cscott/apigateway-ocp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Conan Scott
2025-11-13 23:47:20 +08:00
commit 900b9ca1f3
83 changed files with 8704 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

647
! Normal file
View File

@@ -0,0 +1,647 @@
nameOverride: gateway
global:
domainName: apilab.us
defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7
imagePullPolicy: Always
imagePullSecrets:
- name: regcred
storage:
provisioningType: "dynamic"
storageClassName: "nfs"
volumes:
- name: events
enabled: true
usedBy:
- anm
- apimgr
- traffic
accessModes:
- ReadWriteMany
capacity: 1Gi
volumeName: apim-events
- name: payloads
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 16Gi
volumeName: apim-payloads
- name: audit
enabled: true
usedBy:
- anm
- apimgr
- traffic
accessModes:
- ReadWriteMany
capacity: 1Gi
volumeName: apim-audit
- name: anm-external-config
enabled: true
usedBy:
- anm
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: apimgr-external-config
enabled: true
usedBy:
- apimgr
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: apitraffic-external-config
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: aga-external-config
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: opentraffic
enabled: true
usedBy:
- traffic
- anm
- apimgr
accessModes:
- ReadWriteOnce
capacity: 8Gi
volumeName: apim-opentraffic
initContainers:
securityContext:
runAsNonRoot: false
database:
host: mysql.metrics.svc.cluster.local
metrics:
enabled: true
username: "root"
password: "password"
sslMode: "NONE"
url: jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}
cassandra:
enabled: true
hosts:
- variable: CASS_HOST
hostname: cassandra.cassandra.svc.cluster.local
username: cassandra
password: cassandra
keyspace: ks
tkeyspace: tks
anm:
image:
repository: "admin-nodemanager"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: anm.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: anm-tls
hosts:
- anm.apilab.us
service:
port: 8091
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
- name: audit
mountPath: /opt/Axway/apigateway/logs
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
- name: API_BUILDER_URL
value: "https://axway-elk-apim4elastic-apibuilder4elastic.apim4elastic:8443"
apimgr:
name: apimgr
image:
repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
groupId: Group1
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: apimgr.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: apimgr-tls
hosts:
- apimgr.apilab.us
service:
port: 8075
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
- name: apimgr-external-config
mountPath: /merge
- name: opentraffic
mountPath: /opt/Axway/apigateway/logs/opentraffic
- name: audit
mountPath: /opt/Axway/apigateway/logs/transaction
extraVolumes:
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: apimgr-external-config
name: apimgr-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Sat, 30 Nov 2024 15:48:27 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9
# SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba
# SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d
# SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4
# SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089
# SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d
# SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472
# SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c
apitraffic:
image:
repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
groupId: Group1
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 6
targetCPUUtilizationPercentage: 80
replicaCount: 4
securityContext:
runAsNonRoot: false
oauth:
enabled: true
type: ClusterIP
port: 8089
protocol: TCP
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: oauth.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: oauth-tls
hosts:
- oauth.apilab.us
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: apitraffic.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: apitraffic-tls
hosts:
- apitraffic.apilab.us
service:
port: 8065
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
- name: apitraffic-external-config
mountPath: /merge
- name: opentraffic
mountPath: /opt/Axway/apigateway/logs/opentraffic
- name: payloads
mountPath: /opt/Axway/apigateway/logs/payloads
- name: audit
mountPath: /opt/Axway/apigateway/logs/transaction
extraVolumes:
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: apitraffic-external-config
name: apitraffic-external-config
- persistentVolumeClaim:
claimName: payloads
name: payloads
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ENV_SECRET_EXAMPLE
valueFrom:
secretKeyRef:
name: apim-gateway-cassandra
key: username
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Sat, 30 Nov 2024 15:48:27 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9
# SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba
# SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d
# SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4
# SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089
# SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d
# SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472
# SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c
apiportal:
enabled: true
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: docker.repository.axway.com/apiportal-docker-prod/7.7
repository: "apiportal"
tag: "7.7.20240228-BN1285"
generalConditions:
accept: "yes"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
service:
type: ClusterIP
ports:
# target:
# port: 8443
# https:
# port: 8443
# protocol: TCP
http:
port: 8080
protocol: TCP
force:
port: 8080
protocol: TCP
# OpenShift configuration
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: portal.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: apiportal-tls
hosts:
- portal.apilab.us
apiManager:
configured: 1
name: Main
host: "apimgr.apilab.us"
port: 443
# database settings for API Portal, also check the instance settings in global section
mysql:
enabled: true
# if the credentials are already available in a secret, set existingSecret
existingSecret:
{}
# name: "mysql-credentials"
# keyMapping:
# password: password
# username: root
# else, set username and password, this will create a new secret
username: "root"
password: "password"
# if it doesn't exist, a database with this name will be created by the app
databaseName: "portal"
sslOn: 0
sslVerifyCert: 0
redis:
enabled: false
host: ""
port: 6379
cacheTimeout: 600
apache:
sslOn: 0
extraEnvVars: []
podSecurityContext:
runAsUser: 1048
runAsGroup: 1048
fsGroup: 1048
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
aga:
enabled: false
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Sat, 30 Nov 2024 15:48:27 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9
# SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba
# SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d
# SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4
# SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089
# SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d
# SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472
# SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
repository: "analytics"
tag: "7.7.0.20240228-1-BN0065-ubi9"
# Overrides the image tag whose default is the chart appVersion.
generalConditions:
accept: "yes"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
extraEnvVars:
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
podAnnotations: {}
podSecurityContext: {}
securityContext:
allowPrivilegeEscalation: false
#NOTE readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
runAsNonRoot: false
service:
type: ClusterIP
ports:
ui:
port: 8040
protocol: TCP
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
# kubernetes.io/i:ngress.class: nginx
kubernetes.io/tls-acme: "true"
hosts:
- host: analytics.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: analytics-tls
hosts:
- analytics.apilab.us
# OpenShift configuration
route:
enabled: false
# targetPort: "{{ .Values.aga.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html
# tls:
# enabled: true
# termination: passthrough
# insecureEdgeTerminationPolicy: Redirect
# key:
# caCertificate:
# certificate:
# destinationCACertificate:
# ref: https://kubernetes.io/docs/user-guide/compute-resources/
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
#targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6