID
value: {{ .Values.apimgr.groupId }}
{{- if .Values.global.domainId }}
- name: DOMAIN_ID
value: {{ .Values.global.domainId }}
{{- end }}
{{- if .Values.global.cassandra.enabled }}
{{- range .Values.global.cassandra.hosts }}
- name: {{ .variable }}
value: {{ .hostname | quote }}
{{- end }}
- name: CASS_PORT
value: {{ .Values.global.cassandra.port | quote }}
- name: CASS_KEYSPACE
value: {{ tpl .Values.global.cassandra.keyspace . | quote }}
- name: CASS_TKEYSPACE
value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }}
- name: CASS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
- name: CASS_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
{{- end }}
{{- if .Values.apimgr.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.apimgr.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.apimgr.extraVolumeMounts }}
volumeMounts:
{{- if .Values.apimgr.license }}
- name: license
mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- toYaml ( .Values.apimgr.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.apimgr.extraVolumes }}
volumes:
{{- if .Values.apimgr.license }}
- name: license
configMap:
name: {{ .Release.Name }}-apimgr-license-config
{{- end }}
{{ toYaml ( .Values.apimgr.extraVolumes ) | indent 8 }}
{{- end }}
{{- with .Values.apimgr.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apimgr.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apimgr.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

33
apigateway/templates/apimgr/apimgr-hpa.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.apimgr.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-apimgr"
minReplicas: {{ .Values.apimgr.autoscaling.minReplicas }}
maxReplicas: {{ .Values.apimgr.autoscaling.maxReplicas }}
metrics:
{{- if .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

97
apigateway/templates/apimgr/apimgr-ingress.yaml Normal file
View File

@@ -0,0 +1,97 @@
{{- if .Values.apimgr.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apimgr.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apimgr
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apimgr.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apimgr.ingress.className }}
ingressClassName: {{ .Values.apimgr.ingress.className }}
{{- end }}
{{- if .Values.apimgr.ingress.tls }}
tls:
{{- range .Values.apimgr.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apimgr.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apimgr
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
---
{{- if .Values.apimgr.extraIngress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apimgr.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apimgr-extra
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apimgr.extraIngress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apimgr.extraIngress.className }}
ingressClassName: {{ .Values.apimgr.extraIngress.className }}
{{- end }}
{{- if .Values.apimgr.extraIngress.tls }}
tls:
{{- range .Values.apimgr.extraIngress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apimgr.extraIngress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apimgr
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
apigateway/templates/apimgr/apimgr-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.apimgr.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
{{- if .Values.global.domainName }}
host: apimgr.{{ .Values.global.domainName }}
{{- end }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-apimgr"
port:
targetPort: {{ tpl .Values.apimgr.route.targetPort . }}
{{- if .Values.apimgr.route.tls.enabled }}
tls:
termination: {{ .Values.apimgr.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apimgr.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apimgr.route.tls.key }}
key: |-
{{- .Values.apimgr.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apimgr.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apimgr.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apimgr.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apimgr.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apimgr.route.tls.certificate }}
certificate: |-
{{- .Values.apimgr.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

17
apigateway/templates/apimgr/apimgr-service.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
type: {{ .Values.apimgr.service.type }}
ports:
- port: {{ .Values.apimgr.service.ports.ui.port }}
targetPort: {{ .Values.apimgr.service.ports.ui.port }}
protocol: {{ .Values.apimgr.service.ports.ui.protocol }}
name: apimanagerui
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apimgr

13
apigateway/templates/apimgr/apimgr-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.apimgr.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.apimgr.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
{{- with .Values.apimgr.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

12
apigateway/templates/apiportal/apiportal-db-secret.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.apiportal.enabled (not .Values.apiportal.mysql.existingSecret) -}}
apiVersion: v1
data:
username: {{ .Values.apiportal.mysql.username | b64enc }}
password: {{ .Values.apiportal.mysql.password | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.apiportal.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
{{- end }}

170
apigateway/templates/apiportal/apiportal-deployment.yaml Normal file
View File

@@ -0,0 +1,170 @@
{{- if .Values.apiportal.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-apiportal"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
replicas: {{ .Values.apiportal.replicaCount }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apiportal.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apiportal.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: apiportal
{{- with .Values.apiportal.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.apiportal.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: apiportal
{{- with .Values.apiportal.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.apiportal.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.apiportal.podSecurityContext | nindent 8 }}
containers:
- name: "{{ include "gateway.fullname" . }}-apiportal"
securityContext:
{{- toYaml .Values.apiportal.securityContext | nindent 12 }}
command: ["/usr/local/bin/entrypoint.sh", "apiportal"]
{{- with .Values.apiportal.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apiportal.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.apiportal.resources | nindent 12 }}
env:
- name: MYSQL_HOST
value: {{ default .Values.global.database.host .Values.apiportal.mysql.host | quote }}
- name: MYSQL_PORT
value: {{ tpl .Values.apiportal.mysql.port . | quote }}
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: {{ include "gateway.apiportal.secretName" . }}
key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "gateway.apiportal.secretName" . }}
key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
- name: MYSQL_DATABASE
value: {{ .Values.apiportal.mysql.databaseName | quote }}
- name: MYSQL_SSL_ON
value: {{ .Values.apiportal.mysql.sslOn | quote }}
- name: MYSQL_SSL_VERIFY_CERT
value: {{ .Values.apiportal.mysql.sslVerifyCert | quote }}
{{- if .Values.apiportal.redis.enabled }}
- name: REDIS_CONFIGURED
value: "1"
- name: REDIS_ON
value: "1"
- name: REDIS_HOST
value: {{ required "A redis host should be specified" .Values.apiportal.redis.host | quote }}
- name: REDIS_PORT
value: {{ default "6379" .Values.apiportal.redis.port | quote }}
- name: REDIS_CACHE_TIMEOUT_SEC
value: {{ default "600" .Values.apiportal.redis.cacheTimeout | quote }}
{{- end }}
- name: APACHE_SSL_ON
value: {{ .Values.apiportal.apache.sslOn | quote }}
- name: APIMANAGER_CONFIGURED
value: {{ default "1" .Values.apiportal.apiManager.configured | quote }}
- name: API_WHITELIST_CONFIGURED
value: "1"
- name: API_WHITELIST
value: "apitraffic.{{ .Values.global.domainName }}"
- name: APIMANAGER_NAME
value: {{ .Values.apiportal.apiManager.name | quote }}
- name: APIMANAGER_HOST
value: "{{ include "gateway.fullname" . }}-apimgr"
- name: APIMANAGER_PORT
value: {{ .Values.apimgr.service.ports.ui.port | quote }}
- name: HTTP_PORT
value: {{ .Values.apiportal.service.ports.http.port | quote }}
- name: HTTPS_PORT
value: {{ .Values.apiportal.service.ports.https.port | quote }}
- name: HTTPS_FORCE_PORT
value: {{ .Values.apiportal.service.ports.force.port | quote }}
- name: T4_DOWNLOADED
value: {{ .Values.apiportal.t4_downloaded | quote }}
{{- if .Values.apiportal.extraEnvVars }}
{{- toYaml .Values.apiportal.extraEnvVars | nindent 12 }}
{{- end }}
image: "{{ default .Values.global.defaultRegistry .Values.apiportal.image.registry }}/{{ .Values.apiportal.image.repository }}:{{ .Values.apiportal.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- name: "apiportal"
containerPort: {{ .Values.apiportal.service.ports.force.port }}
protocol: TCP
volumeMounts:
{{- $mounts := list }}
{{- if .Values.apiportal.mysql.sslOn }}
{{- $mounts = append $mounts (dict "name" "mysql-certs" "mountPath" "/opt/axway/apiportal/certs/mysql/mysql-ca.pem" "subPath" "mysql-ca.pem") }}
{{- end }}
{{- if .Values.apiportal.apache.sslOn }}
{{- $mounts = append $mounts (dict "name" "apache" "mountPath" "/opt/axway/apiportal/certs/apache/") }}
{{- end }}
{{- include "gateway.volumeMounts" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $mounts | default list | toYaml | nindent 12 }}
initContainers:
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: [ 'sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port }}; do echo waiting for MySQL; sleep 2; done;' ]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.apiportal.apiManager.configured }}
- name: init-apimanager
image: {{ .Values.global.initContainers.image | quote }}
command: [ 'sh', '-c', 'until nc -w 3 -v {{ include "gateway.fullname" . }}-apimgr 8075; do echo waiting for API Manager; sleep 2; done;' ]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.apiportal.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- $vols := list }}
{{- if .Values.apiportal.mysql.sslOn }}
{{- $vols = append $vols (dict "name" "mysql-certs" "secret" (dict "secretName" "mysql-ca-cert" "items" (list (dict "key" "mysql-ca.pem" "path" "mysql-ca.pem")))) }}
{{- end }}
{{- if .Values.apiportal.apache.sslOn }}
{{- $vols = append $vols (dict "name" "apache" "secret" (dict "secretName" "apache" "items" (list (dict "key" "tls.key" "path" "apache.key") (dict "key" "tls.crt" "path" "apache.crt")))) }}
{{- end }}
{{- include "gateway.volumes" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $vols | default list | toYaml | nindent 8 }}
{{- end }}

97
apigateway/templates/apiportal/apiportal-ingress.yaml Normal file
View File

@@ -0,0 +1,97 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apiportal.service.ports.target.port }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apiportal
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apiportal.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apiportal.ingress.className }}
ingressClassName: {{ .Values.apiportal.ingress.className }}
{{- end }}
{{- if .Values.apiportal.ingress.tls }}
tls:
{{- range .Values.apiportal.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apiportal.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apiportal
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
---
{{- if and .Values.apiportal.enabled .Values.apiportal.extraIngress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apiportal.service.ports.target.port }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apiportal-extra
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apiportal.extraIngress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apiportal.extraIngress.className }}
ingressClassName: {{ .Values.apiportal.extraIngress.className }}
{{- end }}
{{- if .Values.apiportal.extraIngress.tls }}
tls:
{{- range .Values.apiportal.extraIngress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apiportal.extraIngress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apiportal
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

37
apigateway/templates/apiportal/apiportal-rbac.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{- if .Values.apiportal.enabled -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: apiportalscc
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- nonroot
resources:
- securitycontextconstraints
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: apiportalscc
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
subjects:
- kind: ServiceAccount
name: {{ include "gateway.apiportal.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
roleRef:
kind: Role
name: apiportalscc
apiGroup: rbac.authorization.k8s.io
{{- end }}

40
apigateway/templates/apiportal/apiportal-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-apiportal"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
to:
kind: Service
name: {{ include "gateway.fullname" . }}-apiportal
{{- if .Values.global.domainName }}
host: apiportal.{{ .Values.global.domainName }}
{{- end }}
port:
targetPort: {{ tpl .Values.apiportal.route.targetPort . }}
{{- if .Values.apiportal.route.tls.enabled }}
tls:
termination: {{ .Values.apiportal.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apiportal.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apiportal.route.tls.key }}
key: |-
{{- .Values.apiportal.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apiportal.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apiportal.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apiportal.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apiportal.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apiportal.route.tls.certificate }}
certificate: |-
{{- .Values.apiportal.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

24
apigateway/templates/apiportal/apiportal-service.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.apiportal.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "gateway.fullname" . }}-apiportal
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
type: ClusterIP
ports:
- port: {{ .Values.apiportal.service.ports.http.port }}
targetPort: {{ .Values.apiportal.service.ports.http.port }}
protocol: TCP
name: {{ include "gateway.fullname" . }}-apiportal-http
- port: {{ .Values.apiportal.service.ports.https.port }}
targetPort: {{ .Values.apiportal.service.ports.https.port }}
protocol: TCP
name: {{ include "gateway.fullname" . }}-apiportal-https
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
{{- end }}

13
apigateway/templates/apiportal/apiportal-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.apiportal.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
{{- with .Values.apiportal.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

53
apigateway/templates/apiportal/storage/apiportal-pvc.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- if .Values.apiportal.enabled }}
{{- range .Values.apiportal.storage.volumes }}
{{- if .enabled }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }}
resources:
requests:
storage: {{ default "1Mi" .capacity | quote }}
{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "static" }}
# PersistentVolume needs to be created only for Static storage provisioning
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "gateway.fullname" $ }}-{{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
capacity:
storage: {{ .capacity | quote }}
volumeMode: Filesystem
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }}
csi:
driver: {{ .persistentVolume.csiDriver }}
volumeHandle: {{ .persistentVolume.volumeHandle }}
claimRef:
name: {{ .name | lower }}
namespace: {{ $.Release.Namespace | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

26
apigateway/templates/apiportal/storage/storage-class.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{ if .Values.apiportal.enabled }}
{{- range .Values.apiportal.storage.classes }}
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
provisioner: {{ .provisioner | quote }}
{{- with .allowVolumeExpansion }}
allowVolumeExpansion: {{ . }}
{{- end }}
{{- with .parameters }}
parameters: {{- tpl (toYaml .) $ | nindent 2 }}
{{- end }}
{{- with .mountOptions }}
mountOptions: {{- toYaml . | nindent 2 }}
{{- end }}
{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "dynamic" }}
volumeBindingMode: WaitForFirstConsumer
{{- else }}
volumeBindingMode: Immediate
{{- end }}
{{- end }}
{{- end }}

12
apigateway/templates/apitraffic/apitraffic-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.apitraffic.enabled .Values.apitraffic.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-apitraffic-license-config
data:
{{- range $path, $config := .Values.apitraffic.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

226
apigateway/templates/apitraffic/apitraffic-deployment.yaml Normal file
View File

@@ -0,0 +1,226 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
{{- if not .Values.apitraffic.autoscaling.enabled }}
replicas: {{ .Values.apitraffic.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apitraffic.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apitraffic.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: apitraffic
{{- with .Values.apitraffic.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.apitraffic.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: apitraffic
{{- with .Values.apitraffic.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.apitraffic.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.apitraffic.podSecurityContext | nindent 8 }}
initContainers:
{{- if .Values.global.cassandra.enabled }}
- name: init-cassandra
image: {{ .Values.global.initContainers.image | quote }}
command: ["sh", "-c", "c=0; x={{ len .Values.global.cassandra.hosts }}; until [ $(( c * 100 / x )) -ge 50 ]; do c=0; for host in {{- range .Values.global.cassandra.hosts }} {{ .hostname }} {{- end }}; do echo waiting for ${host}; if nc -w 3 -v ${host} {{ .Values.global.cassandra.port }};then c=$((c+1)); fi done; sleep 2; done;"]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
- name: init-anm
image: {{ .Values.global.initContainers.image | quote }}
{{- if .Values.anm.hostname }}
command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"]
{{- else }}
command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"]
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apitraffic.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.apitraffic.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.apitraffic.image.registry }}/{{ .Values.apitraffic.image.repository }}:{{ .Values.apitraffic.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.apitraffic.service.ports.traffic.port }}
protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }}
{{- with .Values.apitraffic.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apitraffic.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.apitraffic.resources | nindent 12 }}
env:
{{- with .Values.apitraffic.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.apitraffic.FIPS.enabled }}
- name: EMT_FIPS_MODE
value: {{ .Values.apitraffic.FIPS.enabled | quote }}
{{- end }}
{{- if .Values.apitraffic.jvmHeapSize }}
- name: EMT_HEAP_SIZE_MB
value: {{ .Values.apitraffic.jvmHeapSize | quote }}
{{- end }}
{{- if .Values.apitraffic.logs.trace.level }}
- name: EMT_TRACE_LEVEL
value: {{ .Values.apitraffic.logs.trace.level | quote }}
{{- end }}
{{- if .Values.apitraffic.logs.trace.disk }}
- name: APIGW_LOG_TRACE_TO_FILE
value: {{ .Values.apitraffic.logs.trace.disk | quote }}
{{- end }}
- name: APIGW_LOG_TRACE_JSON_TO_STDOUT
value: {{ default .Values.apitraffic.logs.trace.stdoutJSON false | quote }}
{{- if .Values.apitraffic.logs.opentraffic.output | quote}}
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: {{ .Values.apitraffic.logs.opentraffic.output | quote }}
{{- end }}
{{- if .Values.global.domainkeypassphrase }}
- name: DOMAIN_KEY_PASSPHRASE
valueFrom:
secretKeyRef:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
key: passphrase
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
- name: GROUP_ID
value: {{ .Values.apitraffic.groupId }}
{{- if .Values.global.domainId }}
- name: DOMAIN_ID
value: {{ .Values.global.domainId }}
{{- end }}
{{- if .Values.global.cassandra.enabled }}
{{- range .Values.global.cassandra.hosts }}
- name: {{ .variable }}
value: {{ .hostname | quote }}
{{- end }}
- name: CASS_PORT
value: {{ .Values.global.cassandra.port | quote }}
- name: CASS_KEYSPACE
value: {{ tpl .Values.global.cassandra.keyspace . | quote }}
- name: CASS_TKEYSPACE
value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }}
- name: CASS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
- name: CASS_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
{{- end }}
{{- if .Values.apitraffic.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.apitraffic.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.anm.hostname }}
- name: EMT_ANM_HOSTS
value: {{ .Values.anm.hostname | quote }}
{{- else }}
- name: EMT_ANM_HOSTS
value: "{{ include "gateway.fullname" . }}-anm:8090"
{{- end }}
{{- if .Values.apitraffic.extraVolumeMounts }}
volumeMounts:
{{- if .Values.apitraffic.license }}
- name: license
mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- toYaml ( .Values.apitraffic.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.apitraffic.extraVolumes }}
volumes:
{{- if .Values.apitraffic.license }}
- name: license
configMap:
name: {{ .Release.Name }}-apitraffic-license-config
{{- end }}
{{ toYaml ( .Values.apitraffic.extraVolumes ) | indent 8 }}
{{- end }}
{{- with .Values.apitraffic.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apitraffic.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apitraffic.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

33
apigateway/templates/apitraffic/apitraffic-hpa.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.apitraffic.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-apitraffic"
minReplicas: {{ .Values.apitraffic.autoscaling.minReplicas }}
maxReplicas: {{ .Values.apitraffic.autoscaling.maxReplicas }}
metrics:
{{- if .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

97
apigateway/templates/apitraffic/apitraffic-ingress.yaml Normal file
View File

@@ -0,0 +1,97 @@
{{- if .Values.apitraffic.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apitraffic.service.ports.traffic.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apitraffic
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apitraffic.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apitraffic.ingress.className }}
ingressClassName: {{ .Values.apitraffic.ingress.className }}
{{- end }}
{{- if .Values.apitraffic.ingress.tls }}
tls:
{{- range .Values.apitraffic.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apitraffic.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apitraffic
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
---
{{- if .Values.apitraffic.extraIngress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apitraffic.service.ports.traffic.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apitraffic-extra
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apitraffic.extraIngress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apitraffic.extraIngress.className }}
ingressClassName: {{ .Values.apitraffic.extraIngress.className }}
{{- end }}
{{- if .Values.apitraffic.extraIngress.tls }}
tls:
{{- range .Values.apitraffic.extraIngress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apitraffic.extraIngress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apitraffic
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
apigateway/templates/apitraffic/apitraffic-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.apitraffic.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
{{- if .Values.global.domainName }}
host: apitraffic.{{ .Values.global.domainName }}
{{- end }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-apitraffic"
port:
targetPort: {{ tpl .Values.apitraffic.route.targetPort . }}
{{- if .Values.apitraffic.route.tls.enabled }}
tls:
termination: {{ .Values.apitraffic.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apitraffic.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apitraffic.route.tls.key }}
key: |-
{{- .Values.apitraffic.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apitraffic.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apitraffic.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.route.tls.certificate }}
certificate: |-
{{- .Values.apitraffic.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

39
apigateway/templates/apitraffic/apitraffic-service.yaml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
type: {{ .Values.apitraffic.service.type }}
ports:
- port: {{ .Values.apitraffic.service.ports.traffic.port }}
targetPort: {{ .Values.apitraffic.service.ports.traffic.port }}
protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }}
name: apigatewaytraffic
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
---
{{- if eq .Values.apitraffic.oauth.enabled true }}
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-oauth"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
type: {{ .Values.apitraffic.oauth.type }}
ports:
- port: {{ .Values.apitraffic.oauth.port }}
targetPort: {{ .Values.apitraffic.oauth.port }}
protocol: {{ .Values.apitraffic.oauth.protocol }}
name: oauth
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
{{- end }}

13
apigateway/templates/apitraffic/apitraffic-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.apitraffic.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.apitraffic.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
{{- with .Values.apitraffic.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

45
apigateway/templates/apitraffic/oauth-ingress.yaml Normal file
View File

@@ -0,0 +1,45 @@
{{- if .Values.apitraffic.oauth.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apitraffic.oauth.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-oauth
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apitraffic.oauth.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apitraffic.oauth.ingress.className }}
ingressClassName: {{ .Values.apitraffic.oauth.ingress.className }}
{{- end }}
{{- if .Values.apitraffic.oauth.ingress.tls }}
tls:
{{- range .Values.apitraffic.oauth.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apitraffic.oauth.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-oauth
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
apigateway/templates/apitraffic/oauth-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.apitraffic.oauth.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-oauth"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: oauth
spec:
{{- if .Values.global.domainName }}
host: oauth.{{ .Values.global.domainName }}
{{- end }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-oauth"
port:
targetPort: {{ tpl .Values.apitraffic.oauth.route.targetPort . }}
{{- if .Values.apitraffic.oauth.route.tls.enabled }}
tls:
termination: {{ .Values.apitraffic.oauth.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apitraffic.oauth.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apitraffic.oauth.route.tls.key }}
key: |-
{{- .Values.apitraffic.oauth.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.oauth.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apitraffic.oauth.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.oauth.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apitraffic.oauth.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.oauth.route.tls.certificate }}
certificate: |-
{{- .Values.apitraffic.oauth.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

11
apigateway/templates/common/cassandra-secret.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if (not .Values.global.cassandra.existingSecret) -}}
apiVersion: v1
data:
username: {{ .Values.global.cassandra.username | b64enc }}
password: {{ .Values.global.cassandra.password | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.cassandra.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- end }}

10
apigateway/templates/common/domain-key-secret.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- if ((.Values.global.domainkeypassphrase).passphrase) -}}
apiVersion: v1
data:
passphrase: {{ .Values.global.domainkeypassphrase.passphrase | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- end }}

11
apigateway/templates/common/metrics-db-secret.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if and .Values.global.database.metrics.enabled (not .Values.global.database.metrics.existingSecret) -}}
apiVersion: v1
data:
username: {{ .Values.global.database.metrics.username | b64enc }}
password: {{ .Values.global.database.metrics.password | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.metrics-db.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- end }}

59
apigateway/templates/cronjob/cronjob.yaml Normal file
View File

@@ -0,0 +1,59 @@
{{- if .Values.cronjob.enabled -}}
apiVersion: batch/v1
kind: CronJob
metadata:
name: purge-files
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: cronjob
spec:
schedule: "{{ .Values.cronjob.schedule }}"
jobTemplate:
spec:
ttlSecondsAfterFinished: {{ .Values.cronjob.job_ttl }}
template:
metadata:
labels:
{{- include "gateway.labels" . | nindent 12 }}
app.kubernetes.io/component: cronjob
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 12 }}
{{- end }}
containers:
- name: purge-files-job
image: {{ default .Values.global.initContainers.image .Values.cronjob.image | quote }}
args:
- /bin/sh
- -c
- echo "purging event files older than {{ .Values.cronjob.older_than }}"; find /events -type f -mtime {{ .Values.cronjob.older_than }} -exec rm -rf {} \;
volumeMounts:
- name: eventsvol
mountPath: "/events"
{{- with .Values.global.initContainers.resources }}
resources:
{{ toYaml . | nindent 14 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 14 }}
{{- end }}
restartPolicy: OnFailure
volumes:
- name: eventsvol
persistentVolumeClaim:
claimName: {{ .Values.cronjob.claimName }}
{{- with .Values.cronjob.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.cronjob.affinity }}
affinity:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.cronjob.tolerations }}
tolerations:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}

50
apigateway/templates/storage/pvc.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- range .Values.global.storage.volumes }}
{{- if .enabled }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
spec:
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }}
resources:
requests:
storage: {{ default "1Mi" .capacity | quote }}
{{- if eq $.Values.global.storage.provisioningType "static" }}
# PersistentVolume needs to be created only for Static storage provisioning
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "gateway.fullname" $ }}-{{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
capacity:
storage: {{ .capacity | quote }}
volumeMode: Filesystem
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }}
csi:
driver: {{ .persistentVolume.csiDriver }}
volumeHandle: {{ .persistentVolume.volumeHandle }}
claimRef:
name: {{ .name | lower }}
namespace: {{ $.Release.Namespace | quote }}
{{- end }}
{{- end }}
{{- end }}

24
apigateway/templates/storage/storage-class.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- range .Values.global.storage.classes }}
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
provisioner: {{ .provisioner | quote }}
{{- if .allowVolumeExpansion }}
allowVolumeExpansion: {{ .allowVolumeExpansion }}
{{- end }}
{{- with .parameters }}
parameters: {{- tpl (toYaml .) $ | nindent 2 }}
{{- end }}
{{- with .mountOptions }}
mountOptions: {{- toYaml . | nindent 2 }}
{{- end }}
{{- if eq $.Values.global.storage.provisioningType "dynamic" }}
volumeBindingMode: WaitForFirstConsumer
{{- else }}
volumeBindingMode: Immediate
{{- end }}
{{- end }}

114
apigateway/templates/tests/gw-test-connection.yaml Normal file
View File

@@ -0,0 +1,114 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-anm-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-anm:{{ .Values.anm.service.ports.traffic.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apimgr:{{ .Values.apimgr.service.ports.ui.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apitraffic:{{ .Values.apitraffic.service.ports.traffic.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
---
{{- if .Values.aga.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-aga-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-aga:{{ .Values.aga.service.ports.ui.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
{{- end }}

13
apigateway/templates/tests/test-connection-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.global.tests.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.tests.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: test-connection
{{- with .Values.global.tests.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2314
apigateway/values.schema.json Normal file
View File

File diff suppressed because it is too large Load Diff

1251
apigateway/values.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

48
values-override.yaml
View File

@@ -103,7 +103,7 @@ global:
anm: anm:
image: image:
repository: "admin-nodemanager" repository: "admin-nodemanager"
tag: "7.7.0.20240228-1-BN0065-ubi9" tag: "7.7.0.20250830-3-BN0276-ubi9"
generalConditions: generalConditions:
accept: "yes" accept: "yes"
resources: resources:
@@ -117,6 +117,7 @@ anm:
runAsNonRoot: true runAsNonRoot: true
route: route:
enabled: true enabled: true
targetPort: "{{ .Values.anm.service.ports.traffic.port }}"
host: apimgr.apilab.us host: apimgr.apilab.us
annotations: annotations:
cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-kind: ClusterIssuer
@@ -128,27 +129,34 @@ anm:
key: key:
destinationCACertificate: | destinationCACertificate: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIC0jCCAbqgAwIBAgIGAY4J1hijMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNVBAMM MIIC0jCCAbqgAwIBAgIGAZnKuRjxMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNVBAMM
DURlZmF1bHREb21haW4wIBcNMjQwMjI2MTQyMDEwWhgPMjEyNDAyMDkxNDIwMTBa DURlZmF1bHREb21haW4wIBcNMjUxMDAyMjA0NTUyWhgPMjEyNTA5MTUyMDQ1NTJa
MBgxFjAUBgNVBAMMDURlZmF1bHREb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IB MBgxFjAUBgNVBAMMDURlZmF1bHREb21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCEooOITaf9yC63uqIABDpWcd4o17fVIqkb9u7DT4ZyJSWAaL8 DwAwggEKAoIBAQDlpLz2niUTMnLxf0n0EHRmXOYJahhKsCvyq6mUHwyQKgG893RB
8t+k866EtppNTLn/3tntoG+G6XZiNTZfyT6rLad/3GVpkX78P9eqwUS5CpKWbBFd KwY7tfoHDAsx8WAF1UFLKAXgBDlo2wXrKC0xCEZknM5UfzCHDz7ajGG0CEFPtWXw
KzYV6YC4Zw44SG8aX0A98T7Hz5j67EDkvY0VY9TWBSTpiWZum+R5mpayCfnfEjSz Z1/0Q0t9Zjc+VKP5oVM/X7kM7mPVFabbCJ6hieAUadguKTtd19CIECu9my41xcYS
XQ6+Y+YVusbJk+EjJEENGkmnT5/pQHTnSAGH0aHkeY84OiW7ZwMqysEXlXvRWKHn cj3Bd7LAIW1DepniK/mnRfzOGWYdzv5iiWo6aR8I3ZAvLXB8BgpAd2ym927kFG8f
Ul5cEkugM7BQVJak/q+XbKWjWdczLWByA5DzXOvhu7TdynEA5f0rNOaYc8O5N3yr C6xR8xLnSaXdZ7QMDi3zO2TN7AxdKYPi/5Yh7UHm0RqSa9gbuIbQq/Pxb7QZHzWP
U1K7rikQaVih+paJhM+XE5p0zZvUgYDTsEMbAgMBAAGjIDAeMA8GA1UdEwQIMAYB U4Y44TX0BNUTkDB2Gv9Yu+rtghdEgPbwp+CxAgMBAAGjIDAeMA8GA1UdEwQIMAYB
Af8CAQAwCwYDVR0PBAQDAgK8MA0GCSqGSIb3DQEBCwUAA4IBAQDB0KvpqfCOil00 Af8CAQAwCwYDVR0PBAQDAgK8MA0GCSqGSIb3DQEBCwUAA4IBAQCljlVdbRf/cQh+
1qdx2RwZtc3ichIcClPlv51d4E9nEM3Q3VbC1h3Fdvz4PqELfhKC1vB5Z7bvZXXo pXH8hJiImTWU7xZTDm8PnOEk6h6ORrrqNh42vF1lugwgV13itO24vtleurB6tw95
0Jb/T3z608PnglEuCYJBD77JOQIwNAD4gWW8TmS/bWkemaPZRwTSONWVbdZ/KBZ6 9YeypwTPfWdFdKiKcDbQ6JZy+dnEfIp4vtgN4bHtKGqkOtigpZiZA/IJ2Xwi/YGB
3t7EB2UwyvT1XAGn1/EzN1xW8SN9tHqyt19R0/ZWt2KQ4Gdx+Ht0pbXYkuNw0oUz QPLg6MGWm+eyvBvIIXRI3LT59UZ2PPtzCs9FehbzNCJ4sxyzSQKrszatar/bD4SO
gay9sGl0B1cipRabreApN/R7AuPxxvBx9YuXuMxYkLIRXyqZUmxXAzUdxi5ZfPaA kNjZ+33KD6PJ3EnzTUAR4D7BRdcnRXQNR/1EwqF3uOoL7MBJFxna9tjeTPvyZ9Zl
7a1XW5OSfgFYwSJavp6gD4VxrD5DLqhqLz5yjlPBm6AiYNm2pqN1zciSGPaOcqAX TmWZ1GKi2rAtXyJiFXDbBJg5gfUngMENldHGxCSyFvIbtivefw6nZiCHMaiAuV5a
N4Ij70Th 2XdVfapG
-----END CERTIFICATE----- -----END CERTIFICATE-----
caCertificate: caCertificate:
certificate: certificate:
service: service:
type: ClusterIP
ports:
traffic:
port: 8090 port: 8090
protocol: TCP
ui:
port: 8091
protocol: TCP
extraVolumeMounts: extraVolumeMounts:
- name: anm-external-config - name: anm-external-config
mountPath: /merge mountPath: /merge
@@ -180,7 +188,7 @@ apimgr:
name: apimgr name: apimgr
image: image:
repository: "gateway" repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9" tag: "7.7.0.20250830-3-BN0276-ubi9"
generalConditions: generalConditions:
accept: "yes" accept: "yes"
groupId: Group1 groupId: Group1
@@ -289,7 +297,7 @@ apimgr:
apitraffic: apitraffic:
image: image:
repository: "gateway" repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9" tag: "7.7.0.20250830-3-BN0276-ubi9"
generalConditions: generalConditions:
accept: "yes" accept: "yes"
groupId: Group1 groupId: Group1
@@ -477,7 +485,7 @@ apiportal:
# if registry is left empty, global.defaultRegistry will be used # if registry is left empty, global.defaultRegistry will be used
registry: docker.repository.axway.com/apiportal-docker-prod/7.7 registry: docker.repository.axway.com/apiportal-docker-prod/7.7
repository: "apiportal" repository: "apiportal"
tag: "7.7.20240228-BN1285" tag: "7.7.0.20250830-3-BN0276-ubi9"
generalConditions: generalConditions:
accept: "yes" accept: "yes"
serviceAccount: serviceAccount:
@@ -597,7 +605,7 @@ aga:
# for instance registry=docker.io, repository=library/alpine, tag=3.15 # for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used # if registry is left empty, global.defaultRegistry will be used
repository: "analytics" repository: "analytics"
tag: "7.7.0.20240228-1-BN0065-ubi9" tag: "7.7.0.20250830-3-BN0276-ubi9"
# Overrides the image tag whose default is the chart appVersion. # Overrides the image tag whose default is the chart appVersion.
generalConditions: generalConditions:
accept: "yes" accept: "yes"