cscott/apigateway-ocp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Conan Scott
2025-11-13 23:47:20 +08:00
commit 900b9ca1f3
83 changed files with 8704 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
templates/NOTES.txt Normal file
View File

50
templates/_gateway_helpers.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create the name of the service account to use
*/}}
{{- define "gateway.apitraffic.serviceAccountName" -}}
{{- if .Values.apitraffic.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apitraffic.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.anm.serviceAccountName" -}}
{{- if .Values.anm.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.anm.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.apimgr.serviceAccountName" -}}
{{- if .Values.apimgr.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apimgr.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.aga.serviceAccountName" -}}
{{- if .Values.aga.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.aga.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Secret name for metrics db credentials, either the existing one or the one created by this chart
*/}}
{{- define "gateway.metrics-db.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }}
{{- end }}
{{/*
Secret name for domain key passphrase
*/}}
{{- define "gateway.domainkeypassphrase.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "domainkeypassphrase") .Values.global.domainkeypassphrase.name }}
{{- end }}

140
templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,140 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "gateway.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "gateway.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "gateway.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "gateway.labels" -}}
helm.sh/chart: {{ include "gateway.chart" . }}
{{ include "gateway.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "gateway.selectorLabels" -}}
app.kubernetes.io/name: {{ include "gateway.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "gateway.apitraffic.serviceAccountName" -}}
{{- if .Values.apitraffic.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apitraffic.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.anm.serviceAccountName" -}}
{{- if .Values.anm.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.anm.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.apimgr.serviceAccountName" -}}
{{- if .Values.apimgr.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apimgr.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.aga.serviceAccountName" -}}
{{- if .Values.aga.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.aga.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.tests.serviceAccountName" -}}
{{- if .Values.global.tests.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "tests") .Values.global.tests.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.global.tests.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Secret name for metrics db credentials, either the existing one or the one created by this chart
*/}}
{{- define "gateway.metrics-db.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }}
{{- end }}
{{/*
Secret name for cassandra password, either the existing one or the one created by this chart
*/}}
{{- define "gateway.cassandra.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "cassandra") .Values.global.cassandra.existingSecret.name }}
{{- end }}
{{/*
Filters the API GW related volumes from the global section
Usage (example with traffic, can also be anm, aga, apimgr, portal):
{{ include "gateway.volumeMounts" (dict "component" "traffic" "storage" .Values.global.storage) }}
*/}}
{{- define "gateway.volumeMounts" -}}
{{- $component := .component }}
{{- $volumeMounts := list }}
{{- range .storage.volumes }}
{{- if and (or (empty $component) (has $component .usedBy)) .enabled }}
{{- $volumeMounts = append $volumeMounts (dict "name" .name "mountPath" (coalesce .mountPoint (printf "/opt/Axway/apigateway/%s" .name))) }}
{{- end }}
{{- end }}
{{- toYaml $volumeMounts }}
{{- end }}
{{/*
Usage (example with traffic, can also be anm, aga, apimgr, portal):
{{ include "gateway.volumes" (dict "component" "traffic" "storage" .Values.global.storage) }}
*/}}
{{- define "gateway.volumes" -}}
{{- $component := .component }}
{{- $volumes := list }}
{{- range .storage.volumes }}
{{- if and (or (empty $component) (has $component .usedBy)) .enabled }}
{{- $volumes = append $volumes (dict "name" .name "persistentVolumeClaim" (dict "claimName" (coalesce .claimName .name))) }}
{{- end }}
{{- end }}
{{- toYaml $volumes }}
{{- end }}

18
templates/_portal_helpers.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create the name of the service account to use
*/}}
{{- define "gateway.apiportal.serviceAccountName" -}}
{{- if .Values.apiportal.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal") .Values.aga.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apiportal.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Secret name for mysql db credentials, either the existing one or the one created by this chart
*/}}
{{- define "gateway.apiportal.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal-db") .Values.apiportal.mysql.existingSecret.name }}
{{- end }}

12
templates/aga/aga-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.aga.enabled .Values.aga.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-aga-license-config
data:
{{- range $path, $config := .Values.aga.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

122
templates/aga/aga-deployment.yaml Normal file
View File

@@ -0,0 +1,122 @@
{{- if .Values.aga.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
{{- if not .Values.aga.autoscaling.enabled }}
replicas: {{ .Values.aga.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.aga.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.aga.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: aga
{{- with .Values.aga.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.aga.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: aga
{{- with .Values.aga.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.aga.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.aga.podSecurityContext | nindent 8 }}
{{- if .Values.aga.extraInitContainers }}
initContainers:
{{ toYaml (.Values.aga.extraInitContainers) | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.aga.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.aga.image.registry }}/{{ .Values.aga.image.repository }}:{{ .Values.aga.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.aga.service.ports.ui.port }}
protocol: {{ .Values.aga.service.ports.ui.protocol }}
{{- with .Values.aga.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.aga.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.aga.resources | nindent 12 }}
env:
{{- with .Values.aga.extraEnvVars }}
{{ toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
{{- if .Values.aga.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.aga.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.aga.extraVolumeMounts }}
volumeMounts:
{{- toYaml ( .Values.aga.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.aga.license }}
- name: license
mountPath: "/opt/Axway/analytics/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- if .Values.aga.extraVolumes }}
volumes:
{{- if .Values.aga.license }}
- name: license
configMap:
name: {{ .Release.Name }}-aga-license-config
{{- end }}
{{ toYaml ( .Values.aga.extraVolumes ) | indent 8 }}
{{- end }}
{{- with .Values.aga.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.aga.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.aga.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

33
templates/aga/aga-hpa.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.aga.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-aga"
minReplicas: {{ .Values.aga.autoscaling.minReplicas }}
maxReplicas: {{ .Values.aga.autoscaling.maxReplicas }}
metrics:
{{- if .Values.aga.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.aga.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.aga.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.aga.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

47
templates/aga/aga-ingress.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if .Values.aga.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.aga.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-aga
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.aga.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.aga.ingress.className }}
ingressClassName: {{ .Values.aga.ingress.className }}
{{- end }}
{{- if .Values.aga.ingress.tls }}
tls:
{{- range .Values.aga.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.aga.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-aga
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
templates/aga/aga-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if and .Values.aga.enabled .Values.aga.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
{{- if .Values.global.domainName }}
host: aga.{{ .Values.global.domainName }}
{{- end }}
port:
targetPort: {{ tpl .Values.aga.route.targetPort . }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-aga"
{{- if .Values.aga.route.tls.enabled }}
tls:
termination: {{ .Values.aga.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.aga.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.aga.route.tls.key }}
key: |-
{{- .Values.aga.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.aga.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.aga.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.aga.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.aga.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.aga.route.tls.certificate }}
certificate: |-
{{- .Values.aga.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

19
templates/aga/aga-service.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.aga.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
type: {{ .Values.aga.service.type }}
ports:
- port: {{ .Values.aga.service.ports.ui.port }}
targetPort: {{ .Values.aga.service.ports.ui.port }}
protocol: {{ .Values.aga.service.ports.ui.protocol }}
name: apianalyticsui
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: aga
{{- end }}

13
templates/aga/aga-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.aga.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.aga.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
{{- with .Values.aga.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

12
templates/anm/anm-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.anm.enabled .Values.anm.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-anm-license-config
data:
{{- range $path, $config := .Values.anm.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

162
templates/anm/anm-deployment.yaml Normal file
View File

@@ -0,0 +1,162 @@
{{- if .Values.anm.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
{{- if not .Values.anm.autoscaling.enabled }}
replicas: {{ .Values.anm.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.anm.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.anm.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: anm
{{- with .Values.anm.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.anm.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: anm
{{- with .Values.anm.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.anm.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.anm.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.anm.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.anm.image.registry }}/{{ .Values.anm.image.repository }}:{{ .Values.anm.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.anm.service.ports.traffic.port }}
protocol: {{ .Values.anm.service.ports.traffic.protocol }}
- containerPort: {{ .Values.anm.service.ports.ui.port }}
protocol: {{ .Values.anm.service.ports.ui.protocol }}
{{- with .Values.anm.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.anm.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.anm.resources | nindent 12 }}
env:
{{- with .Values.anm.extraEnvVars }}
{{ toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.anm.FIPS.enabled }}
- name: EMT_FIPS_MODE
value: {{ .Values.anm.FIPS.enabled | quote }}
{{- end }}
{{- if .Values.anm.jvmHeapSize }}
- name: EMT_HEAP_SIZE_MB
value: {{ .Values.anm.jvmHeapSize | quote }}
{{- end }}
{{- if .Values.anm.logs.trace.level }}
- name: EMT_TRACE_LEVEL
value: {{ .Values.anm.logs.trace.level | quote }}
{{- end }}
{{- if .Values.anm.logs.trace.disk }}
- name: APIGW_LOG_TRACE_TO_FILE
value: {{ .Values.anm.logs.trace.disk | quote }}
{{- end }}
- name: APIGW_LOG_TRACE_JSON_TO_STDOUT
value: {{ default .Values.anm.logs.trace.stdoutJSON false | quote }}
{{- if .Values.global.domainkeypassphrase }}
- name: DOMAIN_KEY_PASSPHRASE
valueFrom:
secretKeyRef:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
key: passphrase
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
{{- if .Values.anm.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.anm.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.anm.extraVolumeMounts }}
volumeMounts:
{{- if .Values.anm.license }}
- name: license
mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- toYaml ( .Values.anm.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.anm.extraVolumes }}
volumes:
{{- if .Values.anm.license }}
- name: license
configMap:
name: {{ .Release.Name }}-anm-license-config
{{- end }}
{{ toYaml ( .Values.anm.extraVolumes ) | indent 8 }}
{{- end }}
initContainers:
{{- if .Values.global.database.metrics.enabled }}
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: ['sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;']
{{- with .Values.global.initContainers.resources }}
resources:
{{ toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.anm.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.anm.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.anm.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.anm.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

35
templates/anm/anm-hpa.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-anm"
minReplicas: {{ .Values.anm.autoscaling.minReplicas }}
maxReplicas: {{ .Values.anm.autoscaling.maxReplicas }}
metrics:
{{- if .Values.anm.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.anm.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.anm.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.anm.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
{{- end }}

49
templates/anm/anm-ingress.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.anm.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-anm
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.anm.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.anm.ingress.className }}
ingressClassName: {{ .Values.anm.ingress.className }}
{{- end }}
{{- if .Values.anm.ingress.tls }}
tls:
{{- range .Values.anm.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.anm.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-anm
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

42
templates/anm/anm-routes.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
{{- if .Values.global.domainName }}
host: anm.{{ .Values.global.domainName }}
{{- end }}
port:
targetPort: {{ tpl .Values.anm.route.targetPort . }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-anm"
{{- if .Values.anm.route.tls.enabled }}
tls:
termination: {{ .Values.anm.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.anm.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.anm.route.tls.key }}
key: |-
{{- .Values.anm.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.anm.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.anm.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.anm.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.anm.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.anm.route.tls.certificate }}
certificate: |-
{{- .Values.anm.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}
{{- end }}

23
templates/anm/anm-service.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.anm.enabled }}
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
type: {{ .Values.anm.service.type }}
ports:
- port: {{ .Values.anm.service.ports.traffic.port }}
targetPort: {{ .Values.anm.service.ports.traffic.port }}
protocol: {{ .Values.anm.service.ports.traffic.protocol }}
name: gatewaymanager
- port: {{ .Values.anm.service.ports.ui.port }}
targetPort: {{ .Values.anm.service.ports.ui.port }}
protocol: {{ .Values.anm.service.ports.ui.protocol }}
name: gatewaymanagerui
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: anm
{{- end }}

15
templates/anm/anm-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ include "gateway.anm.serviceAccountName" . }}"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
{{- with .Values.anm.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

12
templates/apimgr/apimgr-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.apimgr.enabled .Values.apimgr.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-apimgr-license-config
data:
{{- range $path, $config := .Values.apimgr.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

227
templates/apimgr/apimgr-deployment.yaml Normal file
View File

@@ -0,0 +1,227 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
{{- if not .Values.apimgr.autoscaling.enabled }}
replicas: {{ .Values.apimgr.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apimgr.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apimgr.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: apimgr
{{- with .Values.apimgr.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.apimgr.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: apimgr
{{- with .Values.apimgr.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.apimgr.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.apimgr.podSecurityContext | nindent 8 }}
initContainers:
{{- if .Values.global.cassandra.enabled }}
- name: init-cassandra
image: {{ .Values.global.initContainers.image | quote }}
{{- with (first .Values.global.cassandra.hosts) }}
command: ["sh", "-c", "until nc -w 3 -v {{ .hostname }} 9042; do echo waiting for {{ .hostname }}; sleep 2; done;"]
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
- name: init-anm
image: {{ .Values.global.initContainers.image | quote }}
{{- if .Values.anm.hostname }}
command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"]
{{- else }}
command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"]
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apimgr.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.apimgr.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.apimgr.image.registry }}/{{ .Values.apimgr.image.repository }}:{{ .Values.apimgr.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.apimgr.service.ports.ui.port }}
protocol: {{ .Values.apimgr.service.ports.ui.protocol }}
{{- with .Values.apimgr.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apimgr.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.apimgr.resources | nindent 12 }}
env:
{{- with .Values.apimgr.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.apimgr.FIPS.enabled }}
- name: EMT_FIPS_MODE
value: {{ .Values.apimgr.FIPS.enabled | quote }}
{{- end }}
{{- if .Values.apimgr.jvmHeapSize }}
- name: EMT_HEAP_SIZE_MB
value: {{ .Values.apimgr.jvmHeapSize | quote }}
{{- end }}
{{- if .Values.apimgr.logs.trace.level }}
- name: EMT_TRACE_LEVEL
value: {{ .Values.apimgr.logs.trace.level | quote }}
{{- end }}
{{- if .Values.apimgr.logs.trace.disk }}
- name: APIGW_LOG_TRACE_TO_FILE
value: {{ .Values.apimgr.logs.trace.disk | quote }}
{{- end }}
- name: APIGW_LOG_TRACE_JSON_TO_STDOUT
value: {{ default .Values.apimgr.logs.trace.stdoutJSON false | quote }}
{{- if .Values.apimgr.logs.opentraffic.output | quote }}
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: {{ .Values.apimgr.logs.opentraffic.output | quote }}
{{- end }}
{{- if .Values.global.domainkeypassphrase }}
- name: DOMAIN_KEY_PASSPHRASE
valueFrom:
secretKeyRef:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
key: passphrase
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
{{- if .Values.anm.hostname }}
- name: EMT_ANM_HOSTS
value: {{ .Values.anm.hostname | quote }}
{{- else }}
- name: EMT_ANM_HOSTS
value: "{{ include "gateway.fullname" . }}-anm:8090"
{{- end }}
- name: GROUP_ID
value: {{ .Values.apimgr.groupId }}
{{- if .Values.global.domainId }}
- name: DOMAIN_ID
value: {{ .Values.global.domainId }}
{{- end }}
{{- if .Values.global.cassandra.enabled }}
{{- range .Values.global.cassandra.hosts }}
- name: {{ .variable }}
value: {{ .hostname | quote }}
{{- end }}
- name: CASS_PORT
value: {{ .Values.global.cassandra.port | quote }}
- name: CASS_KEYSPACE
value: {{ tpl .Values.global.cassandra.keyspace . | quote }}
- name: CASS_TKEYSPACE
value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }}
- name: CASS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
- name: CASS_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
{{- end }}
{{- if .Values.apimgr.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.apimgr.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.apimgr.extraVolumeMounts }}
volumeMounts:
{{- if .Values.apimgr.license }}
- name: license
mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- toYaml ( .Values.apimgr.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.apimgr.extraVolumes }}
volumes:
{{- if .Values.apimgr.license }}
- name: license
configMap:
name: {{ .Release.Name }}-apimgr-license-config
{{- end }}
{{ toYaml ( .Values.apimgr.extraVolumes ) | indent 8 }}
{{- end }}
{{- with .Values.apimgr.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apimgr.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apimgr.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

33
templates/apimgr/apimgr-hpa.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.apimgr.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-apimgr"
minReplicas: {{ .Values.apimgr.autoscaling.minReplicas }}
maxReplicas: {{ .Values.apimgr.autoscaling.maxReplicas }}
metrics:
{{- if .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

47
templates/apimgr/apimgr-ingress.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if .Values.apimgr.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apimgr.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apimgr
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apimgr.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apimgr.ingress.className }}
ingressClassName: {{ .Values.apimgr.ingress.className }}
{{- end }}
{{- if .Values.apimgr.ingress.tls }}
tls:
{{- range .Values.apimgr.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apimgr.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType}}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apimgr
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
templates/apimgr/apimgr-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.apimgr.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
{{- if .Values.global.domainName }}
host: apimgr.{{ .Values.global.domainName }}
{{- end }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-apimgr"
port:
targetPort: {{ tpl .Values.apimgr.route.targetPort . }}
{{- if .Values.apimgr.route.tls.enabled }}
tls:
termination: {{ .Values.apimgr.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apimgr.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apimgr.route.tls.key }}
key: |-
{{- .Values.apimgr.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apimgr.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apimgr.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apimgr.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apimgr.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apimgr.route.tls.certificate }}
certificate: |-
{{- .Values.apimgr.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

17
templates/apimgr/apimgr-service.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
type: {{ .Values.apimgr.service.type }}
ports:
- port: {{ .Values.apimgr.service.ports.ui.port }}
targetPort: {{ .Values.apimgr.service.ports.ui.port }}
protocol: {{ .Values.apimgr.service.ports.ui.protocol }}
name: apimanagerui
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apimgr

13
templates/apimgr/apimgr-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.apimgr.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.apimgr.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
{{- with .Values.apimgr.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

12
templates/apiportal/apiportal-db-secret.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.mysql.enabled (not .Values.apiportal.mysql.existingSecret) -}}
apiVersion: v1
data:
username: {{ .Values.apiportal.mysql.username | b64enc }}
password: {{ .Values.apiportal.mysql.password | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.apiportal.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
{{- end }}

173
templates/apiportal/apiportal-deployment.yaml Normal file
View File

@@ -0,0 +1,173 @@
{{- if .Values.apiportal.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-apiportal"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
replicas: {{ .Values.apiportal.replicaCount }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apiportal.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apiportal.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: apiportal
{{- with .Values.apiportal.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.apiportal.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: apiportal
{{- with .Values.apiportal.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.apiportal.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.apiportal.podSecurityContext | nindent 8 }}
containers:
- name: "{{ include "gateway.fullname" . }}-apiportal"
securityContext:
{{- toYaml .Values.apiportal.securityContext | nindent 12 }}
command: ["/usr/local/bin/entrypoint.sh", "apiportal"]
{{- with .Values.apiportal.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apiportal.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.apiportal.resources | nindent 12 }}
env:
# Same mysql database has been used for both metrics and apiportal
{{- if .Values.apiportal.mysql.enabled }}
- name: MYSQL_HOST
value: {{ tpl .Values.global.database.host . | quote }}
- name: MYSQL_PORT
value: {{ .Values.global.database.port | quote }}
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: {{ include "gateway.apiportal.secretName" . }}
key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "gateway.apiportal.secretName" . }}
key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
- name: MYSQL_DATABASE
value: {{ .Values.apiportal.mysql.databaseName | quote }}
- name: MYSQL_SSL_ON
value: {{ .Values.apiportal.mysql.sslOn | quote }}
- name: MYSQL_SSL_VERIFY_CERT
value: {{ .Values.apiportal.mysql.sslVerifyCert | quote }}
{{- end }}
{{- if .Values.apiportal.redis.enabled }}
- name: REDIS_CONFIGURED
value: "1"
- name: REDIS_ON
value: "1"
- name: REDIS_HOST
value: {{ required "A redis host should be specified" .Values.apiportal.redis.host | quote }}
- name: REDIS_PORT
value: {{ default "6379" .Values.apiportal.redis.port | quote }}
- name: REDIS_CACHE_TIMEOUT_SEC
value: {{ default "600" .Values.apiportal.redis.cacheTimeout | quote }}
{{- end }}
- name: APACHE_SSL_ON
value: {{ .Values.apiportal.apache.sslOn | quote }}
- name: APIMANAGER_CONFIGURED
value: {{ default "1" .Values.apiportal.apiManager.configured | quote }}
- name: API_WHITELIST_CONFIGURED
value: "1"
- name: API_WHITELIST
value: "apitraffic.{{ .Values.global.domainName }}"
- name: APIMANAGER_NAME
value: {{ .Values.apiportal.apiManager.name | quote }}
- name: APIMANAGER_HOST
value: "{{ include "gateway.fullname" . }}-apimgr"
- name: APIMANAGER_PORT
value: {{ .Values.apimgr.service.ports.ui.port | quote }}
- name: HTTP_PORT
value: {{ .Values.apiportal.service.ports.http.port | quote }}
- name: HTTPS_PORT
value: {{ .Values.apiportal.service.ports.https.port | quote }}
- name: HTTPS_FORCE_PORT
value: {{ .Values.apiportal.service.ports.force.port | quote }}
- name: T4_DOWNLOADED
value: {{ .Values.apiportal.t4_downloaded | quote }}
{{- if .Values.apiportal.extraEnvVars }}
{{- toYaml .Values.apiportal.extraEnvVars | nindent 12 }}
{{- end }}
image: "{{ default .Values.global.defaultRegistry .Values.apiportal.image.registry }}/{{ .Values.apiportal.image.repository }}:{{ .Values.apiportal.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- name: "apiportal"
containerPort: {{ .Values.apiportal.service.ports.force.port }}
protocol: TCP
volumeMounts:
{{- $mounts := list }}
{{- if .Values.apiportal.mysql.sslOn }}
{{- $mounts = append $mounts (dict "name" "mysql-certs" "mountPath" "/opt/axway/apiportal/certs/mysql/mysql-ca.pem" "subPath" "mysql-ca.pem") }}
{{- end }}
{{- if .Values.apiportal.apache.sslOn }}
{{- $mounts = append $mounts (dict "name" "apache" "mountPath" "/opt/axway/apiportal/certs/apache/") }}
{{- end }}
{{- include "gateway.volumeMounts" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $mounts | default list | toYaml | nindent 12 }}
initContainers:
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: [ 'sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port }}; do echo waiting for MySQL; sleep 2; done;' ]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.apiportal.apiManager.configured }}
- name: init-apimanager
image: {{ .Values.global.initContainers.image | quote }}
command: [ 'sh', '-c', 'until nc -w 3 -v {{ include "gateway.fullname" . }}-apimgr 8075; do echo waiting for API Manager; sleep 2; done;' ]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.apiportal.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- $vols := list }}
{{- if .Values.apiportal.mysql.sslOn }}
{{- $vols = append $vols (dict "name" "mysql-certs" "secret" (dict "secretName" "mysql-ca-cert" "items" (list (dict "key" "mysql-ca.pem" "path" "mysql-ca.pem")))) }}
{{- end }}
{{- if .Values.apiportal.apache.sslOn }}
{{- $vols = append $vols (dict "name" "apache" "secret" (dict "secretName" "apache" "items" (list (dict "key" "tls.key" "path" "apache.key") (dict "key" "tls.crt" "path" "apache.crt")))) }}
{{- end }}
{{- include "gateway.volumes" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $vols | default list | toYaml | nindent 8 }}
{{- end }}

47
templates/apiportal/apiportal-ingress.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apiportal.service.ports.target.port }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apiportal
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apiportal.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apiportal.ingress.className }}
ingressClassName: {{ .Values.apiportal.ingress.className }}
{{- end }}
{{- if .Values.apiportal.ingress.tls }}
tls:
{{- range .Values.apiportal.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apiportal.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apiportal
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

37
templates/apiportal/apiportal-rbac.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{- if .Values.apiportal.enabled -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: apiportalscc
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- nonroot
resources:
- securitycontextconstraints
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: apiportalscc
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
subjects:
- kind: ServiceAccount
name: {{ include "gateway.apiportal.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
roleRef:
kind: Role
name: apiportalscc
apiGroup: rbac.authorization.k8s.io
{{- end }}

40
templates/apiportal/apiportal-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-apiportal"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
to:
kind: Service
name: {{ include "gateway.fullname" . }}-apiportal
{{- if .Values.global.domainName }}
host: apiportal.{{ .Values.global.domainName }}
{{- end }}
port:
targetPort: {{ tpl .Values.apiportal.route.targetPort . }}
{{- if .Values.apiportal.route.tls.enabled }}
tls:
termination: {{ .Values.apiportal.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apiportal.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apiportal.route.tls.key }}
key: |-
{{- .Values.apiportal.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apiportal.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apiportal.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apiportal.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apiportal.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apiportal.route.tls.certificate }}
certificate: |-
{{- .Values.apiportal.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

24
templates/apiportal/apiportal-service.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.apiportal.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "gateway.fullname" . }}-apiportal
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
type: ClusterIP
ports:
- port: {{ .Values.apiportal.service.ports.http.port }}
targetPort: {{ .Values.apiportal.service.ports.http.port }}
protocol: TCP
name: {{ include "gateway.fullname" . }}-apiportal-http
- port: {{ .Values.apiportal.service.ports.https.port }}
targetPort: {{ .Values.apiportal.service.ports.https.port }}
protocol: TCP
name: {{ include "gateway.fullname" . }}-apiportal-https
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
{{- end }}

13
templates/apiportal/apiportal-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.apiportal.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
{{- with .Values.apiportal.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

53
templates/apiportal/storage/apiportal-pvc.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- if .Values.apiportal.enabled }}
{{- range .Values.apiportal.storage.volumes }}
{{- if .enabled }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }}
resources:
requests:
storage: {{ default "1Mi" .capacity | quote }}
{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "static" }}
# PersistentVolume needs to be created only for Static storage provisioning
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "gateway.fullname" $ }}-{{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
capacity:
storage: {{ .capacity | quote }}
volumeMode: Filesystem
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }}
csi:
driver: {{ .persistentVolume.csiDriver }}
volumeHandle: {{ .persistentVolume.volumeHandle }}
claimRef:
name: {{ .name | lower }}
namespace: {{ $.Release.Namespace | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

26
templates/apiportal/storage/storage-class.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{ if .Values.apiportal.enabled }}
{{- range .Values.apiportal.storage.classes }}
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
provisioner: {{ .provisioner | quote }}
{{- with .allowVolumeExpansion }}
allowVolumeExpansion: {{ . }}
{{- end }}
{{- with .parameters }}
parameters: {{- tpl (toYaml .) $ | nindent 2 }}
{{- end }}
{{- with .mountOptions }}
mountOptions: {{- toYaml . | nindent 2 }}
{{- end }}
{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "dynamic" }}
volumeBindingMode: WaitForFirstConsumer
{{- else }}
volumeBindingMode: Immediate
{{- end }}
{{- end }}
{{- end }}

12
templates/apitraffic/apitraffic-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.apitraffic.enabled .Values.apitraffic.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-apitraffic-license-config
data:
{{- range $path, $config := .Values.apitraffic.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

228
templates/apitraffic/apitraffic-deployment.yaml Normal file
View File

@@ -0,0 +1,228 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
{{- if not .Values.apitraffic.autoscaling.enabled }}
replicas: {{ .Values.apitraffic.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apitraffic.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apitraffic.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: apitraffic
{{- with .Values.apitraffic.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.apitraffic.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: apitraffic
{{- with .Values.apitraffic.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.apitraffic.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.apitraffic.podSecurityContext | nindent 8 }}
initContainers:
{{- if .Values.global.cassandra.enabled }}
- name: init-cassandra
image: {{ .Values.global.initContainers.image | quote }}
{{- with (first .Values.global.cassandra.hosts) }}
command: ["sh", "-c", "until nc -w 3 -v {{ .hostname }} 9042; do echo waiting for {{ .hostname }}; sleep 2; done;"]
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
- name: init-anm
image: {{ .Values.global.initContainers.image | quote }}
{{- if .Values.anm.hostname }}
command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"]
{{- else }}
command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"]
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apitraffic.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.apitraffic.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.apitraffic.image.registry }}/{{ .Values.apitraffic.image.repository }}:{{ .Values.apitraffic.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.apitraffic.service.ports.traffic.port }}
protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }}
{{- with .Values.apitraffic.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apitraffic.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.apitraffic.resources | nindent 12 }}
env:
{{- with .Values.apitraffic.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.apitraffic.FIPS.enabled }}
- name: EMT_FIPS_MODE
value: {{ .Values.apitraffic.FIPS.enabled | quote }}
{{- end }}
{{- if .Values.apitraffic.jvmHeapSize }}
- name: EMT_HEAP_SIZE_MB
value: {{ .Values.apitraffic.jvmHeapSize | quote }}
{{- end }}
{{- if .Values.apitraffic.logs.trace.level }}
- name: EMT_TRACE_LEVEL
value: {{ .Values.apitraffic.logs.trace.level | quote }}
{{- end }}
{{- if .Values.apitraffic.logs.trace.disk }}
- name: APIGW_LOG_TRACE_TO_FILE
value: {{ .Values.apitraffic.logs.trace.disk | quote }}
{{- end }}
- name: APIGW_LOG_TRACE_JSON_TO_STDOUT
value: {{ default .Values.apitraffic.logs.trace.stdoutJSON false | quote }}
{{- if .Values.apitraffic.logs.opentraffic.output | quote}}
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: {{ .Values.apitraffic.logs.opentraffic.output | quote }}
{{- end }}
{{- if .Values.global.domainkeypassphrase }}
- name: DOMAIN_KEY_PASSPHRASE
valueFrom:
secretKeyRef:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
key: passphrase
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
- name: GROUP_ID
value: {{ .Values.apitraffic.groupId }}
{{- if .Values.global.domainId }}
- name: DOMAIN_ID
value: {{ .Values.global.domainId }}
{{- end }}
{{- if .Values.global.cassandra.enabled }}
{{- range .Values.global.cassandra.hosts }}
- name: {{ .variable }}
value: {{ .hostname | quote }}
{{- end }}
- name: CASS_PORT
value: {{ .Values.global.cassandra.port | quote }}
- name: CASS_KEYSPACE
value: {{ tpl .Values.global.cassandra.keyspace . | quote }}
- name: CASS_TKEYSPACE
value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }}
- name: CASS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
- name: CASS_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
{{- end }}
{{- if .Values.apitraffic.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.apitraffic.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.anm.hostname }}
- name: EMT_ANM_HOSTS
value: {{ .Values.anm.hostname | quote }}
{{- else }}
- name: EMT_ANM_HOSTS
value: "{{ include "gateway.fullname" . }}-anm:8090"
{{- end }}
{{- if .Values.apitraffic.extraVolumeMounts }}
volumeMounts:
{{- if .Values.apitraffic.license }}
- name: license
mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- toYaml ( .Values.apitraffic.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.apitraffic.extraVolumes }}
volumes:
{{- if .Values.apitraffic.license }}
- name: license
configMap:
name: {{ .Release.Name }}-apitraffic-license-config
{{- end }}
{{ toYaml ( .Values.apitraffic.extraVolumes ) | indent 8 }}
{{- end }}
{{- with .Values.apitraffic.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apitraffic.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apitraffic.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

33
templates/apitraffic/apitraffic-hpa.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.apitraffic.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-apitraffic"
minReplicas: {{ .Values.apitraffic.autoscaling.minReplicas }}
maxReplicas: {{ .Values.apitraffic.autoscaling.maxReplicas }}
metrics:
{{- if .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

47
templates/apitraffic/apitraffic-ingress.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if .Values.apitraffic.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apitraffic.service.ports.traffic.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apitraffic
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apitraffic.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apitraffic.ingress.className }}
ingressClassName: {{ .Values.apitraffic.ingress.className }}
{{- end }}
{{- if .Values.apitraffic.ingress.tls }}
tls:
{{- range .Values.apitraffic.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apitraffic.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apitraffic
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
templates/apitraffic/apitraffic-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.apitraffic.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
{{- if .Values.global.domainName }}
host: apitraffic.{{ .Values.global.domainName }}
{{- end }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-apitraffic"
port:
targetPort: {{ tpl .Values.apitraffic.route.targetPort . }}
{{- if .Values.apitraffic.route.tls.enabled }}
tls:
termination: {{ .Values.apitraffic.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apitraffic.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apitraffic.route.tls.key }}
key: |-
{{- .Values.apitraffic.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apitraffic.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apitraffic.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.route.tls.certificate }}
certificate: |-
{{- .Values.apitraffic.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

39
templates/apitraffic/apitraffic-service.yaml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
type: {{ .Values.apitraffic.service.type }}
ports:
- port: {{ .Values.apitraffic.service.ports.traffic.port }}
targetPort: {{ .Values.apitraffic.service.ports.traffic.port }}
protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }}
name: apigatewaytraffic
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
---
{{- if eq .Values.apitraffic.oauth.enabled true }}
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-oauth"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
type: {{ .Values.apitraffic.oauth.type }}
ports:
- port: {{ .Values.apitraffic.oauth.port }}
targetPort: {{ .Values.apitraffic.oauth.port }}
protocol: {{ .Values.apitraffic.oauth.protocol }}
name: oauth
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
{{- end }}

13
templates/apitraffic/apitraffic-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.apitraffic.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.apitraffic.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
{{- with .Values.apitraffic.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

45
templates/apitraffic/oauth-ingress.yaml Normal file
View File

@@ -0,0 +1,45 @@
{{- if .Values.apitraffic.oauth.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apitraffic.oauth.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-oauth
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apitraffic.oauth.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apitraffic.oauth.ingress.className }}
ingressClassName: {{ .Values.apitraffic.oauth.ingress.className }}
{{- end }}
{{- if .Values.apitraffic.oauth.ingress.tls }}
tls:
{{- range .Values.apitraffic.oauth.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apitraffic.oauth.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-oauth
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
templates/apitraffic/oauth-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.apitraffic.oauth.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-oauth"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: oauth
spec:
{{- if .Values.global.domainName }}
host: oauth.{{ .Values.global.domainName }}
{{- end }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-oauth"
port:
targetPort: {{ tpl .Values.apitraffic.oauth.route.targetPort . }}
{{- if .Values.apitraffic.oauth.route.tls.enabled }}
tls:
termination: {{ .Values.apitraffic.oauth.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apitraffic.oauth.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apitraffic.oauth.route.tls.key }}
key: |-
{{- .Values.apitraffic.oauth.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.oauth.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apitraffic.oauth.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.oauth.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apitraffic.oauth.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.oauth.route.tls.certificate }}
certificate: |-
{{- .Values.apitraffic.oauth.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

11
templates/common/cassandra-secret.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if (not .Values.global.cassandra.existingSecret) -}}
apiVersion: v1
data:
username: {{ .Values.global.cassandra.username | b64enc }}
password: {{ .Values.global.cassandra.password | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.cassandra.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- end }}

10
templates/common/domain-key-secret.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- if ((.Values.global.domainkeypassphrase).passphrase) -}}
apiVersion: v1
data:
passphrase: {{ .Values.global.domainkeypassphrase.passphrase | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- end }}

11
templates/common/metrics-db-secret.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if and .Values.global.database.metrics.enabled (not .Values.global.database.metrics.existingSecret) -}}
apiVersion: v1
data:
username: {{ .Values.global.database.metrics.username | b64enc }}
password: {{ .Values.global.database.metrics.password | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.metrics-db.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- end }}

53
templates/storage/pvc.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- range .Values.global.storage.volumes }}
{{- if .enabled }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
spec:
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
{{- if .volumeName }}
volumeName: {{ .volumeName | quote }}
{{- end}}
storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }}
resources:
requests:
storage: {{ default "1Mi" .capacity | quote }}
{{- if eq $.Values.global.storage.provisioningType "static" }}
# PersistentVolume needs to be created only for Static storage provisioning
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "gateway.fullname" $ }}-{{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
capacity:
storage: {{ .capacity | quote }}
volumeMode: Filesystem
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }}
csi:
driver: {{ .persistentVolume.csiDriver }}
volumeHandle: {{ .persistentVolume.volumeHandle }}
claimRef:
name: {{ .name | lower }}
namespace: {{ $.Release.Namespace | quote }}
{{- end }}
{{- end }}
{{- end }}

24
templates/storage/storage-class.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- range .Values.global.storage.classes }}
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
provisioner: {{ .provisioner | quote }}
{{- if .allowVolumeExpansion }}
allowVolumeExpansion: {{ .allowVolumeExpansion }}
{{- end }}
{{- with .parameters }}
parameters: {{- tpl (toYaml .) $ | nindent 2 }}
{{- end }}
{{- with .mountOptions }}
mountOptions: {{- toYaml . | nindent 2 }}
{{- end }}
{{- if eq $.Values.global.storage.provisioningType "dynamic" }}
volumeBindingMode: WaitForFirstConsumer
{{- else }}
volumeBindingMode: Immediate
{{- end }}
{{- end }}

114
templates/tests/gw-test-connection.yaml Normal file
View File

@@ -0,0 +1,114 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-anm-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-anm:{{ .Values.anm.service.ports.traffic.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apimgr:{{ .Values.apimgr.service.ports.ui.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apitraffic:{{ .Values.apitraffic.service.ports.traffic.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
---
{{- if .Values.aga.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-aga-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-aga:{{ .Values.aga.service.ports.ui.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
{{- end }}

13
templates/tests/test-connection-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.global.tests.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.tests.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: test-connection
{{- with .Values.global.tests.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}