commit 900b9ca1f396876d8c0b19821c7521e165e753c1 Author: Conan Scott Date: Thu Nov 13 23:47:20 2025 +0800 first commit diff --git a/! b/! new file mode 100644 index 0000000..6f38637 --- /dev/null +++ b/! @@ -0,0 +1,647 @@ +nameOverride: gateway +global: + domainName: apilab.us + defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 + imagePullPolicy: Always + imagePullSecrets: + - name: regcred + storage: + provisioningType: "dynamic" + storageClassName: "nfs" + volumes: + - name: events + enabled: true + usedBy: + - anm + - apimgr + - traffic + accessModes: + - ReadWriteMany + capacity: 1Gi + volumeName: apim-events + - name: payloads + enabled: true + usedBy: + - traffic + accessModes: + - ReadWriteOnce + capacity: 16Gi + volumeName: apim-payloads + - name: audit + enabled: true + usedBy: + - anm + - apimgr + - traffic + accessModes: + - ReadWriteMany + capacity: 1Gi + volumeName: apim-audit + - name: anm-external-config + enabled: true + usedBy: + - anm + accessModes: + - ReadWriteOnce + capacity: 8Mi + - name: apimgr-external-config + enabled: true + usedBy: + - apimgr + accessModes: + - ReadWriteOnce + capacity: 8Mi + - name: apitraffic-external-config + enabled: true + usedBy: + - traffic + accessModes: + - ReadWriteOnce + capacity: 8Mi + - name: aga-external-config + enabled: true + usedBy: + - traffic + accessModes: + - ReadWriteOnce + capacity: 8Mi + - name: opentraffic + enabled: true + usedBy: + - traffic + - anm + - apimgr + accessModes: + - ReadWriteOnce + capacity: 8Gi + volumeName: apim-opentraffic + initContainers: + securityContext: + runAsNonRoot: false + database: + host: mysql.metrics.svc.cluster.local + metrics: + enabled: true + username: "root" + password: "password" + sslMode: "NONE" + url: jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }} + cassandra: + enabled: true + hosts: + - variable: CASS_HOST + hostname: cassandra.cassandra.svc.cluster.local + username: cassandra + password: cassandra + keyspace: ks + tkeyspace: tks + +anm: + image: + repository: "admin-nodemanager" + tag: "7.7.0.20240228-1-BN0065-ubi9" + generalConditions: + accept: "yes" + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/ingress.class: "nginx" + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: "letsencrypt-issuer" + hosts: + - host: anm.apilab.us + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: anm-tls + hosts: + - anm.apilab.us + service: + port: 8091 + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + - name: audit + mountPath: /opt/Axway/apigateway/logs + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + - persistentVolumeClaim: + claimName: events + name: events + - persistentVolumeClaim: + claimName: audit + name: audit + extraEnvVars: + - name: EMT_DEPLOYMENT_ENABLED + value: "true" + - name: ACCEPT_GENERAL_CONDITIONS + value: "yes" + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: "file" + - name: API_BUILDER_URL + value: "https://axway-elk-apim4elastic-apibuilder4elastic.apim4elastic:8443" + +apimgr: + name: apimgr + image: + repository: "gateway" + tag: "7.7.0.20240228-1-BN0065-ubi9" + generalConditions: + accept: "yes" + groupId: Group1 + resources: + limits: + memory: "2Gi" + cpu: 2 + requests: + memory: "0.5Gi" + cpu: 0.5 + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/ingress.class: "nginx" + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: "letsencrypt-issuer" + hosts: + - host: apimgr.apilab.us + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: apimgr-tls + hosts: + - apimgr.apilab.us + service: + port: 8075 + extraVolumeMounts: + - name: events + mountPath: /opt/Axway/apigateway/events + - name: apimgr-external-config + mountPath: /merge + - name: opentraffic + mountPath: /opt/Axway/apigateway/logs/opentraffic + - name: audit + mountPath: /opt/Axway/apigateway/logs/transaction + extraVolumes: + - persistentVolumeClaim: + claimName: events + name: events + - persistentVolumeClaim: + claimName: apimgr-external-config + name: apimgr-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: audit + name: audit + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + - name: EMT_DEPLOYMENT_ENABLED + value: "true" + - name: ACCEPT_GENERAL_CONDITIONS + value: "yes" + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: "file" + license: + license.lic: | + FIPS=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + api_visual_mapper=1 + apiportal=1 + company=Axway + deployment_type=docker + expires=Sat, 30 Nov 2024 15:48:27 GMT + license_id=TEMP + mcafee=1 + name=Axway + sdkgenerator=1 + unrestricted=1 + version=7.7 + # SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9 + # SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba + # SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d + # SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4 + # SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089 + # SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d + # SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472 + # SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c +apitraffic: + image: + repository: "gateway" + tag: "7.7.0.20240228-1-BN0065-ubi9" + generalConditions: + accept: "yes" + groupId: Group1 + resources: + limits: + memory: "2Gi" + cpu: 2 + requests: + memory: "0.5Gi" + cpu: 0.5 + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 6 + targetCPUUtilizationPercentage: 80 + replicaCount: 4 + securityContext: + runAsNonRoot: false + oauth: + enabled: true + type: ClusterIP + port: 8089 + protocol: TCP + route: + enabled: false + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/secure-backends: "true" + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: "letsencrypt-issuer" + hosts: + - host: oauth.apilab.us + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: oauth-tls + hosts: + - oauth.apilab.us + route: + enabled: false + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/ingress.class: "nginx" + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: "letsencrypt-issuer" + hosts: + - host: apitraffic.apilab.us + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: apitraffic-tls + hosts: + - apitraffic.apilab.us + service: + port: 8065 + extraVolumeMounts: + - name: events + mountPath: /opt/Axway/apigateway/events + - name: apitraffic-external-config + mountPath: /merge + - name: opentraffic + mountPath: /opt/Axway/apigateway/logs/opentraffic + - name: payloads + mountPath: /opt/Axway/apigateway/logs/payloads + - name: audit + mountPath: /opt/Axway/apigateway/logs/transaction + extraVolumes: + - persistentVolumeClaim: + claimName: events + name: events + - persistentVolumeClaim: + claimName: apitraffic-external-config + name: apitraffic-external-config + - persistentVolumeClaim: + claimName: payloads + name: payloads + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: audit + name: audit + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: "file" + - name: EMT_DEPLOYMENT_ENABLED + value: "true" + - name: ENV_SECRET_EXAMPLE + valueFrom: + secretKeyRef: + name: apim-gateway-cassandra + key: username + - name: ACCEPT_GENERAL_CONDITIONS + value: "yes" + license: + license.lic: | + FIPS=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + api_visual_mapper=1 + apiportal=1 + company=Axway + deployment_type=docker + expires=Sat, 30 Nov 2024 15:48:27 GMT + license_id=TEMP + mcafee=1 + name=Axway + sdkgenerator=1 + unrestricted=1 + version=7.7 + # SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9 + # SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba + # SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d + # SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4 + # SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089 + # SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d + # SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472 + # SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c + +apiportal: + enabled: true + replicaCount: 1 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: docker.repository.axway.com/apiportal-docker-prod/7.7 + repository: "apiportal" + tag: "7.7.20240228-BN1285" + generalConditions: + accept: "yes" + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + service: + type: ClusterIP + ports: + # target: + # port: 8443 + # https: + # port: 8443 + # protocol: TCP + http: + port: 8080 + protocol: TCP + force: + port: 8080 + protocol: TCP + # OpenShift configuration + route: + enabled: false + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/ingress.class: "nginx" + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: "letsencrypt-issuer" + hosts: + - host: portal.apilab.us + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: apiportal-tls + hosts: + - portal.apilab.us + apiManager: + configured: 1 + name: Main + host: "apimgr.apilab.us" + port: 443 + # database settings for API Portal, also check the instance settings in global section + mysql: + enabled: true + # if the credentials are already available in a secret, set existingSecret + existingSecret: + {} + # name: "mysql-credentials" + # keyMapping: + # password: password + # username: root + # else, set username and password, this will create a new secret + username: "root" + password: "password" + # if it doesn't exist, a database with this name will be created by the app + databaseName: "portal" + sslOn: 0 + sslVerifyCert: 0 + redis: + enabled: false + host: "" + port: 6379 + cacheTimeout: 600 + apache: + sslOn: 0 + extraEnvVars: [] + podSecurityContext: + runAsUser: 1048 + runAsGroup: 1048 + fsGroup: 1048 + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + +aga: + enabled: false + license: + license.lic: | + FIPS=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + api_visual_mapper=1 + apiportal=1 + company=Axway + deployment_type=docker + expires=Sat, 30 Nov 2024 15:48:27 GMT + license_id=TEMP + mcafee=1 + name=Axway + sdkgenerator=1 + unrestricted=1 + version=7.7 + # SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9 + # SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba + # SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d + # SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4 + # SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089 + # SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d + # SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472 + # SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c + + replicaCount: 1 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + repository: "analytics" + tag: "7.7.0.20240228-1-BN0065-ubi9" + # Overrides the image tag whose default is the chart appVersion. + generalConditions: + accept: "yes" + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + extraEnvVars: + - name: ACCEPT_GENERAL_CONDITIONS + value: "yes" + podAnnotations: {} + podSecurityContext: {} + securityContext: + allowPrivilegeEscalation: false + #NOTE readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: false + service: + type: ClusterIP + ports: + ui: + port: 8040 + protocol: TCP + ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/ingress.class: "nginx" + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: "letsencrypt-issuer" + # kubernetes.io/i:ngress.class: nginx + kubernetes.io/tls-acme: "true" + hosts: + - host: analytics.apilab.us + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: analytics-tls + hosts: + - analytics.apilab.us + # OpenShift configuration + route: + enabled: false + # targetPort: "{{ .Values.aga.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html + # tls: + # enabled: true + # termination: passthrough + # insecureEdgeTerminationPolicy: Redirect + # key: + # caCertificate: + # certificate: + # destinationCACertificate: + # ref: https://kubernetes.io/docs/user-guide/compute-resources/ + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + #targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apimgr + path: /healthcheck + port: 8040 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apimgr + path: /healthcheck + port: 8040 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 diff --git a/Chart.lock b/Chart.lock new file mode 100644 index 0000000..2129f44 --- /dev/null +++ b/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: v7-traceability + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + version: 1.1.63 +- name: v7-discovery + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + version: 1.1.60 +digest: sha256:d1cc03e1c160da6536a088c62374db460003c4dfa2ccce908cc78da07a22674f +generated: "2024-03-07T12:21:57.832527608Z" diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..0f352db --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + charts.openshift.io/name: axway +apiVersion: v2 +appVersion: 7.7.0.20240228-1-BN0065-ubi9 +dependencies: +- alias: traceability-agent + condition: traceability-agent.enabled + name: v7-traceability + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + tags: + - agents + version: 1.1.63 +- alias: discovery-agent + condition: discovery-agent.enabled + name: v7-discovery + repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release + tags: + - agents + version: 1.1.60 +description: API Gateway Helm chart +kubeVersion: '>=1.22.0-0' +name: apigateway +type: application +version: 1.8.0 diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..b0ee5bf --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,18 @@ +pipeline { + agent any + stages { + stage('Question') { + input { + message "Should we continue?" + ok "Yes, we should." + submitter "alice,bob" + parameters { + string(name: 'PERSON', defaultValue: 'Mr Jenkins', description: 'Who should I say hello to?') + } + } + steps { + echo "Hello, ${PERSON}, nice to meet you." + } + } + } +} diff --git a/PT1718672358S/manifest.json b/PT1718672358S/manifest.json new file mode 100644 index 0000000..4fac7d1 --- /dev/null +++ b/PT1718672358S/manifest.json @@ -0,0 +1,17 @@ +{ + "type": "audit_manifest", + "version": "1.0", + "audits": [ + { + "id": "", + "generator": "plugin-uninstall", + "generatorVersion": "36.20.0", + "results": [ + { + "payload": "plugin-uninstall_issues.xml", + "type": "application/vnd.mandiant.issues+xml" + } + ] + } + ] +} diff --git a/PT1718672358S/plugin-uninstall_issues.xml b/PT1718672358S/plugin-uninstall_issues.xml new file mode 100644 index 0000000..cd987de --- /dev/null +++ b/PT1718672358S/plugin-uninstall_issues.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..f5148df --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +# apigw-helm +. +Helm chart for API Gateway + +## Documentation + +[https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/deployment_flows/axway_image_deployment/helm_deployment/index.html](https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/deployment_flows/axway_image_deployment/helm_deployment/index.html) diff --git a/charts/v7-discovery-1.1.60.tgz b/charts/v7-discovery-1.1.60.tgz new file mode 100644 index 0000000..986325a Binary files /dev/null and b/charts/v7-discovery-1.1.60.tgz differ diff --git a/charts/v7-discovery/.helmignore b/charts/v7-discovery/.helmignore new file mode 100644 index 0000000..f32cfa1 --- /dev/null +++ b/charts/v7-discovery/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +jfrog.yml +.gitlab-ci.yml +polaris.json diff --git a/charts/v7-discovery/Chart.yaml b/charts/v7-discovery/Chart.yaml new file mode 100644 index 0000000..b3c9544 --- /dev/null +++ b/charts/v7-discovery/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.1.60 +description: V7 discovery agent +maintainers: +- name: axway/beano +name: v7-discovery +sources: +- https://git.ecd.axway.org/apigov/v7_discovery_agent +type: application +version: 1.1.60 diff --git a/charts/v7-discovery/README.md b/charts/v7-discovery/README.md new file mode 100644 index 0000000..3335637 --- /dev/null +++ b/charts/v7-discovery/README.md @@ -0,0 +1,33 @@ + +## Prerequisites + +Before the chart can be installed make sure to have the secrets installed/available. + +i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files. + +discovery-creds can be applied by using the following format for the secret. +Make sure all the values are base64 encoded before applying it in the cluster. + +kubectl apply -f +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: discovery-creds +data: + APIMANAGER_AUTH_USERNAME: "" + APIMANAGER_AUTH_PASSWORD: "" + APIGATEWAY_AUTH_USERNAME: "" + APIGATEWAY_AUTH_PASSWORD: "" +``` + +kubectl apply -f +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: discovery-keys +data: + private_key: + public_key: +``` \ No newline at end of file diff --git a/charts/v7-discovery/templates/NOTES.txt b/charts/v7-discovery/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/charts/v7-discovery/templates/_helpers.tpl b/charts/v7-discovery/templates/_helpers.tpl new file mode 100644 index 0000000..e39235c --- /dev/null +++ b/charts/v7-discovery/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "v7-discovery.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "v7-discovery.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "v7-discovery.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "v7-discovery.labels" -}} +helm.sh/chart: {{ include "v7-discovery.chart" . }} +{{ include "v7-discovery.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "v7-discovery.selectorLabels" -}} +app.kubernetes.io/name: {{ include "v7-discovery.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "v7-discovery.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "v7-discovery.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/v7-discovery/templates/deployment.yaml b/charts/v7-discovery/templates/deployment.yaml new file mode 100644 index 0000000..e6ed22f --- /dev/null +++ b/charts/v7-discovery/templates/deployment.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "v7-discovery.fullname" . }} + labels: + {{- include "v7-discovery.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "v7-discovery.selectorLabels" . | nindent 6 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "v7-discovery.selectorLabels" . | nindent 8 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "v7-discovery.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: probe-port + containerPort: {{ .Values.statusPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.livenessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.readinessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + env: + {{- with .Values.env }} + {{- range $key, $value := . }} + {{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + - name: APIMANAGER_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_USERNAME + - name: APIMANAGER_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_PASSWORD + volumeMounts: + - name: "discovery-keys-secrets" + mountPath: "/keys" + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: discovery-keys-secrets + secret: + secretName: {{ .Values.secrets.keys }} + items: + - key: private_key + path: private_key.pem + - key: public_key + path: public_key.pem + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/v7-discovery/templates/serviceaccount.yaml b/charts/v7-discovery/templates/serviceaccount.yaml new file mode 100644 index 0000000..9b974c5 --- /dev/null +++ b/charts/v7-discovery/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "v7-discovery.serviceAccountName" . }} + labels: + {{- include "v7-discovery.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/v7-discovery/values.yaml b/charts/v7-discovery/values.yaml new file mode 100644 index 0000000..dae4cec --- /dev/null +++ b/charts/v7-discovery/values.yaml @@ -0,0 +1,68 @@ +replicaCount: 1 +image: + repository: axway.jfrog.io/ampc-public-docker-release/agent/v7-discovery-agent + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "1.1.60" + registry: "" +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +# Health Check port +statusPort: 8989 +# Info on how to fetch the values for the env parameters can ve found in the below doc. +# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-discovery-agent-environment-variable-file +# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents +env: + LOG_LEVEL: info + CENTRAL_URL: "https://apicentral.axway.com" + CENTRAL_AUTH_URL: "https://login.axway.com/auth" + APIMANAGER_PORT: "443" + # flip to true if API manager is using a self signed certificate + APIMANAGER_SSL_INSECURESKIPVERIFY: false +# The below secret are a pre-requisite. Please refer to the readme file for more info on it. +secrets: + credentials: "discovery-creds" + keys: "discovery-keys" +podAnnotations: +podSecurityContext: + supplementalGroups: [2500] + fsGroupChangePolicy: "OnRootMismatch" +securityContext: +tolerations: +affinity: +nodeSelector: {} +# Add additional labels to the agent deployment which may be required based on your configuration +additionalLabels: +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +global: + defaultRegistry: "" diff --git a/charts/v7-traceability-1.1.63.tgz b/charts/v7-traceability-1.1.63.tgz new file mode 100644 index 0000000..4fe1999 Binary files /dev/null and b/charts/v7-traceability-1.1.63.tgz differ diff --git a/charts/v7-traceability/.helmignore b/charts/v7-traceability/.helmignore new file mode 100644 index 0000000..f32cfa1 --- /dev/null +++ b/charts/v7-traceability/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +jfrog.yml +.gitlab-ci.yml +polaris.json diff --git a/charts/v7-traceability/Chart.yaml b/charts/v7-traceability/Chart.yaml new file mode 100644 index 0000000..f609fd2 --- /dev/null +++ b/charts/v7-traceability/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.1.63 +description: V7 traceability agent +maintainers: +- name: axway/beano +name: v7-traceability +sources: +- https://git.ecd.axway.org/apigov/v7_traceability_agent +type: application +version: 1.1.63 diff --git a/charts/v7-traceability/README.md b/charts/v7-traceability/README.md new file mode 100644 index 0000000..3ca7de1 --- /dev/null +++ b/charts/v7-traceability/README.md @@ -0,0 +1,34 @@ + +## Prerequisites + +Before the chart can be installed make sure to have the secrets installed/available. + +i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files. + +Required credentials can be applied by using the below format for the secret. +Make sure all the values are base64 encoded before applying it in the cluster. + +kubectl apply -f +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: traceability-creds +type: Opaque +stringData: + APIMANAGER_AUTH_USERNAME: "" + APIMANAGER_AUTH_PASSWORD: "" + APIGATEWAY_AUTH_USERNAME: "" + APIGATEWAY_AUTH_PASSWORD: "" +``` + +kubectl apply -f +``` yaml +apiVersion: v1 +kind: Secret +metadata: + name: traceability-keys +data: + private_key: + public_key: +``` \ No newline at end of file diff --git a/charts/v7-traceability/templates/NOTES.txt b/charts/v7-traceability/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/charts/v7-traceability/templates/_helpers.tpl b/charts/v7-traceability/templates/_helpers.tpl new file mode 100644 index 0000000..fbffe6c --- /dev/null +++ b/charts/v7-traceability/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "v7-traceability.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "v7-traceability.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "v7-traceability.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "v7-traceability.labels" -}} +helm.sh/chart: {{ include "v7-traceability.chart" . }} +{{ include "v7-traceability.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "v7-traceability.selectorLabels" -}} +app.kubernetes.io/name: {{ include "v7-traceability.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "v7-traceability.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "v7-traceability.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/v7-traceability/templates/deployment.yaml b/charts/v7-traceability/templates/deployment.yaml new file mode 100644 index 0000000..1c8721b --- /dev/null +++ b/charts/v7-traceability/templates/deployment.yaml @@ -0,0 +1,148 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "v7-traceability.fullname" . }} + labels: + {{- include "v7-traceability.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "v7-traceability.selectorLabels" . | nindent 6 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "v7-traceability.selectorLabels" . | nindent 8 }} + {{- with .Values.additionalLabels }} + {{- range $key, $value := . }} + {{ default "none" $key }}: {{ default "none" $value | quote }} + {{- end }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + - name: init + image: alpine + securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + command: + - "sh" + - "-c" + - "chown {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data" + volumeMounts: + - name: data + mountPath: /data + serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: probe-port + containerPort: {{ .Values.statusPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.livenessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + readinessProbe: + httpGet: + path: /status + port: probe-port + {{- with .Values.readinessProbe }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + env: + {{- with .Values.env }} + {{- range $key, $value := . }} + {{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.env.APIGATEWAY_ONLY}} + {{- else}} + - name: APIMANAGER_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_USERNAME + - name: APIMANAGER_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIMANAGER_AUTH_PASSWORD + {{- end}} + {{- if .Values.env.EVENT_LOG_INPUT}} + - name: APIGATEWAY_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIGATEWAY_AUTH_USERNAME + - name: APIGATEWAY_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.credentials }} + key: APIGATEWAY_AUTH_PASSWORD + {{- end}} + volumeMounts: + - name: "traceability-keys-secrets" + mountPath: /keys + - name: events + mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }} + - name: data + mountPath: /data + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: events + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.events.name }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistentVolumeClaimConfig.data.name }} + - name: traceability-keys-secrets + secret: + secretName: {{ .Values.secrets.keys }} + items: + - key: private_key + path: private_key.pem + - key: public_key + path: public_key.pem + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/v7-traceability/templates/pvc-data.yaml b/charts/v7-traceability/templates/pvc-data.yaml new file mode 100644 index 0000000..e50e5a0 --- /dev/null +++ b/charts/v7-traceability/templates/pvc-data.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.persistentVolumeClaimConfig.data.name }} + namespace: {{ .Release.Namespace }} +spec: + accessModes: + - ReadWriteOnce + storageClassName: {{ .Values.persistentVolumeClaimConfig.data.storageClass }} + resources: + requests: + storage: 2Gi \ No newline at end of file diff --git a/charts/v7-traceability/templates/serviceaccount.yaml b/charts/v7-traceability/templates/serviceaccount.yaml new file mode 100644 index 0000000..6a737b2 --- /dev/null +++ b/charts/v7-traceability/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "v7-traceability.serviceAccountName" . }} + labels: + {{- include "v7-traceability.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/v7-traceability/values.yaml b/charts/v7-traceability/values.yaml new file mode 100644 index 0000000..cd1b668 --- /dev/null +++ b/charts/v7-traceability/values.yaml @@ -0,0 +1,96 @@ +replicaCount: 1 +image: + repository: axway.jfrog.io/ampc-public-docker-release/agent/v7-traceability-agent + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "1.1.63" + registry: "" +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +# Health Check port +statusPort: 8990 +# Info on how to fetch the values for the env parameters can ve found in the below doc. +# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-traceability-agent-environment-variable-file +# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents +env: + LOG_LEVEL: info + CENTRAL_URL: "https://apicentral.axway.com" + CENTRAL_AUTH_URL: "https://login.axway.com/auth" + CENTRAL_DEPLOYMENT: "prod" + # EVENT_LOG_PATHS: "/opt/Axway/apigateway/events/axwaydemo_traffic-*.log" + EVENT_LOG_PATHS: "/events/*.log" + EVENT_LOG_INPUT: true + OPENTRAFFIC_LOG_INPUT: false + OPENTRAFFIC_LOG_PATHS: /events/*.log + TRACEABILITY_HOST: "ingestion.datasearch.axway.com:5044" + TRACEABILITY_PROTOCOL: "tcp" + TRACEABILITY_SAMPLING_PERCENTAGE: 10 + TRACEABILITY_SAMPLING_REPORTALLERRORS: true + APIMANAGER_PORT: "443" + # flip to true if API manager is using a self signed certificate + APIMANAGER_SSL_INSECURESKIPVERIFY: false + APIGATEWAY_ONLY: false + APIGATEWAY_PORT: "443" + # flip to true if API gateway is using a self signed certificate + APIGATEWAY_SSL_INSECURESKIPVERIFY: false + APIGATEWAY_HEALTHCHECKPORT: 8090 + APIGATEWAY_HEALTHCHECKPROTOCOL: "https" + APIGATEWAY_HEALTHCHECKURI: login +# The below secret are a pre-requisite. Please refer to the readme file for more info on it. +secrets: + credentials: "traceability-creds" + keys: "traceability-keys" +podAnnotations: +podSecurityContext: + fsGroup: 2500 + supplementalGroups: [2500] + fsGroupChangePolicy: "OnRootMismatch" +securityContext: +tolerations: +affinity: +nodeSelector: {} +# Add additional labels to the agent deployment which may be required based on your configuration +additionalLabels: +# Add selector labels for deployment purposes +selectorLabels: +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +persistentVolumeClaimConfig: + data: + # storage class to persist contents of data directory in the agent - should be available in the cluster i.e gp2, gp2-csi, default + storageClass: gp2-csi + name: data-claim + events: + name: events-claim + mountPath: /events +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +global: + defaultRegistry: "" diff --git a/mysql-analytics-cm.sql b/mysql-analytics-cm.sql new file mode 100644 index 0000000..77e4ff9 --- /dev/null +++ b/mysql-analytics-cm.sql @@ -0,0 +1 @@ +CREATE DATABASE metrics; USE metrics; diff --git a/redirect.yaml b/redirect.yaml new file mode 100644 index 0000000..1ec1e75 --- /dev/null +++ b/redirect.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + ingressClassName: nginx + nginx.ingress.kubernetes.io/rewrite-target: /api/portal/v1.4/sso/login/post + nginx.ingress.kubernetes.io/use-regex: "true" + name: rewrite + namespace: apim +spec: + rules: + - host: apimgr.apilab.us + http: + paths: + - backend: + service: + name: apim-gateway-apimgr + port: + number: 8075 + path: / + pathType: Prefix + + tls: + - hosts: + - apimgr.apilab.us + secretName: apimgr-tls diff --git a/samples/multigroup/apim-ext.yaml b/samples/multigroup/apim-ext.yaml new file mode 100644 index 0000000..0a4518a --- /dev/null +++ b/samples/multigroup/apim-ext.yaml @@ -0,0 +1,357 @@ +nameOverride: gateway +global: + domainName: example.com + defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 + imagePullPolicy: Always + imagePullSecrets: + - name: mycreds + initContainers: + image: "docker.io/busybox:1.34" + resources: + limits: + memory: "50Mi" + cpu: "50m" + requests: + memory: "5Mi" + cpu: "50m" + securityContext: + runAsNonRoot: false + database: + host: mysql.testmetrics.svc.cluster.local + metrics: + enabled: true + username: "root" + password: "password" + cassandra: + enabled: true + hosts: + - variable: CASS_HOST + hostname: cassandra.testcassandra.svc.cluster.local + username: cassandra + password: cassandra + keyspace: apigw + tkeyspace: apigwks + tests: + images: + curl: + tag: 7.83.1 + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 100m + memory: 50Mi + storage: + provisioningType: "dynamic" + storageClassName: "nfs-client" + volumes: + - name: events + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi +#This is set to false when the pv is created by the AAOI helm chart + - name: opentraffic + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: gw-external-config + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: aga-external-config + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: anm-external-config + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + +anm: + logs: + opentraffic: + output: "file" + enabled: false + hostname: "apim-int-gateway-anm.apim-internal.svc.cluster.local:8090" + image: + repository: "admin-nodemanager" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: anm.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - anm.ext.mydomain.com + #service: + # port: 8091 + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + - persistentVolumeClaim: + claimName: events + name: events + +apimgr: + logs: + opentraffic: + output: "file" + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + groupId: "SecondGroup" + resources: + limits: + memory: "2Gi" + cpu: 2 + requests: + memory: "0.5Gi" + cpu: 0.5 + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apimgr.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apimgr.ext.mydomain.com + service: + port: 8075 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +apitraffic: + logs: + opentraffic: + output: "file" + replicaCount: 1 + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 20 + #targetMemoryUtilizationPercentage: 30 + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + groupId: "SecondGroup" + resources: + limits: + memory: "3Gi" + cpu: 3 + requests: + memory: "2Gi" + cpu: 2 + securityContext: + runAsNonRoot: false + oauth: + route: + enabled: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apitraffic.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apitraffic.ext.mydomain.com + service: + port: 8065 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +aga: + securityContext: + runAsNonRoot: false + enabled: false + route: + enabled: false + image: + repository: "analytics" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: aga.ext.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - aga.ext.mydomain.com + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + extraVolumeMounts: + - name: aga-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: aga-external-config + name: aga-external-config + - persistentVolumeClaim: + claimName: events + name: events + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add diff --git a/samples/multigroup/apim-int.yaml b/samples/multigroup/apim-int.yaml new file mode 100644 index 0000000..b9afecb --- /dev/null +++ b/samples/multigroup/apim-int.yaml @@ -0,0 +1,357 @@ +nameOverride: gateway +global: + domainName: example.com + defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 + imagePullPolicy: Always + imagePullSecrets: + - name: mycreds + initContainers: + image: "docker.io/busybox:1.34" + resources: + limits: + memory: "50Mi" + cpu: "50m" + requests: + memory: "5Mi" + cpu: "50m" + securityContext: + runAsNonRoot: false + database: + host: mysql.testmetrics.svc.cluster.local + metrics: + enabled: true + username: "root" + password: "password" + cassandra: + enabled: true + hosts: + - variable: CASS_HOST + hostname: cassandra.testcassandra.svc.cluster.local + username: cassandra + password: cassandra + keyspace: apigw + tkeyspace: apigwks + tests: + images: + curl: + tag: 7.83.1 + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 100m + memory: 50Mi + storage: + provisioningType: "dynamic" + storageClassName: "nfs-client" + volumes: + - name: events + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi +#This is set to false when the pv is created by the AAOI helm chart + - name: opentraffic + enabled: false + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: gw-external-config + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: aga-external-config + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi + - name: anm-external-config + enabled: true + accessModes: + - ReadWriteMany + capacity: 1Mi + +anm: + logs: + opentraffic: + output: "file" + hostname: "apim-int-gateway-anm:8090" + enabled: true + image: + repository: "admin-nodemanager" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: anm.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - anm.int.mydomain.com + #service: + # port: 8091 + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + - persistentVolumeClaim: + claimName: events + name: events + +apimgr: + logs: + opentraffic: + output: "file" + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" +# groupId: "Demo-Group" + resources: + limits: + memory: "2Gi" + cpu: 2 + requests: + memory: "0.5Gi" + cpu: 0.5 + securityContext: + runAsNonRoot: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apimgr.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apimgr.int.mydomain.com + service: + port: 8075 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +apitraffic: + logs: + opentraffic: + output: "file" + replicaCount: 1 + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 20 + #targetMemoryUtilizationPercentage: 30 + image: + repository: "gateway" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" +# groupId: "Demo-Group" + resources: + limits: + memory: "3Gi" + cpu: 3 + requests: + memory: "2Gi" + cpu: 2 + securityContext: + runAsNonRoot: false + oauth: + route: + enabled: false + route: + enabled: false + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: apitraffic.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - apitraffic.int.mydomain.com + service: + port: 8065 + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + - name: opentraffic + mountPath: /var/opentraffic + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: events + name: events + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add + +aga: + securityContext: + runAsNonRoot: false + enabled: false + route: + enabled: false + image: + repository: "analytics" + tag: "7.7.0.20230830-3-BN0019-ubi7" + generalConditions: + accept: "yes" + ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: aga.int.mydomain.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - aga.int.mydomain.com + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + extraVolumeMounts: + - name: aga-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + extraVolumes: + - persistentVolumeClaim: + claimName: aga-external-config + name: aga-external-config + - persistentVolumeClaim: + claimName: events + name: events + license: + license.lic: | + FIPS=1 + Mock Connector=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + apiportal=1 + expires=Thu, 05 May 2023 15:43:14 GMT + mcafee=1 + sdkgenerator=1 + unrestricted=1 + version=7 + version=7.7 + # SIGNATURE: add diff --git a/templates/NOTES.txt b/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/templates/_gateway_helpers.tpl b/templates/_gateway_helpers.tpl new file mode 100644 index 0000000..89ca6c6 --- /dev/null +++ b/templates/_gateway_helpers.tpl @@ -0,0 +1,50 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create the name of the service account to use +*/}} +{{- define "gateway.apitraffic.serviceAccountName" -}} +{{- if .Values.apitraffic.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apitraffic.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.anm.serviceAccountName" -}} +{{- if .Values.anm.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.anm.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.apimgr.serviceAccountName" -}} +{{- if .Values.apimgr.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apimgr.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.aga.serviceAccountName" -}} +{{- if .Values.aga.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.aga.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Secret name for metrics db credentials, either the existing one or the one created by this chart +*/}} +{{- define "gateway.metrics-db.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }} +{{- end }} + +{{/* +Secret name for domain key passphrase +*/}} +{{- define "gateway.domainkeypassphrase.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "domainkeypassphrase") .Values.global.domainkeypassphrase.name }} +{{- end }} + diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..960d8ba --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,140 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "gateway.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gateway.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gateway.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gateway.labels" -}} +helm.sh/chart: {{ include "gateway.chart" . }} +{{ include "gateway.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gateway.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gateway.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gateway.apitraffic.serviceAccountName" -}} +{{- if .Values.apitraffic.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apitraffic.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.anm.serviceAccountName" -}} +{{- if .Values.anm.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.anm.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.apimgr.serviceAccountName" -}} +{{- if .Values.apimgr.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apimgr.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.aga.serviceAccountName" -}} +{{- if .Values.aga.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.aga.serviceAccount.name }} +{{- end }} +{{- end }} + +{{- define "gateway.tests.serviceAccountName" -}} +{{- if .Values.global.tests.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "tests") .Values.global.tests.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.global.tests.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Secret name for metrics db credentials, either the existing one or the one created by this chart +*/}} +{{- define "gateway.metrics-db.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }} +{{- end }} + +{{/* +Secret name for cassandra password, either the existing one or the one created by this chart +*/}} +{{- define "gateway.cassandra.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "cassandra") .Values.global.cassandra.existingSecret.name }} +{{- end }} +{{/* + +Filters the API GW related volumes from the global section +Usage (example with traffic, can also be anm, aga, apimgr, portal): +{{ include "gateway.volumeMounts" (dict "component" "traffic" "storage" .Values.global.storage) }} +*/}} +{{- define "gateway.volumeMounts" -}} + {{- $component := .component }} + {{- $volumeMounts := list }} + {{- range .storage.volumes }} + {{- if and (or (empty $component) (has $component .usedBy)) .enabled }} + {{- $volumeMounts = append $volumeMounts (dict "name" .name "mountPath" (coalesce .mountPoint (printf "/opt/Axway/apigateway/%s" .name))) }} + {{- end }} + {{- end }} + {{- toYaml $volumeMounts }} +{{- end }} + +{{/* +Usage (example with traffic, can also be anm, aga, apimgr, portal): +{{ include "gateway.volumes" (dict "component" "traffic" "storage" .Values.global.storage) }} +*/}} +{{- define "gateway.volumes" -}} + {{- $component := .component }} + {{- $volumes := list }} + {{- range .storage.volumes }} + {{- if and (or (empty $component) (has $component .usedBy)) .enabled }} + {{- $volumes = append $volumes (dict "name" .name "persistentVolumeClaim" (dict "claimName" (coalesce .claimName .name))) }} + {{- end }} + {{- end }} + {{- toYaml $volumes }} +{{- end }} diff --git a/templates/_portal_helpers.tpl b/templates/_portal_helpers.tpl new file mode 100644 index 0000000..fdeb99c --- /dev/null +++ b/templates/_portal_helpers.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create the name of the service account to use +*/}} +{{- define "gateway.apiportal.serviceAccountName" -}} +{{- if .Values.apiportal.serviceAccount.create }} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal") .Values.aga.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.apiportal.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Secret name for mysql db credentials, either the existing one or the one created by this chart +*/}} +{{- define "gateway.apiportal.secretName" -}} +{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal-db") .Values.apiportal.mysql.existingSecret.name }} +{{- end }} diff --git a/templates/aga/aga-configmap.yaml b/templates/aga/aga-configmap.yaml new file mode 100644 index 0000000..827ebfa --- /dev/null +++ b/templates/aga/aga-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.aga.enabled .Values.aga.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-aga-license-config +data: +{{- range $path, $config := .Values.aga.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/templates/aga/aga-deployment.yaml b/templates/aga/aga-deployment.yaml new file mode 100644 index 0000000..980ee33 --- /dev/null +++ b/templates/aga/aga-deployment.yaml @@ -0,0 +1,122 @@ +{{- if .Values.aga.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + {{- if not .Values.aga.autoscaling.enabled }} + replicas: {{ .Values.aga.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.aga.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.aga.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: aga + {{- with .Values.aga.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.aga.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: aga + {{- with .Values.aga.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.aga.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.aga.podSecurityContext | nindent 8 }} + {{- if .Values.aga.extraInitContainers }} + initContainers: + {{ toYaml (.Values.aga.extraInitContainers) | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.aga.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.aga.image.registry }}/{{ .Values.aga.image.repository }}:{{ .Values.aga.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.aga.service.ports.ui.port }} + protocol: {{ .Values.aga.service.ports.ui.protocol }} + {{- with .Values.aga.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.aga.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.aga.resources | nindent 12 }} + env: + {{- with .Values.aga.extraEnvVars }} + {{ toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + {{- if .Values.aga.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.aga.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.aga.extraVolumeMounts }} + volumeMounts: + {{- toYaml ( .Values.aga.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.aga.license }} + - name: license + mountPath: "/opt/Axway/analytics/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} + {{- if .Values.aga.extraVolumes }} + volumes: + {{- if .Values.aga.license }} + - name: license + configMap: + name: {{ .Release.Name }}-aga-license-config + {{- end }} +{{ toYaml ( .Values.aga.extraVolumes ) | indent 8 }} + {{- end }} + {{- with .Values.aga.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.aga.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.aga.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/templates/aga/aga-hpa.yaml b/templates/aga/aga-hpa.yaml new file mode 100644 index 0000000..7a3bccb --- /dev/null +++ b/templates/aga/aga-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.aga.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-aga" + minReplicas: {{ .Values.aga.autoscaling.minReplicas }} + maxReplicas: {{ .Values.aga.autoscaling.maxReplicas }} + metrics: + {{- if .Values.aga.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.aga.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.aga.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.aga.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/templates/aga/aga-ingress.yaml b/templates/aga/aga-ingress.yaml new file mode 100644 index 0000000..013e158 --- /dev/null +++ b/templates/aga/aga-ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.aga.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.aga.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-aga + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.aga.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.aga.ingress.className }} + ingressClassName: {{ .Values.aga.ingress.className }} + {{- end }} + {{- if .Values.aga.ingress.tls }} + tls: + {{- range .Values.aga.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.aga.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-aga + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/aga/aga-routes.yaml b/templates/aga/aga-routes.yaml new file mode 100644 index 0000000..81be78b --- /dev/null +++ b/templates/aga/aga-routes.yaml @@ -0,0 +1,40 @@ +{{- if and .Values.aga.enabled .Values.aga.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + {{- if .Values.global.domainName }} + host: aga.{{ .Values.global.domainName }} + {{- end }} + port: + targetPort: {{ tpl .Values.aga.route.targetPort . }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-aga" +{{- if .Values.aga.route.tls.enabled }} + tls: + termination: {{ .Values.aga.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.aga.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.aga.route.tls.key }} + key: |- + {{- .Values.aga.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.aga.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.aga.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.aga.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.aga.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.aga.route.tls.certificate }} + certificate: |- + {{- .Values.aga.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/templates/aga/aga-service.yaml b/templates/aga/aga-service.yaml new file mode 100644 index 0000000..6dfea75 --- /dev/null +++ b/templates/aga/aga-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.aga.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-aga" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga +spec: + type: {{ .Values.aga.service.type }} + ports: + - port: {{ .Values.aga.service.ports.ui.port }} + targetPort: {{ .Values.aga.service.ports.ui.port }} + protocol: {{ .Values.aga.service.ports.ui.protocol }} + name: apianalyticsui + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: aga +{{- end }} diff --git a/templates/aga/aga-serviceaccount.yaml b/templates/aga/aga-serviceaccount.yaml new file mode 100644 index 0000000..c98a8fc --- /dev/null +++ b/templates/aga/aga-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.aga.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.aga.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: aga + {{- with .Values.aga.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/templates/anm/anm-configmap.yaml b/templates/anm/anm-configmap.yaml new file mode 100644 index 0000000..525db8b --- /dev/null +++ b/templates/anm/anm-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.anm.enabled .Values.anm.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-anm-license-config +data: +{{- range $path, $config := .Values.anm.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/templates/anm/anm-deployment.yaml b/templates/anm/anm-deployment.yaml new file mode 100644 index 0000000..f00a7b4 --- /dev/null +++ b/templates/anm/anm-deployment.yaml @@ -0,0 +1,162 @@ +{{- if .Values.anm.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + {{- if not .Values.anm.autoscaling.enabled }} + replicas: {{ .Values.anm.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.anm.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.anm.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: anm + {{- with .Values.anm.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.anm.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: anm + {{- with .Values.anm.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.anm.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.anm.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.anm.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.anm.image.registry }}/{{ .Values.anm.image.repository }}:{{ .Values.anm.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.anm.service.ports.traffic.port }} + protocol: {{ .Values.anm.service.ports.traffic.protocol }} + - containerPort: {{ .Values.anm.service.ports.ui.port }} + protocol: {{ .Values.anm.service.ports.ui.protocol }} + {{- with .Values.anm.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.anm.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.anm.resources | nindent 12 }} + env: + {{- with .Values.anm.extraEnvVars }} + {{ toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.anm.FIPS.enabled }} + - name: EMT_FIPS_MODE + value: {{ .Values.anm.FIPS.enabled | quote }} + {{- end }} + {{- if .Values.anm.jvmHeapSize }} + - name: EMT_HEAP_SIZE_MB + value: {{ .Values.anm.jvmHeapSize | quote }} + {{- end }} + {{- if .Values.anm.logs.trace.level }} + - name: EMT_TRACE_LEVEL + value: {{ .Values.anm.logs.trace.level | quote }} + {{- end }} + {{- if .Values.anm.logs.trace.disk }} + - name: APIGW_LOG_TRACE_TO_FILE + value: {{ .Values.anm.logs.trace.disk | quote }} + {{- end }} + - name: APIGW_LOG_TRACE_JSON_TO_STDOUT + value: {{ default .Values.anm.logs.trace.stdoutJSON false | quote }} + {{- if .Values.global.domainkeypassphrase }} + - name: DOMAIN_KEY_PASSPHRASE + valueFrom: + secretKeyRef: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + key: passphrase + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + {{- if .Values.anm.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.anm.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.anm.extraVolumeMounts }} + volumeMounts: + {{- if .Values.anm.license }} + - name: license + mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} + {{- toYaml ( .Values.anm.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.anm.extraVolumes }} + volumes: + {{- if .Values.anm.license }} + - name: license + configMap: + name: {{ .Release.Name }}-anm-license-config + {{- end }} +{{ toYaml ( .Values.anm.extraVolumes ) | indent 8 }} + {{- end }} + initContainers: + {{- if .Values.global.database.metrics.enabled }} + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: ['sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;'] + {{- with .Values.global.initContainers.resources }} + resources: + {{ toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.anm.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.anm.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.anm.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.anm.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/templates/anm/anm-hpa.yaml b/templates/anm/anm-hpa.yaml new file mode 100644 index 0000000..057158c --- /dev/null +++ b/templates/anm/anm-hpa.yaml @@ -0,0 +1,35 @@ +{{- if .Values.anm.enabled }} +{{- if .Values.anm.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-anm" + minReplicas: {{ .Values.anm.autoscaling.minReplicas }} + maxReplicas: {{ .Values.anm.autoscaling.maxReplicas }} + metrics: + {{- if .Values.anm.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.anm.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.anm.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.anm.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} +{{- end }} diff --git a/templates/anm/anm-ingress.yaml b/templates/anm/anm-ingress.yaml new file mode 100644 index 0000000..31361e6 --- /dev/null +++ b/templates/anm/anm-ingress.yaml @@ -0,0 +1,49 @@ +{{- if .Values.anm.enabled }} +{{- if .Values.anm.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.anm.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-anm + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.anm.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.anm.ingress.className }} + ingressClassName: {{ .Values.anm.ingress.className }} + {{- end }} + {{- if .Values.anm.ingress.tls }} + tls: + {{- range .Values.anm.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.anm.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-anm + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/templates/anm/anm-routes.yaml b/templates/anm/anm-routes.yaml new file mode 100644 index 0000000..336ef44 --- /dev/null +++ b/templates/anm/anm-routes.yaml @@ -0,0 +1,42 @@ +{{- if .Values.anm.enabled }} +{{- if .Values.anm.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + {{- if .Values.global.domainName }} + host: anm.{{ .Values.global.domainName }} + {{- end }} + port: + targetPort: {{ tpl .Values.anm.route.targetPort . }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-anm" +{{- if .Values.anm.route.tls.enabled }} + tls: + termination: {{ .Values.anm.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.anm.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.anm.route.tls.key }} + key: |- + {{- .Values.anm.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.anm.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.anm.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.anm.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.anm.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.anm.route.tls.certificate }} + certificate: |- + {{- .Values.anm.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} +{{- end }} diff --git a/templates/anm/anm-service.yaml b/templates/anm/anm-service.yaml new file mode 100644 index 0000000..6d1bd18 --- /dev/null +++ b/templates/anm/anm-service.yaml @@ -0,0 +1,23 @@ +{{- if .Values.anm.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-anm" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm +spec: + type: {{ .Values.anm.service.type }} + ports: + - port: {{ .Values.anm.service.ports.traffic.port }} + targetPort: {{ .Values.anm.service.ports.traffic.port }} + protocol: {{ .Values.anm.service.ports.traffic.protocol }} + name: gatewaymanager + - port: {{ .Values.anm.service.ports.ui.port }} + targetPort: {{ .Values.anm.service.ports.ui.port }} + protocol: {{ .Values.anm.service.ports.ui.protocol }} + name: gatewaymanagerui + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: anm +{{- end }} diff --git a/templates/anm/anm-serviceaccount.yaml b/templates/anm/anm-serviceaccount.yaml new file mode 100644 index 0000000..c45a485 --- /dev/null +++ b/templates/anm/anm-serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.anm.enabled }} +{{- if .Values.anm.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ include "gateway.anm.serviceAccountName" . }}" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: anm + {{- with .Values.anm.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/templates/apimgr/apimgr-configmap.yaml b/templates/apimgr/apimgr-configmap.yaml new file mode 100644 index 0000000..5d95117 --- /dev/null +++ b/templates/apimgr/apimgr-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.apimgr.enabled .Values.apimgr.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-apimgr-license-config +data: +{{- range $path, $config := .Values.apimgr.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/templates/apimgr/apimgr-deployment.yaml b/templates/apimgr/apimgr-deployment.yaml new file mode 100644 index 0000000..ca1980d --- /dev/null +++ b/templates/apimgr/apimgr-deployment.yaml @@ -0,0 +1,227 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + {{- if not .Values.apimgr.autoscaling.enabled }} + replicas: {{ .Values.apimgr.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apimgr.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apimgr.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: apimgr + {{- with .Values.apimgr.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.apimgr.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: apimgr + {{- with .Values.apimgr.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.apimgr.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.apimgr.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.global.cassandra.enabled }} + - name: init-cassandra + image: {{ .Values.global.initContainers.image | quote }} + {{- with (first .Values.global.cassandra.hosts) }} + command: ["sh", "-c", "until nc -w 3 -v {{ .hostname }} 9042; do echo waiting for {{ .hostname }}; sleep 2; done;"] + {{- end }} + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + - name: init-anm + image: {{ .Values.global.initContainers.image | quote }} + {{- if .Values.anm.hostname }} + command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"] + {{- else }} + command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"] + {{- end }} + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apimgr.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.apimgr.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.apimgr.image.registry }}/{{ .Values.apimgr.image.repository }}:{{ .Values.apimgr.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.apimgr.service.ports.ui.port }} + protocol: {{ .Values.apimgr.service.ports.ui.protocol }} + {{- with .Values.apimgr.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apimgr.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.apimgr.resources | nindent 12 }} + env: + {{- with .Values.apimgr.extraEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.apimgr.FIPS.enabled }} + - name: EMT_FIPS_MODE + value: {{ .Values.apimgr.FIPS.enabled | quote }} + {{- end }} + {{- if .Values.apimgr.jvmHeapSize }} + - name: EMT_HEAP_SIZE_MB + value: {{ .Values.apimgr.jvmHeapSize | quote }} + {{- end }} + {{- if .Values.apimgr.logs.trace.level }} + - name: EMT_TRACE_LEVEL + value: {{ .Values.apimgr.logs.trace.level | quote }} + {{- end }} + {{- if .Values.apimgr.logs.trace.disk }} + - name: APIGW_LOG_TRACE_TO_FILE + value: {{ .Values.apimgr.logs.trace.disk | quote }} + {{- end }} + - name: APIGW_LOG_TRACE_JSON_TO_STDOUT + value: {{ default .Values.apimgr.logs.trace.stdoutJSON false | quote }} + {{- if .Values.apimgr.logs.opentraffic.output | quote }} + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: {{ .Values.apimgr.logs.opentraffic.output | quote }} + {{- end }} + {{- if .Values.global.domainkeypassphrase }} + - name: DOMAIN_KEY_PASSPHRASE + valueFrom: + secretKeyRef: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + key: passphrase + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + {{- if .Values.anm.hostname }} + - name: EMT_ANM_HOSTS + value: {{ .Values.anm.hostname | quote }} + {{- else }} + - name: EMT_ANM_HOSTS + value: "{{ include "gateway.fullname" . }}-anm:8090" + {{- end }} + - name: GROUP_ID + value: {{ .Values.apimgr.groupId }} + {{- if .Values.global.domainId }} + - name: DOMAIN_ID + value: {{ .Values.global.domainId }} + {{- end }} + {{- if .Values.global.cassandra.enabled }} + {{- range .Values.global.cassandra.hosts }} + - name: {{ .variable }} + value: {{ .hostname | quote }} + {{- end }} + - name: CASS_PORT + value: {{ .Values.global.cassandra.port | quote }} + - name: CASS_KEYSPACE + value: {{ tpl .Values.global.cassandra.keyspace . | quote }} + - name: CASS_TKEYSPACE + value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }} + - name: CASS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + - name: CASS_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + {{- end }} + {{- if .Values.apimgr.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.apimgr.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.apimgr.extraVolumeMounts }} + volumeMounts: + {{- if .Values.apimgr.license }} + - name: license + mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} + {{- toYaml ( .Values.apimgr.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.apimgr.extraVolumes }} + volumes: + {{- if .Values.apimgr.license }} + - name: license + configMap: + name: {{ .Release.Name }}-apimgr-license-config + {{- end }} +{{ toYaml ( .Values.apimgr.extraVolumes ) | indent 8 }} + {{- end }} + {{- with .Values.apimgr.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apimgr.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apimgr.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/templates/apimgr/apimgr-hpa.yaml b/templates/apimgr/apimgr-hpa.yaml new file mode 100644 index 0000000..bc44e60 --- /dev/null +++ b/templates/apimgr/apimgr-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.apimgr.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-apimgr" + minReplicas: {{ .Values.apimgr.autoscaling.minReplicas }} + maxReplicas: {{ .Values.apimgr.autoscaling.maxReplicas }} + metrics: + {{- if .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/templates/apimgr/apimgr-ingress.yaml b/templates/apimgr/apimgr-ingress.yaml new file mode 100644 index 0000000..09a09ef --- /dev/null +++ b/templates/apimgr/apimgr-ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.apimgr.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apimgr.service.ports.ui.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apimgr + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apimgr.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apimgr.ingress.className }} + ingressClassName: {{ .Values.apimgr.ingress.className }} + {{- end }} + {{- if .Values.apimgr.ingress.tls }} + tls: + {{- range .Values.apimgr.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apimgr.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType}} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apimgr + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/apimgr/apimgr-routes.yaml b/templates/apimgr/apimgr-routes.yaml new file mode 100644 index 0000000..8a2ad9e --- /dev/null +++ b/templates/apimgr/apimgr-routes.yaml @@ -0,0 +1,40 @@ +{{- if .Values.apimgr.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + {{- if .Values.global.domainName }} + host: apimgr.{{ .Values.global.domainName }} + {{- end }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-apimgr" + port: + targetPort: {{ tpl .Values.apimgr.route.targetPort . }} +{{- if .Values.apimgr.route.tls.enabled }} + tls: + termination: {{ .Values.apimgr.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apimgr.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apimgr.route.tls.key }} + key: |- + {{- .Values.apimgr.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apimgr.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apimgr.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apimgr.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apimgr.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apimgr.route.tls.certificate }} + certificate: |- + {{- .Values.apimgr.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/templates/apimgr/apimgr-service.yaml b/templates/apimgr/apimgr-service.yaml new file mode 100644 index 0000000..9151bb5 --- /dev/null +++ b/templates/apimgr/apimgr-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr +spec: + type: {{ .Values.apimgr.service.type }} + ports: + - port: {{ .Values.apimgr.service.ports.ui.port }} + targetPort: {{ .Values.apimgr.service.ports.ui.port }} + protocol: {{ .Values.apimgr.service.ports.ui.protocol }} + name: apimanagerui + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apimgr diff --git a/templates/apimgr/apimgr-serviceaccount.yaml b/templates/apimgr/apimgr-serviceaccount.yaml new file mode 100644 index 0000000..e7bb2db --- /dev/null +++ b/templates/apimgr/apimgr-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.apimgr.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.apimgr.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apimgr + {{- with .Values.apimgr.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/templates/apiportal/apiportal-db-secret.yaml b/templates/apiportal/apiportal-db-secret.yaml new file mode 100644 index 0000000..9173615 --- /dev/null +++ b/templates/apiportal/apiportal-db-secret.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.apiportal.enabled .Values.apiportal.mysql.enabled (not .Values.apiportal.mysql.existingSecret) -}} +apiVersion: v1 +data: + username: {{ .Values.apiportal.mysql.username | b64enc }} + password: {{ .Values.apiportal.mysql.password | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.apiportal.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +{{- end }} diff --git a/templates/apiportal/apiportal-deployment.yaml b/templates/apiportal/apiportal-deployment.yaml new file mode 100644 index 0000000..cd2a7f2 --- /dev/null +++ b/templates/apiportal/apiportal-deployment.yaml @@ -0,0 +1,173 @@ +{{- if .Values.apiportal.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-apiportal" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + replicas: {{ .Values.apiportal.replicaCount }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apiportal.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apiportal.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: apiportal + {{- with .Values.apiportal.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.apiportal.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: apiportal + {{- with .Values.apiportal.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.apiportal.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.apiportal.podSecurityContext | nindent 8 }} + containers: + - name: "{{ include "gateway.fullname" . }}-apiportal" + securityContext: + {{- toYaml .Values.apiportal.securityContext | nindent 12 }} + command: ["/usr/local/bin/entrypoint.sh", "apiportal"] + {{- with .Values.apiportal.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apiportal.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.apiportal.resources | nindent 12 }} + env: + # Same mysql database has been used for both metrics and apiportal + {{- if .Values.apiportal.mysql.enabled }} + - name: MYSQL_HOST + value: {{ tpl .Values.global.database.host . | quote }} + - name: MYSQL_PORT + value: {{ .Values.global.database.port | quote }} + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ include "gateway.apiportal.secretName" . }} + key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "gateway.apiportal.secretName" . }} + key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + - name: MYSQL_DATABASE + value: {{ .Values.apiportal.mysql.databaseName | quote }} + - name: MYSQL_SSL_ON + value: {{ .Values.apiportal.mysql.sslOn | quote }} + - name: MYSQL_SSL_VERIFY_CERT + value: {{ .Values.apiportal.mysql.sslVerifyCert | quote }} + {{- end }} + {{- if .Values.apiportal.redis.enabled }} + - name: REDIS_CONFIGURED + value: "1" + - name: REDIS_ON + value: "1" + - name: REDIS_HOST + value: {{ required "A redis host should be specified" .Values.apiportal.redis.host | quote }} + - name: REDIS_PORT + value: {{ default "6379" .Values.apiportal.redis.port | quote }} + - name: REDIS_CACHE_TIMEOUT_SEC + value: {{ default "600" .Values.apiportal.redis.cacheTimeout | quote }} + {{- end }} + - name: APACHE_SSL_ON + value: {{ .Values.apiportal.apache.sslOn | quote }} + - name: APIMANAGER_CONFIGURED + value: {{ default "1" .Values.apiportal.apiManager.configured | quote }} + - name: API_WHITELIST_CONFIGURED + value: "1" + - name: API_WHITELIST + value: "apitraffic.{{ .Values.global.domainName }}" + - name: APIMANAGER_NAME + value: {{ .Values.apiportal.apiManager.name | quote }} + - name: APIMANAGER_HOST + value: "{{ include "gateway.fullname" . }}-apimgr" + - name: APIMANAGER_PORT + value: {{ .Values.apimgr.service.ports.ui.port | quote }} + - name: HTTP_PORT + value: {{ .Values.apiportal.service.ports.http.port | quote }} + - name: HTTPS_PORT + value: {{ .Values.apiportal.service.ports.https.port | quote }} + - name: HTTPS_FORCE_PORT + value: {{ .Values.apiportal.service.ports.force.port | quote }} + - name: T4_DOWNLOADED + value: {{ .Values.apiportal.t4_downloaded | quote }} + {{- if .Values.apiportal.extraEnvVars }} + {{- toYaml .Values.apiportal.extraEnvVars | nindent 12 }} + {{- end }} + image: "{{ default .Values.global.defaultRegistry .Values.apiportal.image.registry }}/{{ .Values.apiportal.image.repository }}:{{ .Values.apiportal.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - name: "apiportal" + containerPort: {{ .Values.apiportal.service.ports.force.port }} + protocol: TCP + volumeMounts: + {{- $mounts := list }} + {{- if .Values.apiportal.mysql.sslOn }} + {{- $mounts = append $mounts (dict "name" "mysql-certs" "mountPath" "/opt/axway/apiportal/certs/mysql/mysql-ca.pem" "subPath" "mysql-ca.pem") }} + {{- end }} + {{- if .Values.apiportal.apache.sslOn }} + {{- $mounts = append $mounts (dict "name" "apache" "mountPath" "/opt/axway/apiportal/certs/apache/") }} + {{- end }} + {{- include "gateway.volumeMounts" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $mounts | default list | toYaml | nindent 12 }} + initContainers: + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: [ 'sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port }}; do echo waiting for MySQL; sleep 2; done;' ] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.apiportal.apiManager.configured }} + - name: init-apimanager + image: {{ .Values.global.initContainers.image | quote }} + command: [ 'sh', '-c', 'until nc -w 3 -v {{ include "gateway.fullname" . }}-apimgr 8075; do echo waiting for API Manager; sleep 2; done;' ] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .Values.apiportal.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- $vols := list }} + {{- if .Values.apiportal.mysql.sslOn }} + {{- $vols = append $vols (dict "name" "mysql-certs" "secret" (dict "secretName" "mysql-ca-cert" "items" (list (dict "key" "mysql-ca.pem" "path" "mysql-ca.pem")))) }} + {{- end }} + {{- if .Values.apiportal.apache.sslOn }} + {{- $vols = append $vols (dict "name" "apache" "secret" (dict "secretName" "apache" "items" (list (dict "key" "tls.key" "path" "apache.key") (dict "key" "tls.crt" "path" "apache.crt")))) }} + {{- end }} + {{- include "gateway.volumes" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $vols | default list | toYaml | nindent 8 }} +{{- end }} diff --git a/templates/apiportal/apiportal-ingress.yaml b/templates/apiportal/apiportal-ingress.yaml new file mode 100644 index 0000000..1a271ff --- /dev/null +++ b/templates/apiportal/apiportal-ingress.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.apiportal.enabled .Values.apiportal.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apiportal.service.ports.target.port }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apiportal + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apiportal.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apiportal.ingress.className }} + ingressClassName: {{ .Values.apiportal.ingress.className }} + {{- end }} + {{- if .Values.apiportal.ingress.tls }} + tls: + {{- range .Values.apiportal.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apiportal.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apiportal + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/apiportal/apiportal-rbac.yaml b/templates/apiportal/apiportal-rbac.yaml new file mode 100644 index 0000000..682d95c --- /dev/null +++ b/templates/apiportal/apiportal-rbac.yaml @@ -0,0 +1,37 @@ +{{- if .Values.apiportal.enabled -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: apiportalscc + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - nonroot + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: apiportalscc + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +subjects: +- kind: ServiceAccount + name: {{ include "gateway.apiportal.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: Role + name: apiportalscc + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/templates/apiportal/apiportal-routes.yaml b/templates/apiportal/apiportal-routes.yaml new file mode 100644 index 0000000..836d1d6 --- /dev/null +++ b/templates/apiportal/apiportal-routes.yaml @@ -0,0 +1,40 @@ +{{- if and .Values.apiportal.enabled .Values.apiportal.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-apiportal" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + to: + kind: Service + name: {{ include "gateway.fullname" . }}-apiportal + {{- if .Values.global.domainName }} + host: apiportal.{{ .Values.global.domainName }} + {{- end }} + port: + targetPort: {{ tpl .Values.apiportal.route.targetPort . }} +{{- if .Values.apiportal.route.tls.enabled }} + tls: + termination: {{ .Values.apiportal.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apiportal.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apiportal.route.tls.key }} + key: |- + {{- .Values.apiportal.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apiportal.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apiportal.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apiportal.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apiportal.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apiportal.route.tls.certificate }} + certificate: |- + {{- .Values.apiportal.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/templates/apiportal/apiportal-service.yaml b/templates/apiportal/apiportal-service.yaml new file mode 100644 index 0000000..d834292 --- /dev/null +++ b/templates/apiportal/apiportal-service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.apiportal.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gateway.fullname" . }}-apiportal + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + type: ClusterIP + ports: + - port: {{ .Values.apiportal.service.ports.http.port }} + targetPort: {{ .Values.apiportal.service.ports.http.port }} + protocol: TCP + name: {{ include "gateway.fullname" . }}-apiportal-http + - port: {{ .Values.apiportal.service.ports.https.port }} + targetPort: {{ .Values.apiportal.service.ports.https.port }} + protocol: TCP + name: {{ include "gateway.fullname" . }}-apiportal-https + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apiportal +{{- end }} diff --git a/templates/apiportal/apiportal-serviceaccount.yaml b/templates/apiportal/apiportal-serviceaccount.yaml new file mode 100644 index 0000000..a337358 --- /dev/null +++ b/templates/apiportal/apiportal-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.apiportal.enabled .Values.apiportal.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.apiportal.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apiportal + {{- with .Values.apiportal.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/templates/apiportal/storage/apiportal-pvc.yaml b/templates/apiportal/storage/apiportal-pvc.yaml new file mode 100644 index 0000000..d7f1f37 --- /dev/null +++ b/templates/apiportal/storage/apiportal-pvc.yaml @@ -0,0 +1,53 @@ +{{- if .Values.apiportal.enabled }} +{{- range .Values.apiportal.storage.volumes }} +{{- if .enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }} + resources: + requests: + storage: {{ default "1Mi" .capacity | quote }} +{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "static" }} +# PersistentVolume needs to be created only for Static storage provisioning +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "gateway.fullname" $ }}-{{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + capacity: + storage: {{ .capacity | quote }} + volumeMode: Filesystem + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }} + csi: + driver: {{ .persistentVolume.csiDriver }} + volumeHandle: {{ .persistentVolume.volumeHandle }} + claimRef: + name: {{ .name | lower }} + namespace: {{ $.Release.Namespace | quote }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/templates/apiportal/storage/storage-class.yaml b/templates/apiportal/storage/storage-class.yaml new file mode 100644 index 0000000..0f92a71 --- /dev/null +++ b/templates/apiportal/storage/storage-class.yaml @@ -0,0 +1,26 @@ +{{ if .Values.apiportal.enabled }} +{{- range .Values.apiportal.storage.classes }} +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} +provisioner: {{ .provisioner | quote }} +{{- with .allowVolumeExpansion }} +allowVolumeExpansion: {{ . }} +{{- end }} +{{- with .parameters }} +parameters: {{- tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- with .mountOptions }} +mountOptions: {{- toYaml . | nindent 2 }} +{{- end }} +{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "dynamic" }} +volumeBindingMode: WaitForFirstConsumer +{{- else }} +volumeBindingMode: Immediate +{{- end }} +{{- end }} +{{- end }} diff --git a/templates/apitraffic/apitraffic-configmap.yaml b/templates/apitraffic/apitraffic-configmap.yaml new file mode 100644 index 0000000..50e111e --- /dev/null +++ b/templates/apitraffic/apitraffic-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.apitraffic.enabled .Values.apitraffic.license }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-apitraffic-license-config +data: +{{- range $path, $config := .Values.apitraffic.license }} + {{ $path }}: | +{{ $config | indent 4 -}} +{{- end -}} +{{- end -}} diff --git a/templates/apitraffic/apitraffic-deployment.yaml b/templates/apitraffic/apitraffic-deployment.yaml new file mode 100644 index 0000000..db364b8 --- /dev/null +++ b/templates/apitraffic/apitraffic-deployment.yaml @@ -0,0 +1,228 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + {{- if not .Values.apitraffic.autoscaling.enabled }} + replicas: {{ .Values.apitraffic.replicaCount }} + {{- end }} + strategy: + {{- if eq (default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type) "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apitraffic.updateStrategy.rollingUpdate.maxSurge }} + maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apitraffic.updateStrategy.rollingUpdate.maxUnavailable }} + {{- end }} + type: {{ default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: apitraffic + {{- with .Values.apitraffic.podLabels }} + {{- toYaml . | nindent 6 }} + {{- end }} + template: + metadata: + {{- with .Values.apitraffic.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: apitraffic + {{- with .Values.apitraffic.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.apitraffic.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.apitraffic.podSecurityContext | nindent 8 }} + initContainers: + {{- if .Values.global.cassandra.enabled }} + - name: init-cassandra + image: {{ .Values.global.initContainers.image | quote }} + {{- with (first .Values.global.cassandra.hosts) }} + command: ["sh", "-c", "until nc -w 3 -v {{ .hostname }} 9042; do echo waiting for {{ .hostname }}; sleep 2; done;"] + {{- end }} + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: init-mysql + image: {{ .Values.global.initContainers.image | quote }} + command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"] + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + - name: init-anm + image: {{ .Values.global.initContainers.image | quote }} + {{- if .Values.anm.hostname }} + command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"] + {{- else }} + command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"] + {{- end }} + {{- with .Values.global.initContainers.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.global.initContainers.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apitraffic.extraInitContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.apitraffic.securityContext | nindent 12 }} + image: "{{ default .Values.global.defaultRegistry .Values.apitraffic.image.registry }}/{{ .Values.apitraffic.image.repository }}:{{ .Values.apitraffic.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + ports: + - containerPort: {{ .Values.apitraffic.service.ports.traffic.port }} + protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }} + {{- with .Values.apitraffic.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.apitraffic.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.apitraffic.resources | nindent 12 }} + env: + {{- with .Values.apitraffic.extraEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.apitraffic.FIPS.enabled }} + - name: EMT_FIPS_MODE + value: {{ .Values.apitraffic.FIPS.enabled | quote }} + {{- end }} + {{- if .Values.apitraffic.jvmHeapSize }} + - name: EMT_HEAP_SIZE_MB + value: {{ .Values.apitraffic.jvmHeapSize | quote }} + {{- end }} + {{- if .Values.apitraffic.logs.trace.level }} + - name: EMT_TRACE_LEVEL + value: {{ .Values.apitraffic.logs.trace.level | quote }} + {{- end }} + {{- if .Values.apitraffic.logs.trace.disk }} + - name: APIGW_LOG_TRACE_TO_FILE + value: {{ .Values.apitraffic.logs.trace.disk | quote }} + {{- end }} + - name: APIGW_LOG_TRACE_JSON_TO_STDOUT + value: {{ default .Values.apitraffic.logs.trace.stdoutJSON false | quote }} + {{- if .Values.apitraffic.logs.opentraffic.output | quote}} + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: {{ .Values.apitraffic.logs.opentraffic.output | quote }} + {{- end }} + {{- if .Values.global.domainkeypassphrase }} + - name: DOMAIN_KEY_PASSPHRASE + valueFrom: + secretKeyRef: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + key: passphrase + {{- end }} + {{- if .Values.global.database.metrics.enabled }} + - name: METRICS_DB_URL + value: {{ tpl .Values.global.database.metrics.url . | quote }} + - name: METRICS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + - name: METRICS_DB_PASS + valueFrom: + secretKeyRef: + name: {{ include "gateway.metrics-db.secretName" . }} + key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + {{- end }} + - name: GROUP_ID + value: {{ .Values.apitraffic.groupId }} + {{- if .Values.global.domainId }} + - name: DOMAIN_ID + value: {{ .Values.global.domainId }} + {{- end }} + {{- if .Values.global.cassandra.enabled }} + {{- range .Values.global.cassandra.hosts }} + - name: {{ .variable }} + value: {{ .hostname | quote }} + {{- end }} + - name: CASS_PORT + value: {{ .Values.global.cassandra.port | quote }} + - name: CASS_KEYSPACE + value: {{ tpl .Values.global.cassandra.keyspace . | quote }} + - name: CASS_TKEYSPACE + value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }} + - name: CASS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} + - name: CASS_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "gateway.cassandra.secretName" . }} + key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} + + {{- end }} + {{- if .Values.apitraffic.image.generalConditions }} + - name: ACCEPT_GENERAL_CONDITIONS + value: {{ .Values.apitraffic.image.generalConditions.accept | quote }} + {{- end }} + {{- if .Values.anm.hostname }} + - name: EMT_ANM_HOSTS + value: {{ .Values.anm.hostname | quote }} + {{- else }} + - name: EMT_ANM_HOSTS + value: "{{ include "gateway.fullname" . }}-anm:8090" + {{- end }} + {{- if .Values.apitraffic.extraVolumeMounts }} + volumeMounts: + {{- if .Values.apitraffic.license }} + - name: license + mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic" + subPath: "license.lic" + {{- end }} +{{- toYaml ( .Values.apitraffic.extraVolumeMounts ) | nindent 12 }} + {{- end }} + {{- if .Values.apitraffic.extraVolumes }} + volumes: + {{- if .Values.apitraffic.license }} + - name: license + configMap: + name: {{ .Release.Name }}-apitraffic-license-config + {{- end }} +{{ toYaml ( .Values.apitraffic.extraVolumes ) | indent 8 }} + {{- end }} + {{- with .Values.apitraffic.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apitraffic.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.apitraffic.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/templates/apitraffic/apitraffic-hpa.yaml b/templates/apitraffic/apitraffic-hpa.yaml new file mode 100644 index 0000000..9f0143e --- /dev/null +++ b/templates/apitraffic/apitraffic-hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.apitraffic.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: "{{ include "gateway.fullname" . }}-apitraffic" + minReplicas: {{ .Values.apitraffic.autoscaling.minReplicas }} + maxReplicas: {{ .Values.apitraffic.autoscaling.maxReplicas }} + metrics: + {{- if .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/templates/apitraffic/apitraffic-ingress.yaml b/templates/apitraffic/apitraffic-ingress.yaml new file mode 100644 index 0000000..d690207 --- /dev/null +++ b/templates/apitraffic/apitraffic-ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.apitraffic.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apitraffic.service.ports.traffic.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-apitraffic + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apitraffic.ingress.annotations }} + annotations: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apitraffic.ingress.className }} + ingressClassName: {{ .Values.apitraffic.ingress.className }} + {{- end }} + {{- if .Values.apitraffic.ingress.tls }} + tls: + {{- range .Values.apitraffic.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apitraffic.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-apitraffic + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/apitraffic/apitraffic-routes.yaml b/templates/apitraffic/apitraffic-routes.yaml new file mode 100644 index 0000000..e71e718 --- /dev/null +++ b/templates/apitraffic/apitraffic-routes.yaml @@ -0,0 +1,40 @@ +{{- if .Values.apitraffic.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + {{- if .Values.global.domainName }} + host: apitraffic.{{ .Values.global.domainName }} + {{- end }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-apitraffic" + port: + targetPort: {{ tpl .Values.apitraffic.route.targetPort . }} +{{- if .Values.apitraffic.route.tls.enabled }} + tls: + termination: {{ .Values.apitraffic.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apitraffic.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apitraffic.route.tls.key }} + key: |- + {{- .Values.apitraffic.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apitraffic.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apitraffic.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.route.tls.certificate }} + certificate: |- + {{- .Values.apitraffic.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/templates/apitraffic/apitraffic-service.yaml b/templates/apitraffic/apitraffic-service.yaml new file mode 100644 index 0000000..9b061c6 --- /dev/null +++ b/templates/apitraffic/apitraffic-service.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + type: {{ .Values.apitraffic.service.type }} + ports: + - port: {{ .Values.apitraffic.service.ports.traffic.port }} + targetPort: {{ .Values.apitraffic.service.ports.traffic.port }} + protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }} + name: apigatewaytraffic + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic + +--- + +{{- if eq .Values.apitraffic.oauth.enabled true }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ include "gateway.fullname" . }}-oauth" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +spec: + type: {{ .Values.apitraffic.oauth.type }} + ports: + - port: {{ .Values.apitraffic.oauth.port }} + targetPort: {{ .Values.apitraffic.oauth.port }} + protocol: {{ .Values.apitraffic.oauth.protocol }} + name: oauth + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic +{{- end }} diff --git a/templates/apitraffic/apitraffic-serviceaccount.yaml b/templates/apitraffic/apitraffic-serviceaccount.yaml new file mode 100644 index 0000000..8336544 --- /dev/null +++ b/templates/apitraffic/apitraffic-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.apitraffic.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.apitraffic.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: apitraffic + {{- with .Values.apitraffic.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/templates/apitraffic/oauth-ingress.yaml b/templates/apitraffic/oauth-ingress.yaml new file mode 100644 index 0000000..ea45eb5 --- /dev/null +++ b/templates/apitraffic/oauth-ingress.yaml @@ -0,0 +1,45 @@ +{{- if .Values.apitraffic.oauth.ingress.enabled -}} +{{- $fullName := include "gateway.fullname" . -}} +{{- $svcPort := .Values.apitraffic.oauth.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-oauth + labels: + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.apitraffic.oauth.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.apitraffic.oauth.ingress.className }} + ingressClassName: {{ .Values.apitraffic.oauth.ingress.className }} + {{- end }} + {{- if .Values.apitraffic.oauth.ingress.tls }} + tls: + {{- range .Values.apitraffic.oauth.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.apitraffic.oauth.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if .pathType }} + pathType: {{ .pathType }} + {{- end }} + backend: + service: + name: {{ $fullName }}-oauth + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/templates/apitraffic/oauth-routes.yaml b/templates/apitraffic/oauth-routes.yaml new file mode 100644 index 0000000..59e1b72 --- /dev/null +++ b/templates/apitraffic/oauth-routes.yaml @@ -0,0 +1,40 @@ +{{- if .Values.apitraffic.oauth.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: "{{ include "gateway.fullname" . }}-oauth" + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: oauth +spec: + {{- if .Values.global.domainName }} + host: oauth.{{ .Values.global.domainName }} + {{- end }} + to: + kind: Service + name: "{{ include "gateway.fullname" . }}-oauth" + port: + targetPort: {{ tpl .Values.apitraffic.oauth.route.targetPort . }} +{{- if .Values.apitraffic.oauth.route.tls.enabled }} + tls: + termination: {{ .Values.apitraffic.oauth.route.tls.termination }} + insecureEdgeTerminationPolicy: {{ .Values.apitraffic.oauth.route.tls.insecureEdgeTerminationPolicy }} + {{- if .Values.apitraffic.oauth.route.tls.key }} + key: |- + {{- .Values.apitraffic.oauth.route.tls.key | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.oauth.route.tls.destinationCACertificate }} + destinationCACertificate: |- + {{- .Values.apitraffic.oauth.route.tls.destinationCACertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.oauth.route.tls.caCertificate }} + caCertificate: |- + {{- .Values.apitraffic.oauth.route.tls.caCertificate | nindent 6 }} + {{- end }} + {{- if .Values.apitraffic.oauth.route.tls.certificate }} + certificate: |- + {{- .Values.apitraffic.oauth.route.tls.certificate | nindent 6 }} + {{- end }} +{{- end }} + wildcardPolicy: None +{{- end }} diff --git a/templates/common/cassandra-secret.yaml b/templates/common/cassandra-secret.yaml new file mode 100644 index 0000000..fa7d964 --- /dev/null +++ b/templates/common/cassandra-secret.yaml @@ -0,0 +1,11 @@ +{{- if (not .Values.global.cassandra.existingSecret) -}} +apiVersion: v1 +data: + username: {{ .Values.global.cassandra.username | b64enc }} + password: {{ .Values.global.cassandra.password | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.cassandra.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} +{{- end }} diff --git a/templates/common/domain-key-secret.yaml b/templates/common/domain-key-secret.yaml new file mode 100644 index 0000000..bbad1dc --- /dev/null +++ b/templates/common/domain-key-secret.yaml @@ -0,0 +1,10 @@ +{{- if ((.Values.global.domainkeypassphrase).passphrase) -}} +apiVersion: v1 +data: + passphrase: {{ .Values.global.domainkeypassphrase.passphrase | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.domainkeypassphrase.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} +{{- end }} diff --git a/templates/common/metrics-db-secret.yaml b/templates/common/metrics-db-secret.yaml new file mode 100644 index 0000000..16be0d4 --- /dev/null +++ b/templates/common/metrics-db-secret.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.global.database.metrics.enabled (not .Values.global.database.metrics.existingSecret) -}} +apiVersion: v1 +data: + username: {{ .Values.global.database.metrics.username | b64enc }} + password: {{ .Values.global.database.metrics.password | b64enc }} +kind: Secret +metadata: + name: {{ include "gateway.metrics-db.secretName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} +{{- end }} diff --git a/templates/storage/pvc.yaml b/templates/storage/pvc.yaml new file mode 100644 index 0000000..2b3a84f --- /dev/null +++ b/templates/storage/pvc.yaml @@ -0,0 +1,53 @@ +{{- range .Values.global.storage.volumes }} +{{- if .enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} +spec: + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + {{- if .volumeName }} + volumeName: {{ .volumeName | quote }} + {{- end}} + storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }} + resources: + requests: + storage: {{ default "1Mi" .capacity | quote }} +{{- if eq $.Values.global.storage.provisioningType "static" }} +# PersistentVolume needs to be created only for Static storage provisioning +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ include "gateway.fullname" $ }}-{{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} + app.kubernetes.io/component: apiportal +spec: + capacity: + storage: {{ .capacity | quote }} + volumeMode: Filesystem + accessModes: + {{- with .accessModes }} + {{- toYaml . | nindent 4 }} + {{- else }} + - ReadWriteMany + {{- end }} + persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }} + csi: + driver: {{ .persistentVolume.csiDriver }} + volumeHandle: {{ .persistentVolume.volumeHandle }} + claimRef: + name: {{ .name | lower }} + namespace: {{ $.Release.Namespace | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/templates/storage/storage-class.yaml b/templates/storage/storage-class.yaml new file mode 100644 index 0000000..9106def --- /dev/null +++ b/templates/storage/storage-class.yaml @@ -0,0 +1,24 @@ +{{- range .Values.global.storage.classes }} +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ .name | lower }} + labels: + {{- include "gateway.labels" $ | nindent 4 }} +provisioner: {{ .provisioner | quote }} +{{- if .allowVolumeExpansion }} +allowVolumeExpansion: {{ .allowVolumeExpansion }} +{{- end }} +{{- with .parameters }} +parameters: {{- tpl (toYaml .) $ | nindent 2 }} +{{- end }} +{{- with .mountOptions }} +mountOptions: {{- toYaml . | nindent 2 }} +{{- end }} +{{- if eq $.Values.global.storage.provisioningType "dynamic" }} +volumeBindingMode: WaitForFirstConsumer +{{- else }} +volumeBindingMode: Immediate +{{- end }} +{{- end }} diff --git a/templates/tests/gw-test-connection.yaml b/templates/tests/gw-test-connection.yaml new file mode 100644 index 0000000..316d011 --- /dev/null +++ b/templates/tests/gw-test-connection.yaml @@ -0,0 +1,114 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-anm-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-anm:{{ .Values.anm.service.ports.traffic.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-apimgr-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apimgr:{{ .Values.apimgr.service.ports.ui.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-apitraffic-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apitraffic:{{ .Values.apitraffic.service.ports.traffic.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +--- +{{- if .Values.aga.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ include "gateway.fullname" . }}-aga-test-connection" + labels: + {{- include "gateway.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + template: + spec: + serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }} + containers: + - name: curl + image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }} + command: ["bin/sh"] + args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-aga:{{ .Values.aga.service.ports.ui.port}}/healthcheck"] + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }} + allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }} + restartPolicy: Never + backoffLimit: 3 +{{- end }} diff --git a/templates/tests/test-connection-serviceaccount.yaml b/templates/tests/test-connection-serviceaccount.yaml new file mode 100644 index 0000000..5a949c6 --- /dev/null +++ b/templates/tests/test-connection-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.global.tests.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.tests.serviceAccountName" . }} + labels: + {{- include "gateway.labels" . | nindent 4 }} + app.kubernetes.io/component: test-connection + {{- with .Values.global.tests.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/values-override.yaml b/values-override.yaml new file mode 100644 index 0000000..bf22154 --- /dev/null +++ b/values-override.yaml @@ -0,0 +1,659 @@ +nameOverride: gateway +global: + domainName: apilab.us + defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 + imagePullPolicy: Always + imagePullSecrets: + - name: regcred + storage: + provisioningType: "dynamic" + storageClassName: "nfs" + volumes: + - name: events + enabled: true + usedBy: + - anm + - apimgr + - traffic + accessModes: + - ReadWriteMany + capacity: 1Gi + volumeName: apim-events + - name: payloads + enabled: true + usedBy: + - traffic + accessModes: + - ReadWriteOnce + capacity: 16Gi + volumeName: apim-payloads + - name: audit + enabled: true + usedBy: + - anm + - apimgr + - traffic + accessModes: + - ReadWriteMany + capacity: 1Gi + volumeName: apim-audit + - name: anm-external-config + enabled: true + usedBy: + - anm + accessModes: + - ReadWriteOnce + capacity: 8Mi + - name: apimgr-external-config + enabled: true + usedBy: + - apimgr + accessModes: + - ReadWriteOnce + capacity: 8Mi + - name: apitraffic-external-config + enabled: true + usedBy: + - traffic + accessModes: + - ReadWriteOnce + capacity: 8Mi + - name: aga-external-config + enabled: true + usedBy: + - traffic + accessModes: + - ReadWriteOnce + capacity: 8Mi + - name: opentraffic + enabled: true + usedBy: + - traffic + - anm + - apimgr + accessModes: + - ReadWriteOnce + capacity: 8Gi + volumeName: apim-opentraffic + initContainers: + securityContext: + runAsNonRoot: false + database: + host: mysql.metrics.svc.cluster.local + metrics: + enabled: false + username: "root" + password: "password" + sslMode: "NONE" + url: jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }} + cassandra: + enabled: true + hosts: + - variable: CASS_HOST + hostname: cassandra.cassandra.svc.cluster.local + username: cassandra + password: cassandra + keyspace: ks + tkeyspace: tks + +anm: + image: + repository: "admin-nodemanager" + tag: "7.7.0.20240228-1-BN0065-ubi9" + generalConditions: + accept: "yes" + resources: + limits: + memory: "2048Mi" + cpu: "1000m" + requests: + memory: "1Gi" + cpu: "250m" + securityContext: + runAsNonRoot: false + route: + enabled: true + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare + #ingress: + # enabled: true + # className: "nginx" + #annotations: + # nginx.ingress.kubernetes.io/backend-protocol: HTTPS + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/ingress.class: "nginx" + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: "letsencrypt-issuer" + #hosts: + # - host: anm.apilab.us + # paths: + # - path: / + # pathType: ImplementationSpecific + #tls: + # - secretName: anm-tls + # hosts: + # - anm.apilab.us + #service: + # port: 8091 + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + - name: events + mountPath: /opt/Axway/apigateway/events + - name: audit + mountPath: /opt/Axway/apigateway/logs + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + - persistentVolumeClaim: + claimName: events + name: events + - persistentVolumeClaim: + claimName: audit + name: audit + extraEnvVars: + - name: EMT_DEPLOYMENT_ENABLED + value: "true" + - name: ACCEPT_GENERAL_CONDITIONS + value: "yes" + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: "file" + - name: API_BUILDER_URL + value: "https://axway-elk-apim4elastic-apibuilder4elastic.apim4elastic:8443" + +apimgr: + name: apimgr + image: + repository: "gateway" + tag: "7.7.0.20240228-1-BN0065-ubi9" + generalConditions: + accept: "yes" + groupId: Group1 + resources: + limits: + memory: "2Gi" + cpu: 2 + requests: + memory: "0.5Gi" + cpu: 0.5 + securityContext: + runAsNonRoot: false + route: + enabled: true + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare + #ingress: + # enabled: true + #className: "nginx" + #annotations: + # nginx.ingress.kubernetes.io/backend-protocol: HTTPS + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/ingress.class: "nginx" + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: "letsencrypt-issuer" + #hosts: + # - host: apimgr.apilab.us + # paths: + # - path: / + # pathType: ImplementationSpecific + #tls: + # - secretName: apimgr-tls + # hosts: + # - apimgr.apilab.us + #service: + # port: 8075 + extraVolumeMounts: + - name: events + mountPath: /opt/Axway/apigateway/events + - name: apimgr-external-config + mountPath: /merge + - name: opentraffic + mountPath: /opt/Axway/apigateway/logs/opentraffic + - name: audit + mountPath: /opt/Axway/apigateway/logs/transaction + extraVolumes: + - persistentVolumeClaim: + claimName: events + name: events + - persistentVolumeClaim: + claimName: apimgr-external-config + name: apimgr-external-config + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: audit + name: audit + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + - name: EMT_DEPLOYMENT_ENABLED + value: "true" + - name: ACCEPT_GENERAL_CONDITIONS + value: "yes" + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: "file" + license: + license.lic: | + FIPS=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + api_visual_mapper=1 + apiportal=1 + company=Axway + deployment_type=docker + expires=Wed, 30 Apr 2025 16:21:51 GMT + license_id=TEMP + mcafee=1 + name=Axway + sdkgenerator=1 + unrestricted=1 + version=7.7 + # SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233 + # SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548 + # SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69 + # SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6 + # SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd + # SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e + # SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8 + # SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6 +apitraffic: + image: + repository: "gateway" + tag: "7.7.0.20240228-1-BN0065-ubi9" + generalConditions: + accept: "yes" + groupId: Group1 + resources: + limits: + memory: "2Gi" + cpu: 2 + requests: + memory: "0.5Gi" + cpu: 0.5 + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 6 + targetCPUUtilizationPercentage: 80 + replicaCount: 2 + securityContext: + runAsNonRoot: false + oauth: + enabled: true + type: ClusterIP + port: 8089 + protocol: TCP + route: + enabled: true + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare + #ingress: + # enabled: true + #className: "nginx" + #annotations: + # nginx.ingress.kubernetes.io/backend-protocol: HTTPS + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: "letsencrypt-issuer" + #hosts: + # - host: oauth.apilab.us + # paths: + # - path: / + # pathType: ImplementationSpecific + #tls: + # - secretName: oauth-tls + # hosts: + # - oauth.apilab.us + #ingress: + # enabled: true + #className: "nginx" + #annotations: + # nginx.ingress.kubernetes.io/backend-protocol: HTTPS + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/ingress.class: "nginx" + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: "letsencrypt-issuer" + #hosts: + # - host: apitraffic.apilab.us + # paths: + # - path: / + # pathType: ImplementationSpecific + #tls: + # - secretName: apitraffic-tls + # hosts: + # - apitraffic.apilab.us + service: + port: 8065 + extraVolumeMounts: + - name: events + mountPath: /opt/Axway/apigateway/events + - name: apitraffic-external-config + mountPath: /merge + - name: opentraffic + mountPath: /opt/Axway/apigateway/logs/opentraffic + - name: payloads + mountPath: /opt/Axway/apigateway/logs/payloads + - name: audit + mountPath: /opt/Axway/apigateway/logs/transaction + extraVolumes: + - persistentVolumeClaim: + claimName: events + name: events + - persistentVolumeClaim: + claimName: apitraffic-external-config + name: apitraffic-external-config + - persistentVolumeClaim: + claimName: payloads + name: payloads + - persistentVolumeClaim: + claimName: opentraffic + name: opentraffic + - persistentVolumeClaim: + claimName: audit + name: audit + extraEnvVars: + - name: EMT_HEALTHCHECK_PORT + value: "8065" + - name: EMT_HEALTHCHECK_PATH + value: /healthcheck + - name: GW_DIR + value: /opt/Axway/apigateway + - name: GW_TRACE_DIR + value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace + - name: EMT_TOPOLOGY_TTL + value: "10" + - name: APIGW_LOG_OPENTRAFFIC_OUTPUT + value: "file" + - name: EMT_DEPLOYMENT_ENABLED + value: "true" + - name: ENV_SECRET_EXAMPLE + valueFrom: + secretKeyRef: + name: apim-gateway-cassandra + key: username + - name: ACCEPT_GENERAL_CONDITIONS + value: "yes" + license: + license.lic: | + FIPS=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + api_visual_mapper=1 + apiportal=1 + company=Axway + deployment_type=docker + expires=Wed, 30 Apr 2025 16:21:51 GMT + license_id=TEMP + mcafee=1 + name=Axway + sdkgenerator=1 + unrestricted=1 + version=7.7 + # SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233 + # SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548 + # SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69 + # SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6 + # SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd + # SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e + # SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8 + # SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6 + +apiportal: + enabled: false + replicaCount: 1 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: docker.repository.axway.com/apiportal-docker-prod/7.7 + repository: "apiportal" + tag: "7.7.20240228-BN1285" + generalConditions: + accept: "yes" + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + service: + type: ClusterIP + ports: + # target: + # port: 8443 + # https: + # port: 8443 + # protocol: TCP + http: + port: 8080 + protocol: TCP + force: + port: 8080 + protocol: TCP + # OpenShift configuration + route: + enabled: true + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare + #ingress: + # enabled: true + # className: "nginx" + #annotations: + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/ingress.class: "nginx" + # kubernetes.io/tls-acme: "true" + # cert-manager.io/cluster-issuer: "letsencrypt-issuer" + #hosts: + # - host: portal.apilab.us + # paths: + # - path: / + # pathType: ImplementationSpecific + #tls: + # - secretName: apiportal-tls + # hosts: + # - portal.apilab.us + apiManager: + configured: 1 + name: Main + host: "apimgr.apilab.us" + port: 443 + # database settings for API Portal, also check the instance settings in global section + mysql: + enabled: false + # if the credentials are already available in a secret, set existingSecret + existingSecret: {} + # name: "mysql-credentials" + # keyMapping: + # password: password + # username: root + # else, set username and password, this will create a new secret + username: "root" + password: "password" + # if it doesn't exist, a database with this name will be created by the app + databaseName: "portal" + sslOn: 0 + sslVerifyCert: 0 + redis: + enabled: false + host: "" + port: 6379 + cacheTimeout: 600 + apache: + sslOn: 0 + extraEnvVars: [] + # podSecurityContext: + # runAsUser: 1048 + # runAsGroup: 1048 + # fsGroup: 1048 + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + +aga: + enabled: false + license: + license.lic: | + FIPS=1 + SalesForce Connector=1 + ServiceNow Connector=1 + analytics=1 + api_visual_mapper=1 + apiportal=1 + company=Axway + deployment_type=docker + expires=Wed, 30 Apr 2025 16:21:51 GMT + license_id=TEMP + mcafee=1 + name=Axway + sdkgenerator=1 + unrestricted=1 + version=7.7 + # SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233 + # SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548 + # SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69 + # SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6 + # SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd + # SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e + # SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8 + # SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6 + + replicaCount: 1 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + repository: "analytics" + tag: "7.7.0.20240228-1-BN0065-ubi9" + # Overrides the image tag whose default is the chart appVersion. + generalConditions: + accept: "yes" + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + extraEnvVars: + - name: ACCEPT_GENERAL_CONDITIONS + value: "yes" + podAnnotations: {} + podSecurityContext: {} + securityContext: + allowPrivilegeEscalation: false + #NOTE readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: false + service: + type: ClusterIP + ports: + ui: + port: 8040 + protocol: TCP + #ingress: + # enabled: true + #className: "nginx" + #annotations: + # nginx.ingress.kubernetes.io/backend-protocol: HTTPS + #nginx.ingress.kubernetes.io/ssl-passthrough: "true" + #nginx.ingress.kubernetes.io/ssl-redirect: "true" + #nginx.ingress.kubernetes.io/secure-backends: "true" + #nginx.ingress.kubernetes.io/ingress.class: "nginx" + #kubernetes.io/tls-acme: "true" + #cert-manager.io/cluster-issuer: "letsencrypt-issuer" + # kubernetes.io/i:ngress.class: nginx + #kubernetes.io/tls-acme: "true" + #hosts: + # - host: analytics.apilab.us + # paths: + # - path: / + # pathType: ImplementationSpecific + #tls: + # - secretName: analytics-tls + # hosts: + # - analytics.apilab.us + # OpenShift configuration + route: + enabled: true + annotations: + cert-manager.io/issuer-kind: ClusterIssuer + cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare + # targetPort: "{{ .Values.aga.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html + # tls: + # enabled: true + # termination: passthrough + # insecureEdgeTerminationPolicy: Redirect + # key: + # caCertificate: + # certificate: + # destinationCACertificate: + # ref: https://kubernetes.io/docs/user-guide/compute-resources/ + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + #targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apimgr + path: /healthcheck + port: 8040 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apimgr + path: /healthcheck + port: 8040 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 diff --git a/values.schema.json.bak b/values.schema.json.bak new file mode 100644 index 0000000..c014a71 --- /dev/null +++ b/values.schema.json.bak @@ -0,0 +1,2284 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "aga": { + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "enabled": { + "type": "boolean" + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "ui": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + } + } + }, + "anm": { + "type": "object", + "required": [ + "image", + "extraEnvVars" + ], + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "required": [ + "repository" + ], + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "traffic": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + }, + "ui": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "LoadBalancer", + "NodePort", + "ExternalName" + ] + } + } + }, + "serviceAccount": { + "type": "object", + "required": [ + "create" + ], + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "apimgr": { + "required": [ + "license" + ], + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "ui": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "integer" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "number" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "apitraffic": { + "required": [ + "license" + ], + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "license": { + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "oauth": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "route": { + "type": "object", + "description": "Values for creating an OCP route", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if the route should be created" + }, + "targetPort": { + "type": "string", + "description": "The port on pods this route points to" + }, + "tls": { + "type": "object", + "description": "Values for configuring TLS on an OCP route. More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines if TLS should be enabled" + }, + "termination": { + "type": "string", + "description": "Indicates the termination type" + }, + "insecureEdgeTerminationPolicy": { + "type": "string", + "description": "Indicates the desired behavior for insecure connections" + }, + "key": { + "type": ["string", "null"], + "description": "Key file contents" + }, + "caCertificate": { + "type": ["string", "null"], + "description": "Certificate authority certificate contents" + }, + "certificate": { + "type": ["string", "null"], + "description": "Certificate contents" + }, + "destinationCACertificate": { + "type": ["string", "null"], + "description": "Contents of the CA certificate of the final destination" + } + } + } + } + } + }, + "podAnnotations": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "traffic": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + } + } + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer" + }, + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "scheme": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "integer" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "number" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "apiportal": { + "type": "object", + "properties": { + "apache": { + "type": "object", + "properties": { + "sslOn": { + "type": "integer", + "minimum": 0, + "maximum": 1 + } + } + }, + "apiManager": { + "type": "object", + "properties": { + "configured": { + "type": "integer", + "minimum": 0, + "maximum": 1 + + }, + "name": { + "type": "string" + } + } + }, + "enabled": { + "type": "boolean" + }, + "extraEnvVars": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + }, + "digest": { + "type": "string" + } + } + }, + "mysql": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "databaseName": { + "type": "string" + }, + "existingSecret": { + "type": "object", + "description": "Use an existing secrets which already stores your credentials, will ignore apiportal.mysql.password and apiportal.mysql.username", + "properties": { + "name": { + "type": "string" + }, + "keyMapping": { + "type": "object", + "properties": { + "password": { + "type": "string" + }, + "username": { + "type": "string" + } + } + } + } + }, + "username": { + "type": "string", + "description": "Username" + }, + "password": { + "type": "string", + "description": "Password" + }, + "sslOn": { + "type": "integer", + "minimum": 0, + "maximum": 1 + }, + "sslVerifyCert": { + "type": "integer", + "minimum": 0, + "maximum": 1 + } + } + }, + "redis": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "cacheTimeout": { + "type": "integer" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "service": { + "type": "object", + "properties": { + "trafficForcePort": { + "type": "integer" + }, + "trafficPlainPort": { + "type": "integer" + }, + "trafficPort": { + "type": "integer" + } + } + }, + "storage": { + "type": "object", + "description": "Storage Options", + "properties": { + "classes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "provisioner": { + "type": "string" + }, + "allowVolumeExpansion": { + "type": "boolean" + }, + "mountOptions": { + "type": "array", + "items": { + "type": "string" + } + }, + "parameters": { + "type": "object" + } + } + } + }, + "provisioningType": { + "type": "string", + "enum": [ + "dynamic", + "static" + ] + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "required": [ + "capacity", + "enabled", + "name" + ], + "properties": { + "accessModes": { + "type": "array", + "description": "Access Modes", + "minItems": 1, + "maxItems": 3, + "uniqueItems": true, + "items": [ + { + "type": "string", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce" + ] + } + ] + }, + "capacity": { + "type": "string", + "description": "Storage Capacity, with unit (example: 5Gi)" + }, + "claimName": { + "type": "string", + "description": "Claim name, if empty the name property will be used instead" + }, + "enabled": { + "type": "boolean" + }, + "mountPath": { + "type": "string" + }, + "name": { + "type": "string", + "description": "Name of the PVC" + }, + "persistentVolume": { + "type": "object", + "properties": { + "csiDriver": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string", + "description": "Reclaim Policy", + "enum": [ + "Delete", + "Retain" + ] + }, + "volumeHandle": { + "type": "string", + "description": "Volume handle, mostly for AWS EFS. Only set if persistentVolume.create is true" + } + } + }, + "storageClassName": { + "type": "string", + "description": "For dynamic provisioning, the persistent volume will be created based on the storage class specs" + }, + "usedBy": { + "type": "array", + "items": [ + { + "type": "string", + "enum": [ + "portal" + ] + } + ] + } + } + } + } + } + }, + "updateStrategy": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + } + } + }, + "discovery-agent": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "traceability-agent": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "global": { + "type": "object", + "required": [ + "imagePullPolicy", + "storage" + ], + "properties": { + "apimVersion": { + "type": "string", + "description": "Gateway version. If apimVersion is not set, the appVersion in Chart.yaml will be used" + }, + "domainName": { + "type": "string", + "description": "Domain Name" + }, + "domainId": { + "type": "string", + "description": "Domain Id" + }, + "defaultRegistry": { + "type": "string", + "description": "Default image registry" + }, + "imagePullPolicy": { + "type": "string", + "description": "Image Pull Policy", + "enum": [ + "None", + "IfNotPresent", + "Always" + ] + }, + "imagePullSecrets": { + "type": "array" + }, + "initContainers": { + "type": "object", + "properties": { + "image": { + "type": "string", + "description": "image used in init containers" + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object" + } + } + }, + "updateStrategy": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "description": "Global update strategy for deployments" + }, + "rollingUpdate": { + "type": "object", + "properties": { + "maxSurge": { + "type": "integer", + "description": "The number of pods that can be created above the desired amount of pods during an update" + }, + "maxUnavailable": { + "type": "integer", + "description": "The number of pods that can be unavailable during the update process" + } + } + } + } + }, + "storage": { + "type": "object", + "description": "Storage Options", + "required": [ + "classes", + "provisioningType", + "volumes" + ], + "properties": { + "classes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "provisioner": { + "type": "string" + }, + "allowVolumeExpansion": { + "type": "boolean" + }, + "mountOptions": { + "type": "array", + "items": { + "type": "string" + } + }, + "parameters": { + "type": "object" + } + } + } + }, + "provisioningType": { + "type": "string", + "enum": [ + "dynamic", + "static" + ] + }, + "storageClassName": { + "type": "string", + "description": "Default storage class name. For dynamic provisioning, persistent volumes will be created based on the storage class specs" + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "required": [ + "capacity", + "enabled", + "name" + ], + "properties": { + "accessModes": { + "type": "array", + "description": "Access Modes", + "minItems": 1, + "maxItems": 3, + "uniqueItems": true, + "items": [ + { + "type": "string", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce" + ] + } + ] + }, + "capacity": { + "type": "string", + "description": "Storage Capacity, with unit (example: 5Gi)" + }, + "claimName": { + "type": "string", + "description": "Claim name, if empty the name property will be used instead" + }, + "enabled": { + "type": "boolean" + }, + "mountPath": { + "type": "string" + }, + "name": { + "type": "string", + "description": "Name of the PVC" + }, + "persistentVolume": { + "type": "object", + "properties": { + "csiDriver": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string", + "description": "Reclaim Policy", + "enum": [ + "Delete", + "Retain" + ] + }, + "volumeHandle": { + "type": "string", + "description": "Volume handle, mostly for AWS EFS. Only set if persistentVolume.create is true" + } + } + }, + "storageClassName": { + "type": "string", + "description": "For dynamic provisioning, the persistent volume will be created based on the storage class specs" + }, + "usedBy": { + "type": "array", + "items": [ + { + "type": "string", + "enum": [ + "aga", + "anm", + "apimgr", + "traffic", + "portal" + ] + } + ] + } + } + } + } + } + }, + "database": { + "type": "object", + "description": "Mysql Database Instance Options", + "properties": { + "host": { + "type": "string", + "description": "Database hostname" + }, + "port": { + "type": "integer", + "description": "Database port" + }, + "metrics": { + "type": "object", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "databaseName": { + "type": "string" + }, + "url": { + "type": "string", + "description": "Metrics DB JDBC URL" + }, + "useSSL": { + "type": "string" + }, + "verifyServerCertificate": { + "type": "boolean" + }, + "sslMode": { + "type": "string", + "enum": [ + "NONE", + "0", + "PREFERRED", + "1", + "REQUIRED", + "2", + "VERIFY_CA", + "3", + "VERIFY_IDENTITY", + "4" + ] + }, + "existingSecret": { + "type": "object", + "description": "Use an existing secrets which already stores your credentials, will ignore database.metrics.password and database.metrics.username", + "properties": { + "name": { + "type": "string" + }, + "keyMapping": { + "type": "object", + "properties": { + "password": { + "type": "string" + }, + "username": { + "type": "string" + } + } + } + } + }, + "username": { + "type": "string", + "description": "Username" + }, + "password": { + "type": "string", + "description": "Password" + } + } + } + } + }, + "domainkeypassphrase": { + "type": "object", + "properties": { + "passphrase": { + "type": "string" + } + } + }, + "cassandra": { + "type": "object", + "description": "Cassandra Options", + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "existingSecret": { + "type": "object", + "description": "Use an existing secrets which already stores your password data, will ignore cassandra.password", + "properties": { + "name": { + "type": "string" + }, + "keyMapping": { + "type": "object", + "properties": { + "password": { + "type": "string" + } + } + } + } + }, + "hosts": { + "type": "array", + "description": "List of Cassandra hostnames, the variable property should match the variables names in the FED", + "items": { + "type": "object", + "properties": { + "variable": { + "type": "string" + }, + "hostname": { + "type": "string" + } + } + } + }, + "password": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "keyspace": { + "type": "string" + }, + "tkeyspace": { + "type": "string" + }, + "username": { + "type": "string" + } + } + } + } + }, + "tests": { + "type": "object", + "properties": { + "images": { + "type": "object", + "properties": { + "curl": { + "type": "object", + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + } + } + } + }, + "required": [ + "global", + "anm", + "apimgr", + "apitraffic", + "aga" + ], + "title": "Values" +} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..3148478 --- /dev/null +++ b/values.yaml @@ -0,0 +1,1192 @@ +# Structural changes to this file should be reflected in values.schema.yaml +# +# Sample values for different use cases are available in the samples folder + +# override for the name of the chart +nameOverride: "" +# override for the fully qualified name +fullnameOverride: "" + +# global values that can be read by all components of the APIM solution +global: + # if apimVersion is not set, the appVersion in Chart.yaml will be used + apimVersion: "" + # domain used in the ingresses or routes + domainName: "" + # NOTE: if not using the default domain certs set domainId to the Unique ID (or Common Name) that was used to create custom domain certs + domainId: "" + # default docker registry + defaultRegistry: "" + imagePullSecrets: [] + imagePullPolicy: IfNotPresent + initContainers: + image: "docker.io/busybox:1.34" + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + updateStrategy: + # RollingUpdate or Recreate + type: RollingUpdate + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + storage: + # static (a template will be created for the PV), + # or dynamic (default, a storage class is used, and PV doesnt' require a template) + provisioningType: "dynamic" + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # global storage class name, will be used by all volumes not overriding it + # leave empty for static provisioning + # can be the name of a storage class specified in `classes` below, or an external one + storageClassName: "" + # storage class managed by this chart + classes: [] + # - name: "" + # # provisioner (CSI driver), example: efs.csi.aws.com + # provisioner: "" + # allowVolumeExpansion: true + # mountOptions: [] + # # storage class parameters to use if create is true + # parameters: {} + # # example + # # provisioningMode: "efs-ap" + # # fileSystemId: "fs-05d1bd09462e124d8" + # # directoryPerms: "770" + volumes: + - name: events + enabled: false + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + - name: gw-external-config + enabled: true + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "nfs" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + - name: aga-external-config + enabled: true + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "nfs" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + - name: anm-external-config + enabled: true + accessModes: + - ReadWriteMany + # storage request, if provisioner is elastic, leave it to 1Mi + capacity: 1Mi + # for dynamic provisioning, the persistent volume will be created based + # on the storage class specs + # if the storage class name is set for the volume, it will override the one defined + # in global.storage.storageClassName + # examples: azurefile-premium, efs-sc + # leave empty for static provisioning + # can be a storage class defined above, or an external one + # storageClassName: "nfs" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + # EFS: FS_ID::AP_ID + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + # Delete or Retain + reclaimPolicy: Delete + # Database server instance used for metrics and for API Portal + database: + # templating available + # host: example-mysql.{{ .Values.global.domainName }} + host: "" + port: 3306 + # database name for the metrics, used by gateway components + metrics: + enabled: false + # a database with this name has to be created in the MySQL instance as a prerequisite + databaseName: metrics + # 8.0.12 and earlier, useSSL is a string, verifyServerCertificate is a boolean value + useSSL: "false" + # verifyServerCertificate: true + # 8.0.13 and later: Server Certificate Verification is enabled when the sslMode property is set to VERIFY_CA or VERIFY_IDENTITY + # sslMode: "NONE" + # MySQL JDBC URL + url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}" + # additional QueryString parameters in jdbc url can be added as shown below + # encoding: "UTF-8" + # url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}&{{ .Values.global.database.metrics.encoding }}" + # if the credentials are already available in a secret, set existingSecret + existingSecret: {} + # name: "mysql-credentials" + # keyMapping: + # password: metricsDbPasswordKey + # username: metricsDbPasswordKey + # else, set username and password, this will create a new secret + username: "" + password: "" + # portal database is only used by the portal pods, so it's configuration is in the apiportal section + # cassandra connection configuration + cassandra: + enabled: false + # if the credentials are already available in a secret, set existingSecret + # if not, set username and password + existingSecret: {} + # name: cassandra + # keyMapping: + # username: myCassandraUsernameKey + # password: myCassandraPasswordKey + # list of hostnames and name of the env var passed to the gateway image, + # the variable name should be consistent with the content of the FED + hosts: [] + ## single cassandra node, or service of a containerized cassandra: + # - variable: CASS_HOST + # hostname: cassandra.cassandra + ## multi node cassandra: + # - variable: CASS_HOST_1 + # hostname: cassandra-1 + # - variable: CASS_HOST_2 + # hostname: cassandra-2 + # - variable: CASS_HOST_3 + # hostname: cassandra-3 + username: "" + password: "" + port: 9042 + # templating available + # keyspace: keyspace-{{ .Values.global.domainID }} + # tkeyspace: tkeyspace-{{ .Values.global.domainID }} + keyspace: "" + tkeyspace: "" + # Set the domain key passphrase. If passphrase is blank, do not set. + # domainkeypassphrase: + # passphrase: "" + tests: + images: + curl: + registry: docker.io + repository: "curlimages/curl" + # leave empty for "latest" or specify an immutable tag + tag: "" + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # cpu: 100m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +anm: + # a single replica is the only supported value for ANM + enabled: true + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + # Enables FIPS mode + FIPS: + enabled: false + logs: + trace: + # FATAL, ERROR, INFO, DEBUG, DATA + level: INFO + # Write trace logs to file on disk + disk: true + # Write trace logs to stdout in JSON Format + stdoutJSON: true + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + # podSecurityContext: + # set user id for k8s, set null for openshift + # runAsUser: 1000 + # runAsGroup: 1000 + # fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + traffic: + port: 8090 + protocol: TCP + ui: + port: 8091 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.anm.service.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + # JVM Heap Size in MB + jvmHeapSize: "1024" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.anm + path: /healthcheck + port: 8091 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.anm + path: /healthcheck + port: 8091 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + # extraVolumeMounts: + # - name: events + # mountPath: /opt/Axway/apigateway/logs/events + # extraVolumes: + # - persistentVolumeClaim: + # claimName: events + # name: events + extraVolumeMounts: + - name: anm-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: anm-external-config + name: anm-external-config + +apimgr: + enabled: true + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + groupId: "DefaultGroup" + # Enables FIPS mode + FIPS: + enabled: false + logs: + trace: + # FATAL, ERROR, INFO, DEBUG, DATA + level: INFO + # Write trace logs to file on disk + disk: true + # Write trace logs to stdout in JSON Format + stdoutJSON: true + opentraffic: + # none, file or stdout + output: file + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + #podSecurityContext: + # set user id for k8s, set null for openshift + # runAsUser: 1000 + # runAsGroup: 1000 + #fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + ui: + port: 8075 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.apimgr.service.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2Gi" + # cpu: 2 + # requests: + # memory: "0.5Gi" + # cpu: 0.5 + # JVM Heap Size in MB + jvmHeapSize: "1512" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apimgr + path: /healthcheck + port: 8075 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apimgr + path: /healthcheck + port: 8075 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + # extraVolumeMounts: + # - name: events + # mountPath: /opt/Axway/apigateway/logs/events + # - name: opentraffic + # mountPath: /opt/Axway/apigateway/logs/opentraffic + # extraVolumes: + # - persistentVolumeClaim: + # claimName: events + # name: events + # - persistentVolumeClaim: + # claimName: opentraffic + # name: opentraffic + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + license: + license.lic: | +# FIPS=1 +# Mock Connector=1 +# SalesForce Connector=1 +# ServiceNow Connector=1 +# analytics=1 +# api_visual_mapper=1 +# apiportal=1 +# expires=Sun, 05 May 2025 00:00:00 GMT +# mcafee=1 +# mobile integration=1 +# unrestricted=1 +# # SIGNATURE: abc123 + +apitraffic: + enabled: true + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + groupId: "DefaultGroup" + # Enables FIPS mode + FIPS: + enabled: false + logs: + trace: + # FATAL, ERROR, INFO, DEBUG or DATA + level: INFO + # Write trace logs to file on disk + disk: true + # Write trace logs to stdout in JSON Format + stdoutJSON: true + opentraffic: + # none, file or stdout + output: file + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + #podSecurityContext: + # set user id for k8s, set null for openshift + # runAsUser: 1000 + #runAsGroup: 1000 + #fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + traffic: + port: 8065 + protocol: TCP + oauth: + enabled: true + type: ClusterIP + port: 8089 + protocol: TCP + route: + enabled: false + targetPort: "{{ .Values.apitraffic.oauth.port }}" + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + #oauth ingress + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + #apitraffic ingress + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.apitraffic.service.ports.traffic.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2Gi" + # cpu: 2 + # requests: + # memory: "0.5Gi" + # cpu: 0.5 + # JVM Heap Size in MB + jvmHeapSize: "1512" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apitraffic + path: /healthcheck + port: 8065 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apitraffic + path: /healthcheck + port: 8065 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + # extraVolumeMounts: + # - name: events + # mountPath: /opt/Axway/apigateway/logs/events + # - name: opentraffic + # mountPath: /opt/Axway/apigateway/logs/opentraffic + # extraVolumes: + # - persistentVolumeClaim: + # claimName: events + # name: events + # - persistentVolumeClaim: + # claimName: opentraffic + # name: opentraffic + extraVolumeMounts: + - name: gw-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: gw-external-config + name: gw-external-config + license: + license.lic: | +# FIPS=1 +# Mock Connector=1 +# SalesForce Connector=1 +# ServiceNow Connector=1 +# analytics=1 +# api_visual_mapper=1 +# apiportal=1 +# expires=Sun, 05 May 2025 00:00:00 GMT +# mcafee=1 +# mobile integration=1 +# unrestricted=1 +# # SIGNATURE: abc123 + +aga: + enabled: false + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # Accept general conditions on the image by setting accept to yes + generalConditions: + accept: "" + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + podAnnotations: {} + podLabels: {} + # podSecurityContext: + # set user id for k8s, set null for openshift + # runAsUser: 1000 + # runAsGroup: 1000 + # fsGroup: 1000 + securityContext: + allowPrivilegeEscalation: false + # NOTE: readOnlyRootFilesystem should be left to false + # readOnlyRootFilesystem: false + runAsNonRoot: true + service: + type: ClusterIP + ports: + ui: + port: 8040 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.aga.service.ports.ui.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers// + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} + tolerations: [] + affinity: {} + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + livenessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: liveness.apimgr + path: /healthcheck + port: 8040 + scheme: HTTPS + initialDelaySeconds: 40 + periodSeconds: 30 + failureThreshold: 5 + readinessProbe: + httpGet: + httpHeaders: + - name: k8sprobe + value: readiness.apimgr + path: /healthcheck + port: 8040 + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 6 + #extraVolumeMounts: + #- name: events + # mountPath: /opt/Axway/apigateway/logs/events + #extraVolumes: + #- persistentVolumeClaim: + # claimName: events + # name: events + extraVolumeMounts: + - name: aga-external-config + mountPath: /merge + extraVolumes: + - persistentVolumeClaim: + claimName: aga-external-config + name: aga-external-config + +apiportal: + enabled: false + replicaCount: 1 + updateStrategy: + # RollingUpdate or Recreate + type: "" + # If RollingUpdate + rollingUpdate: + maxSurge: 2 + maxUnavailable: 0 + image: + # an image reference is specified by registry/repository:tag, + # for instance registry=docker.io, repository=library/alpine, tag=3.15 + # if registry is left empty, global.defaultRegistry will be used + registry: "" + repository: "" + # Overrides the image tag whose default is the chart appVersion. + tag: "" + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + service: + type: ClusterIP + ports: + target: + port: 8443 + https: + port: 8443 + protocol: TCP + http: + port: 8080 + protocol: TCP + force: + port: 443 + protocol: TCP + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + # OpenShift configuration + route: + enabled: true + targetPort: "{{ .Values.apiportal.service.ports.http.port }}" + ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html + tls: + enabled: true + termination: edge + insecureEdgeTerminationPolicy: Redirect + key: + caCertificate: + certificate: + destinationCACertificate: + apiManager: + configured: 1 + name: Main + # host: "" + # port: 8075 + # database settings for API Portal, also check the instance settings in global section + mysql: + enabled: true + # if the credentials are already available in a secret, set existingSecret + existingSecret: {} + # name: "mysql-credentials" + # keyMapping: + # password: portalPasswordKey + # username: portalPasswordKey + # else, set username and password, this will create a new secret + username: "" + password: "" + # if it doesn't exist, a database with this name will be created by the app + databaseName: "portal" + sslOn: 0 + sslVerifyCert: 0 + redis: + enabled: false + host: "" + port: 6379 + cacheTimeout: 600 + apache: + sslOn: 0 + #extraInitContainers: + # - name: extra + # image: "docker.io/busybox:1.34" + # command: [] + # resources: + # limits: + # memory: "500Mi" + # cpu: 0.5 + # securityContext: + # allowPrivilegeEscalation: false + # runAsNonRoot: true + extraEnvVars: [] + # - name: MY_ENV_VARIABLE + # value: "true" + podAnnotations: {} + podLabels: {} + # podSecurityContext: + # runAsUser: 1048 + # runAsGroup: 1048 + # fsGroup: 1048 + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # memory: "2048Mi" + # cpu: "1000m" + # requests: + # memory: "1Gi" + # cpu: "250m" + t4_downloaded: 1 + storage: + # if provisioningType=static, a template will be created for the PV, + # if provisioningType=dynamic (default), a storage class is used, and PV doesn't require a template + provisioningType: "dynamic" + classes: nfs + volumes: + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "enckey" + usedBy: + - portal + capacity: 3Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/enckey" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + # for static provisioning, the persistent volume will be created based on these specs + persistentVolume: + # CSI driver, for example efs.csi.aws.com + csiDriver: "" + # volume handle + volumeHandle: "" + # reclaim policy, what happens to the storage when the PVC is deleted + reclaimPolicy: Delete + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "images" + usedBy: + - portal + capacity: 100Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/images" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "language" + usedBy: + - portal + capacity: 10Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/language" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "templates" + usedBy: + - portal + capacity: 100Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/templates" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "admlanguage" + usedBy: + - portal + capacity: 10Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/administrator/admlanguage" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + - enabled: false + # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + name: "certs" + usedBy: + - portal + capacity: 10Mi + accessModes: + - ReadWriteMany + mountPath: "/opt/axway/apiportal/htdoc/administrator/components/com_apiportal/assets/cert" + # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName + # storageClassName: "" + +tests: + images: + curl: + registry: docker.io + repository: "curlimages/curl" + # leave empty for "latest" or specify an immutable tag + tag: "" + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: {} + # limits: + # cpu: 100m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +## Configuration for v7-discovery subchart +discovery-agent: + # Deploy the discovery agent + enabled: false + +## Configuration for v7-traceability subchart +traceability-agent: + ## Deploy the traceability agent + enabled: false