cscott/apigateway-ocp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Conan Scott
2025-11-13 23:47:20 +08:00
commit 900b9ca1f3
83 changed files with 8704 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

647
! Normal file
View File

@@ -0,0 +1,647 @@
nameOverride: gateway
global:
domainName: apilab.us
defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7
imagePullPolicy: Always
imagePullSecrets:
- name: regcred
storage:
provisioningType: "dynamic"
storageClassName: "nfs"
volumes:
- name: events
enabled: true
usedBy:
- anm
- apimgr
- traffic
accessModes:
- ReadWriteMany
capacity: 1Gi
volumeName: apim-events
- name: payloads
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 16Gi
volumeName: apim-payloads
- name: audit
enabled: true
usedBy:
- anm
- apimgr
- traffic
accessModes:
- ReadWriteMany
capacity: 1Gi
volumeName: apim-audit
- name: anm-external-config
enabled: true
usedBy:
- anm
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: apimgr-external-config
enabled: true
usedBy:
- apimgr
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: apitraffic-external-config
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: aga-external-config
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: opentraffic
enabled: true
usedBy:
- traffic
- anm
- apimgr
accessModes:
- ReadWriteOnce
capacity: 8Gi
volumeName: apim-opentraffic
initContainers:
securityContext:
runAsNonRoot: false
database:
host: mysql.metrics.svc.cluster.local
metrics:
enabled: true
username: "root"
password: "password"
sslMode: "NONE"
url: jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}
cassandra:
enabled: true
hosts:
- variable: CASS_HOST
hostname: cassandra.cassandra.svc.cluster.local
username: cassandra
password: cassandra
keyspace: ks
tkeyspace: tks
anm:
image:
repository: "admin-nodemanager"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: anm.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: anm-tls
hosts:
- anm.apilab.us
service:
port: 8091
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
- name: audit
mountPath: /opt/Axway/apigateway/logs
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
- name: API_BUILDER_URL
value: "https://axway-elk-apim4elastic-apibuilder4elastic.apim4elastic:8443"
apimgr:
name: apimgr
image:
repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
groupId: Group1
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: apimgr.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: apimgr-tls
hosts:
- apimgr.apilab.us
service:
port: 8075
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
- name: apimgr-external-config
mountPath: /merge
- name: opentraffic
mountPath: /opt/Axway/apigateway/logs/opentraffic
- name: audit
mountPath: /opt/Axway/apigateway/logs/transaction
extraVolumes:
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: apimgr-external-config
name: apimgr-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Sat, 30 Nov 2024 15:48:27 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9
# SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba
# SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d
# SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4
# SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089
# SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d
# SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472
# SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c
apitraffic:
image:
repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
groupId: Group1
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 6
targetCPUUtilizationPercentage: 80
replicaCount: 4
securityContext:
runAsNonRoot: false
oauth:
enabled: true
type: ClusterIP
port: 8089
protocol: TCP
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: oauth.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: oauth-tls
hosts:
- oauth.apilab.us
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: apitraffic.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: apitraffic-tls
hosts:
- apitraffic.apilab.us
service:
port: 8065
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
- name: apitraffic-external-config
mountPath: /merge
- name: opentraffic
mountPath: /opt/Axway/apigateway/logs/opentraffic
- name: payloads
mountPath: /opt/Axway/apigateway/logs/payloads
- name: audit
mountPath: /opt/Axway/apigateway/logs/transaction
extraVolumes:
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: apitraffic-external-config
name: apitraffic-external-config
- persistentVolumeClaim:
claimName: payloads
name: payloads
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ENV_SECRET_EXAMPLE
valueFrom:
secretKeyRef:
name: apim-gateway-cassandra
key: username
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Sat, 30 Nov 2024 15:48:27 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9
# SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba
# SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d
# SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4
# SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089
# SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d
# SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472
# SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c
apiportal:
enabled: true
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: docker.repository.axway.com/apiportal-docker-prod/7.7
repository: "apiportal"
tag: "7.7.20240228-BN1285"
generalConditions:
accept: "yes"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
service:
type: ClusterIP
ports:
# target:
# port: 8443
# https:
# port: 8443
# protocol: TCP
http:
port: 8080
protocol: TCP
force:
port: 8080
protocol: TCP
# OpenShift configuration
route:
enabled: false
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
hosts:
- host: portal.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: apiportal-tls
hosts:
- portal.apilab.us
apiManager:
configured: 1
name: Main
host: "apimgr.apilab.us"
port: 443
# database settings for API Portal, also check the instance settings in global section
mysql:
enabled: true
# if the credentials are already available in a secret, set existingSecret
existingSecret:
{}
# name: "mysql-credentials"
# keyMapping:
# password: password
# username: root
# else, set username and password, this will create a new secret
username: "root"
password: "password"
# if it doesn't exist, a database with this name will be created by the app
databaseName: "portal"
sslOn: 0
sslVerifyCert: 0
redis:
enabled: false
host: ""
port: 6379
cacheTimeout: 600
apache:
sslOn: 0
extraEnvVars: []
podSecurityContext:
runAsUser: 1048
runAsGroup: 1048
fsGroup: 1048
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
aga:
enabled: false
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Sat, 30 Nov 2024 15:48:27 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9
# SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba
# SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d
# SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4
# SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089
# SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d
# SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472
# SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
repository: "analytics"
tag: "7.7.0.20240228-1-BN0065-ubi9"
# Overrides the image tag whose default is the chart appVersion.
generalConditions:
accept: "yes"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
extraEnvVars:
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
podAnnotations: {}
podSecurityContext: {}
securityContext:
allowPrivilegeEscalation: false
#NOTE readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
runAsNonRoot: false
service:
type: ClusterIP
ports:
ui:
port: 8040
protocol: TCP
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-issuer"
# kubernetes.io/i:ngress.class: nginx
kubernetes.io/tls-acme: "true"
hosts:
- host: analytics.apilab.us
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: analytics-tls
hosts:
- analytics.apilab.us
# OpenShift configuration
route:
enabled: false
# targetPort: "{{ .Values.aga.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html
# tls:
# enabled: true
# termination: passthrough
# insecureEdgeTerminationPolicy: Redirect
# key:
# caCertificate:
# certificate:
# destinationCACertificate:
# ref: https://kubernetes.io/docs/user-guide/compute-resources/
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
#targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6

9
Chart.lock Normal file
View File

@@ -0,0 +1,9 @@
dependencies:
- name: v7-traceability
repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release
version: 1.1.63
- name: v7-discovery
repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release
version: 1.1.60
digest: sha256:d1cc03e1c160da6536a088c62374db460003c4dfa2ccce908cc78da07a22674f
generated: "2024-03-07T12:21:57.832527608Z"

24
Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
annotations:
charts.openshift.io/name: axway
apiVersion: v2
appVersion: 7.7.0.20240228-1-BN0065-ubi9
dependencies:
- alias: traceability-agent
condition: traceability-agent.enabled
name: v7-traceability
repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release
tags:
- agents
version: 1.1.63
- alias: discovery-agent
condition: discovery-agent.enabled
name: v7-discovery
repository: https://axway.jfrog.io/artifactory/ampc-public-helm-release
tags:
- agents
version: 1.1.60
description: API Gateway Helm chart
kubeVersion: '>=1.22.0-0'
name: apigateway
type: application
version: 1.8.0

18
Jenkinsfile vendored Normal file
View File

@@ -0,0 +1,18 @@
pipeline {
agent any
stages {
stage('Question') {
input {
message "Should we continue?"
ok "Yes, we should."
submitter "alice,bob"
parameters {
string(name: 'PERSON', defaultValue: 'Mr Jenkins', description: 'Who should I say hello to?')
}
}
steps {
echo "Hello, ${PERSON}, nice to meet you."
}
}
}
}

17
PT1718672358S/manifest.json Normal file
View File

@@ -0,0 +1,17 @@
{
"type": "audit_manifest",
"version": "1.0",
"audits": [
{
"id": "",
"generator": "plugin-uninstall",
"generatorVersion": "36.20.0",
"results": [
{
"payload": "plugin-uninstall_issues.xml",
"type": "application/vnd.mandiant.issues+xml"
}
]
}
]
}

4
PT1718672358S/plugin-uninstall_issues.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<IssueList generator="FireEye Agent" generatorVersion="36.20.0" itemSchemaLocation="http://schemas.mandiant.com/2013/11/issuelist.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://schemas.mandiant.com/2013/11/issues.xsd">
<Issue context="ProRemSvc" level="Info" number="0" summary="Plugin uninstalled successfully" />
</IssueList>

7
README.md Normal file
View File

@@ -0,0 +1,7 @@
# apigw-helm
.
Helm chart for API Gateway
## Documentation
[https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/deployment_flows/axway_image_deployment/helm_deployment/index.html](https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_installation/apigw_containers/deployment_flows/axway_image_deployment/helm_deployment/index.html)

BIN
charts/v7-discovery-1.1.60.tgz Normal file
View File

Binary file not shown.

26
charts/v7-discovery/.helmignore Normal file
View File

@@ -0,0 +1,26 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
jfrog.yml
.gitlab-ci.yml
polaris.json

10
charts/v7-discovery/Chart.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v2
appVersion: 1.1.60
description: V7 discovery agent
maintainers:
- name: axway/beano
name: v7-discovery
sources:
- https://git.ecd.axway.org/apigov/v7_discovery_agent
type: application
version: 1.1.60

33
charts/v7-discovery/README.md Normal file
View File

@@ -0,0 +1,33 @@
## Prerequisites
Before the chart can be installed make sure to have the secrets installed/available.
i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files.
discovery-creds can be applied by using the following format for the secret.
Make sure all the values are base64 encoded before applying it in the cluster.
kubectl apply -f <creds-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: discovery-creds
data:
APIMANAGER_AUTH_USERNAME: ""
APIMANAGER_AUTH_PASSWORD: ""
APIGATEWAY_AUTH_USERNAME: ""
APIGATEWAY_AUTH_PASSWORD: ""
```
kubectl apply -f <keys-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: discovery-keys
data:
private_key: <PRIVATE_KEY_BASE64>
public_key: <PUBLIC_KEY_BASE64>
```

0
charts/v7-discovery/templates/NOTES.txt Normal file
View File

62
charts/v7-discovery/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "v7-discovery.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "v7-discovery.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "v7-discovery.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "v7-discovery.labels" -}}
helm.sh/chart: {{ include "v7-discovery.chart" . }}
{{ include "v7-discovery.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "v7-discovery.selectorLabels" -}}
app.kubernetes.io/name: {{ include "v7-discovery.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "v7-discovery.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "v7-discovery.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

112
charts/v7-discovery/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,112 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "v7-discovery.fullname" . }}
labels:
{{- include "v7-discovery.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "v7-discovery.selectorLabels" . | nindent 6 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "v7-discovery.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "v7-discovery.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: probe-port
containerPort: {{ .Values.statusPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.livenessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
readinessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.readinessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
env:
{{- with .Values.env }}
{{- range $key, $value := . }}
{{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
- name: APIMANAGER_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_USERNAME
- name: APIMANAGER_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_PASSWORD
volumeMounts:
- name: "discovery-keys-secrets"
mountPath: "/keys"
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: discovery-keys-secrets
secret:
secretName: {{ .Values.secrets.keys }}
items:
- key: private_key
path: private_key.pem
- key: public_key
path: public_key.pem
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

12
charts/v7-discovery/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "v7-discovery.serviceAccountName" . }}
labels:
{{- include "v7-discovery.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

68
charts/v7-discovery/values.yaml Normal file
View File

@@ -0,0 +1,68 @@
replicaCount: 1
image:
repository: axway.jfrog.io/ampc-public-docker-release/agent/v7-discovery-agent
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: "1.1.60"
registry: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# Health Check port
statusPort: 8989
# Info on how to fetch the values for the env parameters can ve found in the below doc.
# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-discovery-agent-environment-variable-file
# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents
env:
LOG_LEVEL: info
CENTRAL_URL: "https://apicentral.axway.com"
CENTRAL_AUTH_URL: "https://login.axway.com/auth"
APIMANAGER_PORT: "443"
# flip to true if API manager is using a self signed certificate
APIMANAGER_SSL_INSECURESKIPVERIFY: false
# The below secret are a pre-requisite. Please refer to the readme file for more info on it.
secrets:
credentials: "discovery-creds"
keys: "discovery-keys"
podAnnotations:
podSecurityContext:
supplementalGroups: [2500]
fsGroupChangePolicy: "OnRootMismatch"
securityContext:
tolerations:
affinity:
nodeSelector: {}
# Add additional labels to the agent deployment which may be required based on your configuration
additionalLabels:
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
global:
defaultRegistry: ""

BIN
charts/v7-traceability-1.1.63.tgz Normal file
View File

Binary file not shown.

26
charts/v7-traceability/.helmignore Normal file
View File

@@ -0,0 +1,26 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
jfrog.yml
.gitlab-ci.yml
polaris.json

10
charts/v7-traceability/Chart.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v2
appVersion: 1.1.63
description: V7 traceability agent
maintainers:
- name: axway/beano
name: v7-traceability
sources:
- https://git.ecd.axway.org/apigov/v7_traceability_agent
type: application
version: 1.1.63

34
charts/v7-traceability/README.md Normal file
View File

@@ -0,0 +1,34 @@
## Prerequisites
Before the chart can be installed make sure to have the secrets installed/available.
i.e if you look at line 31(secrets) in the values.yaml file, you will notice we are referencing two files.
Required credentials can be applied by using the below format for the secret.
Make sure all the values are base64 encoded before applying it in the cluster.
kubectl apply -f <creds-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: traceability-creds
type: Opaque
stringData:
APIMANAGER_AUTH_USERNAME: ""
APIMANAGER_AUTH_PASSWORD: ""
APIGATEWAY_AUTH_USERNAME: ""
APIGATEWAY_AUTH_PASSWORD: ""
```
kubectl apply -f <keys-FILENAME.yaml>
``` yaml
apiVersion: v1
kind: Secret
metadata:
name: traceability-keys
data:
private_key: <PRIVATE_KEY_BASE64>
public_key: <PUBLIC_KEY_BASE64>
```

0
charts/v7-traceability/templates/NOTES.txt Normal file
View File

62
charts/v7-traceability/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "v7-traceability.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "v7-traceability.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "v7-traceability.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "v7-traceability.labels" -}}
helm.sh/chart: {{ include "v7-traceability.chart" . }}
{{ include "v7-traceability.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "v7-traceability.selectorLabels" -}}
app.kubernetes.io/name: {{ include "v7-traceability.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "v7-traceability.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "v7-traceability.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

148
charts/v7-traceability/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,148 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "v7-traceability.fullname" . }}
labels:
{{- include "v7-traceability.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "v7-traceability.selectorLabels" . | nindent 6 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "v7-traceability.selectorLabels" . | nindent 8 }}
{{- with .Values.additionalLabels }}
{{- range $key, $value := . }}
{{ default "none" $key }}: {{ default "none" $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
initContainers:
- name: init
image: alpine
securityContext: {{- toYaml .Values.securityContext | nindent 12 }}
command:
- "sh"
- "-c"
- "chown {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} /data"
volumeMounts:
- name: data
mountPath: /data
serviceAccountName: {{ include "v7-traceability.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: probe-port
containerPort: {{ .Values.statusPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.livenessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
readinessProbe:
httpGet:
path: /status
port: probe-port
{{- with .Values.readinessProbe }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
env:
{{- with .Values.env }}
{{- range $key, $value := . }}
{{- if and (not (eq (toString $value) "")) (not (eq (toString $key) "")) }} # ignore any items with empty key or value
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.env.APIGATEWAY_ONLY}}
{{- else}}
- name: APIMANAGER_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_USERNAME
- name: APIMANAGER_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIMANAGER_AUTH_PASSWORD
{{- end}}
{{- if .Values.env.EVENT_LOG_INPUT}}
- name: APIGATEWAY_AUTH_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIGATEWAY_AUTH_USERNAME
- name: APIGATEWAY_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.credentials }}
key: APIGATEWAY_AUTH_PASSWORD
{{- end}}
volumeMounts:
- name: "traceability-keys-secrets"
mountPath: /keys
- name: events
mountPath: {{ .Values.persistentVolumeClaimConfig.events.mountPath }}
- name: data
mountPath: /data
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: events
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.events.name }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.persistentVolumeClaimConfig.data.name }}
- name: traceability-keys-secrets
secret:
secretName: {{ .Values.secrets.keys }}
items:
- key: private_key
path: private_key.pem
- key: public_key
path: public_key.pem
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

12
charts/v7-traceability/templates/pvc-data.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.persistentVolumeClaimConfig.data.name }}
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
storageClassName: {{ .Values.persistentVolumeClaimConfig.data.storageClass }}
resources:
requests:
storage: 2Gi

12
charts/v7-traceability/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "v7-traceability.serviceAccountName" . }}
labels:
{{- include "v7-traceability.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

96
charts/v7-traceability/values.yaml Normal file
View File

@@ -0,0 +1,96 @@
replicaCount: 1
image:
repository: axway.jfrog.io/ampc-public-docker-release/agent/v7-traceability-agent
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: "1.1.63"
registry: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# Health Check port
statusPort: 8990
# Info on how to fetch the values for the env parameters can ve found in the below doc.
# https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/gateway-administation/index.html#customizing-the-traceability-agent-environment-variable-file
# More environment value: https://docs.axway.com/bundle/axway-open-docs/page/docs/central/connect-api-manager/agent-variables/index.html#common-variables-to-both-agents
env:
LOG_LEVEL: info
CENTRAL_URL: "https://apicentral.axway.com"
CENTRAL_AUTH_URL: "https://login.axway.com/auth"
CENTRAL_DEPLOYMENT: "prod"
# EVENT_LOG_PATHS: "/opt/Axway/apigateway/events/axwaydemo_traffic-*.log"
EVENT_LOG_PATHS: "/events/*.log"
EVENT_LOG_INPUT: true
OPENTRAFFIC_LOG_INPUT: false
OPENTRAFFIC_LOG_PATHS: /events/*.log
TRACEABILITY_HOST: "ingestion.datasearch.axway.com:5044"
TRACEABILITY_PROTOCOL: "tcp"
TRACEABILITY_SAMPLING_PERCENTAGE: 10
TRACEABILITY_SAMPLING_REPORTALLERRORS: true
APIMANAGER_PORT: "443"
# flip to true if API manager is using a self signed certificate
APIMANAGER_SSL_INSECURESKIPVERIFY: false
APIGATEWAY_ONLY: false
APIGATEWAY_PORT: "443"
# flip to true if API gateway is using a self signed certificate
APIGATEWAY_SSL_INSECURESKIPVERIFY: false
APIGATEWAY_HEALTHCHECKPORT: 8090
APIGATEWAY_HEALTHCHECKPROTOCOL: "https"
APIGATEWAY_HEALTHCHECKURI: login
# The below secret are a pre-requisite. Please refer to the readme file for more info on it.
secrets:
credentials: "traceability-creds"
keys: "traceability-keys"
podAnnotations:
podSecurityContext:
fsGroup: 2500
supplementalGroups: [2500]
fsGroupChangePolicy: "OnRootMismatch"
securityContext:
tolerations:
affinity:
nodeSelector: {}
# Add additional labels to the agent deployment which may be required based on your configuration
additionalLabels:
# Add selector labels for deployment purposes
selectorLabels:
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
persistentVolumeClaimConfig:
data:
# storage class to persist contents of data directory in the agent - should be available in the cluster i.e gp2, gp2-csi, default
storageClass: gp2-csi
name: data-claim
events:
name: events-claim
mountPath: /events
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
global:
defaultRegistry: ""

1
mysql-analytics-cm.sql Normal file
View File

@@ -0,0 +1 @@
CREATE DATABASE metrics; USE metrics;

26
redirect.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
ingressClassName: nginx
nginx.ingress.kubernetes.io/rewrite-target: /api/portal/v1.4/sso/login/post
nginx.ingress.kubernetes.io/use-regex: "true"
name: rewrite
namespace: apim
spec:
rules:
- host: apimgr.apilab.us
http:
paths:
- backend:
service:
name: apim-gateway-apimgr
port:
number: 8075
path: /
pathType: Prefix
tls:
- hosts:
- apimgr.apilab.us
secretName: apimgr-tls

357
samples/multigroup/apim-ext.yaml Normal file
View File

@@ -0,0 +1,357 @@
nameOverride: gateway
global:
domainName: example.com
defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7
imagePullPolicy: Always
imagePullSecrets:
- name: mycreds
initContainers:
image: "docker.io/busybox:1.34"
resources:
limits:
memory: "50Mi"
cpu: "50m"
requests:
memory: "5Mi"
cpu: "50m"
securityContext:
runAsNonRoot: false
database:
host: mysql.testmetrics.svc.cluster.local
metrics:
enabled: true
username: "root"
password: "password"
cassandra:
enabled: true
hosts:
- variable: CASS_HOST
hostname: cassandra.testcassandra.svc.cluster.local
username: cassandra
password: cassandra
keyspace: apigw
tkeyspace: apigwks
tests:
images:
curl:
tag: 7.83.1
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
storage:
provisioningType: "dynamic"
storageClassName: "nfs-client"
volumes:
- name: events
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
#This is set to false when the pv is created by the AAOI helm chart
- name: opentraffic
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: gw-external-config
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: aga-external-config
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: anm-external-config
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
anm:
logs:
opentraffic:
output: "file"
enabled: false
hostname: "apim-int-gateway-anm.apim-internal.svc.cluster.local:8090"
image:
repository: "admin-nodemanager"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: anm.ext.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- anm.ext.mydomain.com
#service:
# port: 8091
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
- persistentVolumeClaim:
claimName: events
name: events
apimgr:
logs:
opentraffic:
output: "file"
image:
repository: "gateway"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
groupId: "SecondGroup"
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: apimgr.ext.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- apimgr.ext.mydomain.com
service:
port: 8075
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
- name: opentraffic
mountPath: /var/opentraffic
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: events
name: events
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add
apitraffic:
logs:
opentraffic:
output: "file"
replicaCount: 1
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 20
#targetMemoryUtilizationPercentage: 30
image:
repository: "gateway"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
groupId: "SecondGroup"
resources:
limits:
memory: "3Gi"
cpu: 3
requests:
memory: "2Gi"
cpu: 2
securityContext:
runAsNonRoot: false
oauth:
route:
enabled: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: apitraffic.ext.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- apitraffic.ext.mydomain.com
service:
port: 8065
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
- name: opentraffic
mountPath: /var/opentraffic
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: events
name: events
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add
aga:
securityContext:
runAsNonRoot: false
enabled: false
route:
enabled: false
image:
repository: "analytics"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: aga.ext.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- aga.ext.mydomain.com
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
extraVolumeMounts:
- name: aga-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: aga-external-config
name: aga-external-config
- persistentVolumeClaim:
claimName: events
name: events
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add

357
samples/multigroup/apim-int.yaml Normal file
View File

@@ -0,0 +1,357 @@
nameOverride: gateway
global:
domainName: example.com
defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7
imagePullPolicy: Always
imagePullSecrets:
- name: mycreds
initContainers:
image: "docker.io/busybox:1.34"
resources:
limits:
memory: "50Mi"
cpu: "50m"
requests:
memory: "5Mi"
cpu: "50m"
securityContext:
runAsNonRoot: false
database:
host: mysql.testmetrics.svc.cluster.local
metrics:
enabled: true
username: "root"
password: "password"
cassandra:
enabled: true
hosts:
- variable: CASS_HOST
hostname: cassandra.testcassandra.svc.cluster.local
username: cassandra
password: cassandra
keyspace: apigw
tkeyspace: apigwks
tests:
images:
curl:
tag: 7.83.1
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
storage:
provisioningType: "dynamic"
storageClassName: "nfs-client"
volumes:
- name: events
enabled: true
accessModes:
- ReadWriteMany
capacity: 1Mi
#This is set to false when the pv is created by the AAOI helm chart
- name: opentraffic
enabled: false
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: gw-external-config
enabled: true
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: aga-external-config
enabled: true
accessModes:
- ReadWriteMany
capacity: 1Mi
- name: anm-external-config
enabled: true
accessModes:
- ReadWriteMany
capacity: 1Mi
anm:
logs:
opentraffic:
output: "file"
hostname: "apim-int-gateway-anm:8090"
enabled: true
image:
repository: "admin-nodemanager"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: anm.int.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- anm.int.mydomain.com
#service:
# port: 8091
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
- persistentVolumeClaim:
claimName: events
name: events
apimgr:
logs:
opentraffic:
output: "file"
image:
repository: "gateway"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
# groupId: "Demo-Group"
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
securityContext:
runAsNonRoot: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: apimgr.int.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- apimgr.int.mydomain.com
service:
port: 8075
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
- name: opentraffic
mountPath: /var/opentraffic
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: events
name: events
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add
apitraffic:
logs:
opentraffic:
output: "file"
replicaCount: 1
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 20
#targetMemoryUtilizationPercentage: 30
image:
repository: "gateway"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
# groupId: "Demo-Group"
resources:
limits:
memory: "3Gi"
cpu: 3
requests:
memory: "2Gi"
cpu: 2
securityContext:
runAsNonRoot: false
oauth:
route:
enabled: false
route:
enabled: false
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: apitraffic.int.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- apitraffic.int.mydomain.com
service:
port: 8065
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
- name: opentraffic
mountPath: /var/opentraffic
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: events
name: events
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add
aga:
securityContext:
runAsNonRoot: false
enabled: false
route:
enabled: false
image:
repository: "analytics"
tag: "7.7.0.20230830-3-BN0019-ubi7"
generalConditions:
accept: "yes"
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: aga.int.mydomain.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- aga.int.mydomain.com
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
extraVolumeMounts:
- name: aga-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
extraVolumes:
- persistentVolumeClaim:
claimName: aga-external-config
name: aga-external-config
- persistentVolumeClaim:
claimName: events
name: events
license:
license.lic: |
FIPS=1
Mock Connector=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
apiportal=1
expires=Thu, 05 May 2023 15:43:14 GMT
mcafee=1
sdkgenerator=1
unrestricted=1
version=7
version=7.7
# SIGNATURE: add

0
templates/NOTES.txt Normal file
View File

50
templates/_gateway_helpers.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create the name of the service account to use
*/}}
{{- define "gateway.apitraffic.serviceAccountName" -}}
{{- if .Values.apitraffic.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apitraffic.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.anm.serviceAccountName" -}}
{{- if .Values.anm.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.anm.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.apimgr.serviceAccountName" -}}
{{- if .Values.apimgr.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apimgr.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.aga.serviceAccountName" -}}
{{- if .Values.aga.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.aga.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Secret name for metrics db credentials, either the existing one or the one created by this chart
*/}}
{{- define "gateway.metrics-db.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }}
{{- end }}
{{/*
Secret name for domain key passphrase
*/}}
{{- define "gateway.domainkeypassphrase.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "domainkeypassphrase") .Values.global.domainkeypassphrase.name }}
{{- end }}

140
templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,140 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "gateway.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "gateway.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "gateway.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "gateway.labels" -}}
helm.sh/chart: {{ include "gateway.chart" . }}
{{ include "gateway.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "gateway.selectorLabels" -}}
app.kubernetes.io/name: {{ include "gateway.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "gateway.apitraffic.serviceAccountName" -}}
{{- if .Values.apitraffic.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apitraffic") .Values.apitraffic.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apitraffic.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.anm.serviceAccountName" -}}
{{- if .Values.anm.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "anm") .Values.anm.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.anm.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.apimgr.serviceAccountName" -}}
{{- if .Values.apimgr.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apimgr") .Values.apimgr.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apimgr.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.aga.serviceAccountName" -}}
{{- if .Values.aga.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "aga") .Values.aga.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.aga.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "gateway.tests.serviceAccountName" -}}
{{- if .Values.global.tests.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "tests") .Values.global.tests.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.global.tests.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Secret name for metrics db credentials, either the existing one or the one created by this chart
*/}}
{{- define "gateway.metrics-db.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "metrics-db") .Values.global.database.metrics.existingSecret.name }}
{{- end }}
{{/*
Secret name for cassandra password, either the existing one or the one created by this chart
*/}}
{{- define "gateway.cassandra.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "cassandra") .Values.global.cassandra.existingSecret.name }}
{{- end }}
{{/*
Filters the API GW related volumes from the global section
Usage (example with traffic, can also be anm, aga, apimgr, portal):
{{ include "gateway.volumeMounts" (dict "component" "traffic" "storage" .Values.global.storage) }}
*/}}
{{- define "gateway.volumeMounts" -}}
{{- $component := .component }}
{{- $volumeMounts := list }}
{{- range .storage.volumes }}
{{- if and (or (empty $component) (has $component .usedBy)) .enabled }}
{{- $volumeMounts = append $volumeMounts (dict "name" .name "mountPath" (coalesce .mountPoint (printf "/opt/Axway/apigateway/%s" .name))) }}
{{- end }}
{{- end }}
{{- toYaml $volumeMounts }}
{{- end }}
{{/*
Usage (example with traffic, can also be anm, aga, apimgr, portal):
{{ include "gateway.volumes" (dict "component" "traffic" "storage" .Values.global.storage) }}
*/}}
{{- define "gateway.volumes" -}}
{{- $component := .component }}
{{- $volumes := list }}
{{- range .storage.volumes }}
{{- if and (or (empty $component) (has $component .usedBy)) .enabled }}
{{- $volumes = append $volumes (dict "name" .name "persistentVolumeClaim" (dict "claimName" (coalesce .claimName .name))) }}
{{- end }}
{{- end }}
{{- toYaml $volumes }}
{{- end }}

18
templates/_portal_helpers.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create the name of the service account to use
*/}}
{{- define "gateway.apiportal.serviceAccountName" -}}
{{- if .Values.apiportal.serviceAccount.create }}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal") .Values.aga.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.apiportal.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Secret name for mysql db credentials, either the existing one or the one created by this chart
*/}}
{{- define "gateway.apiportal.secretName" -}}
{{- default (printf "%s-%s" (include "gateway.fullname" .) "apiportal-db") .Values.apiportal.mysql.existingSecret.name }}
{{- end }}

12
templates/aga/aga-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.aga.enabled .Values.aga.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-aga-license-config
data:
{{- range $path, $config := .Values.aga.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

122
templates/aga/aga-deployment.yaml Normal file
View File

@@ -0,0 +1,122 @@
{{- if .Values.aga.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
{{- if not .Values.aga.autoscaling.enabled }}
replicas: {{ .Values.aga.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.aga.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.aga.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.aga.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: aga
{{- with .Values.aga.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.aga.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: aga
{{- with .Values.aga.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.aga.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.aga.podSecurityContext | nindent 8 }}
{{- if .Values.aga.extraInitContainers }}
initContainers:
{{ toYaml (.Values.aga.extraInitContainers) | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.aga.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.aga.image.registry }}/{{ .Values.aga.image.repository }}:{{ .Values.aga.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.aga.service.ports.ui.port }}
protocol: {{ .Values.aga.service.ports.ui.protocol }}
{{- with .Values.aga.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.aga.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.aga.resources | nindent 12 }}
env:
{{- with .Values.aga.extraEnvVars }}
{{ toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
{{- if .Values.aga.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.aga.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.aga.extraVolumeMounts }}
volumeMounts:
{{- toYaml ( .Values.aga.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.aga.license }}
- name: license
mountPath: "/opt/Axway/analytics/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- if .Values.aga.extraVolumes }}
volumes:
{{- if .Values.aga.license }}
- name: license
configMap:
name: {{ .Release.Name }}-aga-license-config
{{- end }}
{{ toYaml ( .Values.aga.extraVolumes ) | indent 8 }}
{{- end }}
{{- with .Values.aga.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.aga.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.aga.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

33
templates/aga/aga-hpa.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.aga.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-aga"
minReplicas: {{ .Values.aga.autoscaling.minReplicas }}
maxReplicas: {{ .Values.aga.autoscaling.maxReplicas }}
metrics:
{{- if .Values.aga.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.aga.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.aga.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.aga.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

47
templates/aga/aga-ingress.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if .Values.aga.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.aga.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-aga
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.aga.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.aga.ingress.className }}
ingressClassName: {{ .Values.aga.ingress.className }}
{{- end }}
{{- if .Values.aga.ingress.tls }}
tls:
{{- range .Values.aga.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.aga.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-aga
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
templates/aga/aga-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if and .Values.aga.enabled .Values.aga.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
{{- if .Values.global.domainName }}
host: aga.{{ .Values.global.domainName }}
{{- end }}
port:
targetPort: {{ tpl .Values.aga.route.targetPort . }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-aga"
{{- if .Values.aga.route.tls.enabled }}
tls:
termination: {{ .Values.aga.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.aga.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.aga.route.tls.key }}
key: |-
{{- .Values.aga.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.aga.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.aga.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.aga.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.aga.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.aga.route.tls.certificate }}
certificate: |-
{{- .Values.aga.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

19
templates/aga/aga-service.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.aga.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-aga"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
spec:
type: {{ .Values.aga.service.type }}
ports:
- port: {{ .Values.aga.service.ports.ui.port }}
targetPort: {{ .Values.aga.service.ports.ui.port }}
protocol: {{ .Values.aga.service.ports.ui.protocol }}
name: apianalyticsui
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: aga
{{- end }}

13
templates/aga/aga-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.aga.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.aga.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: aga
{{- with .Values.aga.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

12
templates/anm/anm-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.anm.enabled .Values.anm.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-anm-license-config
data:
{{- range $path, $config := .Values.anm.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

162
templates/anm/anm-deployment.yaml Normal file
View File

@@ -0,0 +1,162 @@
{{- if .Values.anm.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
{{- if not .Values.anm.autoscaling.enabled }}
replicas: {{ .Values.anm.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.anm.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.anm.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.anm.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: anm
{{- with .Values.anm.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.anm.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: anm
{{- with .Values.anm.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.anm.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.anm.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.anm.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.anm.image.registry }}/{{ .Values.anm.image.repository }}:{{ .Values.anm.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.anm.service.ports.traffic.port }}
protocol: {{ .Values.anm.service.ports.traffic.protocol }}
- containerPort: {{ .Values.anm.service.ports.ui.port }}
protocol: {{ .Values.anm.service.ports.ui.protocol }}
{{- with .Values.anm.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.anm.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.anm.resources | nindent 12 }}
env:
{{- with .Values.anm.extraEnvVars }}
{{ toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.anm.FIPS.enabled }}
- name: EMT_FIPS_MODE
value: {{ .Values.anm.FIPS.enabled | quote }}
{{- end }}
{{- if .Values.anm.jvmHeapSize }}
- name: EMT_HEAP_SIZE_MB
value: {{ .Values.anm.jvmHeapSize | quote }}
{{- end }}
{{- if .Values.anm.logs.trace.level }}
- name: EMT_TRACE_LEVEL
value: {{ .Values.anm.logs.trace.level | quote }}
{{- end }}
{{- if .Values.anm.logs.trace.disk }}
- name: APIGW_LOG_TRACE_TO_FILE
value: {{ .Values.anm.logs.trace.disk | quote }}
{{- end }}
- name: APIGW_LOG_TRACE_JSON_TO_STDOUT
value: {{ default .Values.anm.logs.trace.stdoutJSON false | quote }}
{{- if .Values.global.domainkeypassphrase }}
- name: DOMAIN_KEY_PASSPHRASE
valueFrom:
secretKeyRef:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
key: passphrase
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
{{- if .Values.anm.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.anm.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.anm.extraVolumeMounts }}
volumeMounts:
{{- if .Values.anm.license }}
- name: license
mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- toYaml ( .Values.anm.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.anm.extraVolumes }}
volumes:
{{- if .Values.anm.license }}
- name: license
configMap:
name: {{ .Release.Name }}-anm-license-config
{{- end }}
{{ toYaml ( .Values.anm.extraVolumes ) | indent 8 }}
{{- end }}
initContainers:
{{- if .Values.global.database.metrics.enabled }}
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: ['sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;']
{{- with .Values.global.initContainers.resources }}
resources:
{{ toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.anm.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.anm.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.anm.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.anm.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

35
templates/anm/anm-hpa.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-anm"
minReplicas: {{ .Values.anm.autoscaling.minReplicas }}
maxReplicas: {{ .Values.anm.autoscaling.maxReplicas }}
metrics:
{{- if .Values.anm.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.anm.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.anm.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.anm.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
{{- end }}

49
templates/anm/anm-ingress.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.anm.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-anm
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.anm.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.anm.ingress.className }}
ingressClassName: {{ .Values.anm.ingress.className }}
{{- end }}
{{- if .Values.anm.ingress.tls }}
tls:
{{- range .Values.anm.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.anm.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-anm
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

42
templates/anm/anm-routes.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
{{- if .Values.global.domainName }}
host: anm.{{ .Values.global.domainName }}
{{- end }}
port:
targetPort: {{ tpl .Values.anm.route.targetPort . }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-anm"
{{- if .Values.anm.route.tls.enabled }}
tls:
termination: {{ .Values.anm.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.anm.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.anm.route.tls.key }}
key: |-
{{- .Values.anm.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.anm.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.anm.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.anm.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.anm.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.anm.route.tls.certificate }}
certificate: |-
{{- .Values.anm.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}
{{- end }}

23
templates/anm/anm-service.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.anm.enabled }}
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-anm"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
spec:
type: {{ .Values.anm.service.type }}
ports:
- port: {{ .Values.anm.service.ports.traffic.port }}
targetPort: {{ .Values.anm.service.ports.traffic.port }}
protocol: {{ .Values.anm.service.ports.traffic.protocol }}
name: gatewaymanager
- port: {{ .Values.anm.service.ports.ui.port }}
targetPort: {{ .Values.anm.service.ports.ui.port }}
protocol: {{ .Values.anm.service.ports.ui.protocol }}
name: gatewaymanagerui
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: anm
{{- end }}

15
templates/anm/anm-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- if .Values.anm.enabled }}
{{- if .Values.anm.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ include "gateway.anm.serviceAccountName" . }}"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: anm
{{- with .Values.anm.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

12
templates/apimgr/apimgr-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.apimgr.enabled .Values.apimgr.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-apimgr-license-config
data:
{{- range $path, $config := .Values.apimgr.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

227
templates/apimgr/apimgr-deployment.yaml Normal file
View File

@@ -0,0 +1,227 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
{{- if not .Values.apimgr.autoscaling.enabled }}
replicas: {{ .Values.apimgr.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apimgr.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apimgr.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.apimgr.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: apimgr
{{- with .Values.apimgr.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.apimgr.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: apimgr
{{- with .Values.apimgr.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.apimgr.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.apimgr.podSecurityContext | nindent 8 }}
initContainers:
{{- if .Values.global.cassandra.enabled }}
- name: init-cassandra
image: {{ .Values.global.initContainers.image | quote }}
{{- with (first .Values.global.cassandra.hosts) }}
command: ["sh", "-c", "until nc -w 3 -v {{ .hostname }} 9042; do echo waiting for {{ .hostname }}; sleep 2; done;"]
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
- name: init-anm
image: {{ .Values.global.initContainers.image | quote }}
{{- if .Values.anm.hostname }}
command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"]
{{- else }}
command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"]
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apimgr.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.apimgr.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.apimgr.image.registry }}/{{ .Values.apimgr.image.repository }}:{{ .Values.apimgr.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.apimgr.service.ports.ui.port }}
protocol: {{ .Values.apimgr.service.ports.ui.protocol }}
{{- with .Values.apimgr.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apimgr.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.apimgr.resources | nindent 12 }}
env:
{{- with .Values.apimgr.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.apimgr.FIPS.enabled }}
- name: EMT_FIPS_MODE
value: {{ .Values.apimgr.FIPS.enabled | quote }}
{{- end }}
{{- if .Values.apimgr.jvmHeapSize }}
- name: EMT_HEAP_SIZE_MB
value: {{ .Values.apimgr.jvmHeapSize | quote }}
{{- end }}
{{- if .Values.apimgr.logs.trace.level }}
- name: EMT_TRACE_LEVEL
value: {{ .Values.apimgr.logs.trace.level | quote }}
{{- end }}
{{- if .Values.apimgr.logs.trace.disk }}
- name: APIGW_LOG_TRACE_TO_FILE
value: {{ .Values.apimgr.logs.trace.disk | quote }}
{{- end }}
- name: APIGW_LOG_TRACE_JSON_TO_STDOUT
value: {{ default .Values.apimgr.logs.trace.stdoutJSON false | quote }}
{{- if .Values.apimgr.logs.opentraffic.output | quote }}
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: {{ .Values.apimgr.logs.opentraffic.output | quote }}
{{- end }}
{{- if .Values.global.domainkeypassphrase }}
- name: DOMAIN_KEY_PASSPHRASE
valueFrom:
secretKeyRef:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
key: passphrase
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
{{- if .Values.anm.hostname }}
- name: EMT_ANM_HOSTS
value: {{ .Values.anm.hostname | quote }}
{{- else }}
- name: EMT_ANM_HOSTS
value: "{{ include "gateway.fullname" . }}-anm:8090"
{{- end }}
- name: GROUP_ID
value: {{ .Values.apimgr.groupId }}
{{- if .Values.global.domainId }}
- name: DOMAIN_ID
value: {{ .Values.global.domainId }}
{{- end }}
{{- if .Values.global.cassandra.enabled }}
{{- range .Values.global.cassandra.hosts }}
- name: {{ .variable }}
value: {{ .hostname | quote }}
{{- end }}
- name: CASS_PORT
value: {{ .Values.global.cassandra.port | quote }}
- name: CASS_KEYSPACE
value: {{ tpl .Values.global.cassandra.keyspace . | quote }}
- name: CASS_TKEYSPACE
value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }}
- name: CASS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
- name: CASS_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
{{- end }}
{{- if .Values.apimgr.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.apimgr.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.apimgr.extraVolumeMounts }}
volumeMounts:
{{- if .Values.apimgr.license }}
- name: license
mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- toYaml ( .Values.apimgr.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.apimgr.extraVolumes }}
volumes:
{{- if .Values.apimgr.license }}
- name: license
configMap:
name: {{ .Release.Name }}-apimgr-license-config
{{- end }}
{{ toYaml ( .Values.apimgr.extraVolumes ) | indent 8 }}
{{- end }}
{{- with .Values.apimgr.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apimgr.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apimgr.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

33
templates/apimgr/apimgr-hpa.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.apimgr.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-apimgr"
minReplicas: {{ .Values.apimgr.autoscaling.minReplicas }}
maxReplicas: {{ .Values.apimgr.autoscaling.maxReplicas }}
metrics:
{{- if .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.apimgr.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.apimgr.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

47
templates/apimgr/apimgr-ingress.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if .Values.apimgr.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apimgr.service.ports.ui.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apimgr
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apimgr.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apimgr.ingress.className }}
ingressClassName: {{ .Values.apimgr.ingress.className }}
{{- end }}
{{- if .Values.apimgr.ingress.tls }}
tls:
{{- range .Values.apimgr.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apimgr.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType}}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apimgr
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
templates/apimgr/apimgr-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.apimgr.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
{{- if .Values.global.domainName }}
host: apimgr.{{ .Values.global.domainName }}
{{- end }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-apimgr"
port:
targetPort: {{ tpl .Values.apimgr.route.targetPort . }}
{{- if .Values.apimgr.route.tls.enabled }}
tls:
termination: {{ .Values.apimgr.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apimgr.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apimgr.route.tls.key }}
key: |-
{{- .Values.apimgr.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apimgr.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apimgr.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apimgr.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apimgr.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apimgr.route.tls.certificate }}
certificate: |-
{{- .Values.apimgr.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

17
templates/apimgr/apimgr-service.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
spec:
type: {{ .Values.apimgr.service.type }}
ports:
- port: {{ .Values.apimgr.service.ports.ui.port }}
targetPort: {{ .Values.apimgr.service.ports.ui.port }}
protocol: {{ .Values.apimgr.service.ports.ui.protocol }}
name: apimanagerui
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apimgr

13
templates/apimgr/apimgr-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.apimgr.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.apimgr.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apimgr
{{- with .Values.apimgr.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

12
templates/apiportal/apiportal-db-secret.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.mysql.enabled (not .Values.apiportal.mysql.existingSecret) -}}
apiVersion: v1
data:
username: {{ .Values.apiportal.mysql.username | b64enc }}
password: {{ .Values.apiportal.mysql.password | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.apiportal.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
{{- end }}

173
templates/apiportal/apiportal-deployment.yaml Normal file
View File

@@ -0,0 +1,173 @@
{{- if .Values.apiportal.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-apiportal"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
replicas: {{ .Values.apiportal.replicaCount }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apiportal.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apiportal.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: apiportal
{{- with .Values.apiportal.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.apiportal.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: apiportal
{{- with .Values.apiportal.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.apiportal.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.apiportal.podSecurityContext | nindent 8 }}
containers:
- name: "{{ include "gateway.fullname" . }}-apiportal"
securityContext:
{{- toYaml .Values.apiportal.securityContext | nindent 12 }}
command: ["/usr/local/bin/entrypoint.sh", "apiportal"]
{{- with .Values.apiportal.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apiportal.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.apiportal.resources | nindent 12 }}
env:
# Same mysql database has been used for both metrics and apiportal
{{- if .Values.apiportal.mysql.enabled }}
- name: MYSQL_HOST
value: {{ tpl .Values.global.database.host . | quote }}
- name: MYSQL_PORT
value: {{ .Values.global.database.port | quote }}
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: {{ include "gateway.apiportal.secretName" . }}
key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "gateway.apiportal.secretName" . }}
key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
- name: MYSQL_DATABASE
value: {{ .Values.apiportal.mysql.databaseName | quote }}
- name: MYSQL_SSL_ON
value: {{ .Values.apiportal.mysql.sslOn | quote }}
- name: MYSQL_SSL_VERIFY_CERT
value: {{ .Values.apiportal.mysql.sslVerifyCert | quote }}
{{- end }}
{{- if .Values.apiportal.redis.enabled }}
- name: REDIS_CONFIGURED
value: "1"
- name: REDIS_ON
value: "1"
- name: REDIS_HOST
value: {{ required "A redis host should be specified" .Values.apiportal.redis.host | quote }}
- name: REDIS_PORT
value: {{ default "6379" .Values.apiportal.redis.port | quote }}
- name: REDIS_CACHE_TIMEOUT_SEC
value: {{ default "600" .Values.apiportal.redis.cacheTimeout | quote }}
{{- end }}
- name: APACHE_SSL_ON
value: {{ .Values.apiportal.apache.sslOn | quote }}
- name: APIMANAGER_CONFIGURED
value: {{ default "1" .Values.apiportal.apiManager.configured | quote }}
- name: API_WHITELIST_CONFIGURED
value: "1"
- name: API_WHITELIST
value: "apitraffic.{{ .Values.global.domainName }}"
- name: APIMANAGER_NAME
value: {{ .Values.apiportal.apiManager.name | quote }}
- name: APIMANAGER_HOST
value: "{{ include "gateway.fullname" . }}-apimgr"
- name: APIMANAGER_PORT
value: {{ .Values.apimgr.service.ports.ui.port | quote }}
- name: HTTP_PORT
value: {{ .Values.apiportal.service.ports.http.port | quote }}
- name: HTTPS_PORT
value: {{ .Values.apiportal.service.ports.https.port | quote }}
- name: HTTPS_FORCE_PORT
value: {{ .Values.apiportal.service.ports.force.port | quote }}
- name: T4_DOWNLOADED
value: {{ .Values.apiportal.t4_downloaded | quote }}
{{- if .Values.apiportal.extraEnvVars }}
{{- toYaml .Values.apiportal.extraEnvVars | nindent 12 }}
{{- end }}
image: "{{ default .Values.global.defaultRegistry .Values.apiportal.image.registry }}/{{ .Values.apiportal.image.repository }}:{{ .Values.apiportal.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- name: "apiportal"
containerPort: {{ .Values.apiportal.service.ports.force.port }}
protocol: TCP
volumeMounts:
{{- $mounts := list }}
{{- if .Values.apiportal.mysql.sslOn }}
{{- $mounts = append $mounts (dict "name" "mysql-certs" "mountPath" "/opt/axway/apiportal/certs/mysql/mysql-ca.pem" "subPath" "mysql-ca.pem") }}
{{- end }}
{{- if .Values.apiportal.apache.sslOn }}
{{- $mounts = append $mounts (dict "name" "apache" "mountPath" "/opt/axway/apiportal/certs/apache/") }}
{{- end }}
{{- include "gateway.volumeMounts" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $mounts | default list | toYaml | nindent 12 }}
initContainers:
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: [ 'sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port }}; do echo waiting for MySQL; sleep 2; done;' ]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.apiportal.apiManager.configured }}
- name: init-apimanager
image: {{ .Values.global.initContainers.image | quote }}
command: [ 'sh', '-c', 'until nc -w 3 -v {{ include "gateway.fullname" . }}-apimgr 8075; do echo waiting for API Manager; sleep 2; done;' ]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.apiportal.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- $vols := list }}
{{- if .Values.apiportal.mysql.sslOn }}
{{- $vols = append $vols (dict "name" "mysql-certs" "secret" (dict "secretName" "mysql-ca-cert" "items" (list (dict "key" "mysql-ca.pem" "path" "mysql-ca.pem")))) }}
{{- end }}
{{- if .Values.apiportal.apache.sslOn }}
{{- $vols = append $vols (dict "name" "apache" "secret" (dict "secretName" "apache" "items" (list (dict "key" "tls.key" "path" "apache.key") (dict "key" "tls.crt" "path" "apache.crt")))) }}
{{- end }}
{{- include "gateway.volumes" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $vols | default list | toYaml | nindent 8 }}
{{- end }}

47
templates/apiportal/apiportal-ingress.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apiportal.service.ports.target.port }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apiportal
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apiportal.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apiportal.ingress.className }}
ingressClassName: {{ .Values.apiportal.ingress.className }}
{{- end }}
{{- if .Values.apiportal.ingress.tls }}
tls:
{{- range .Values.apiportal.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apiportal.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apiportal
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

37
templates/apiportal/apiportal-rbac.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{- if .Values.apiportal.enabled -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: apiportalscc
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- nonroot
resources:
- securitycontextconstraints
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: apiportalscc
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
subjects:
- kind: ServiceAccount
name: {{ include "gateway.apiportal.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
roleRef:
kind: Role
name: apiportalscc
apiGroup: rbac.authorization.k8s.io
{{- end }}

40
templates/apiportal/apiportal-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-apiportal"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
to:
kind: Service
name: {{ include "gateway.fullname" . }}-apiportal
{{- if .Values.global.domainName }}
host: apiportal.{{ .Values.global.domainName }}
{{- end }}
port:
targetPort: {{ tpl .Values.apiportal.route.targetPort . }}
{{- if .Values.apiportal.route.tls.enabled }}
tls:
termination: {{ .Values.apiportal.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apiportal.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apiportal.route.tls.key }}
key: |-
{{- .Values.apiportal.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apiportal.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apiportal.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apiportal.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apiportal.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apiportal.route.tls.certificate }}
certificate: |-
{{- .Values.apiportal.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

24
templates/apiportal/apiportal-service.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.apiportal.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "gateway.fullname" . }}-apiportal
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
type: ClusterIP
ports:
- port: {{ .Values.apiportal.service.ports.http.port }}
targetPort: {{ .Values.apiportal.service.ports.http.port }}
protocol: TCP
name: {{ include "gateway.fullname" . }}-apiportal-http
- port: {{ .Values.apiportal.service.ports.https.port }}
targetPort: {{ .Values.apiportal.service.ports.https.port }}
protocol: TCP
name: {{ include "gateway.fullname" . }}-apiportal-https
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
{{- end }}

13
templates/apiportal/apiportal-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if and .Values.apiportal.enabled .Values.apiportal.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.apiportal.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apiportal
{{- with .Values.apiportal.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

53
templates/apiportal/storage/apiportal-pvc.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- if .Values.apiportal.enabled }}
{{- range .Values.apiportal.storage.volumes }}
{{- if .enabled }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }}
resources:
requests:
storage: {{ default "1Mi" .capacity | quote }}
{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "static" }}
# PersistentVolume needs to be created only for Static storage provisioning
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "gateway.fullname" $ }}-{{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
capacity:
storage: {{ .capacity | quote }}
volumeMode: Filesystem
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }}
csi:
driver: {{ .persistentVolume.csiDriver }}
volumeHandle: {{ .persistentVolume.volumeHandle }}
claimRef:
name: {{ .name | lower }}
namespace: {{ $.Release.Namespace | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

26
templates/apiportal/storage/storage-class.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{ if .Values.apiportal.enabled }}
{{- range .Values.apiportal.storage.classes }}
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
provisioner: {{ .provisioner | quote }}
{{- with .allowVolumeExpansion }}
allowVolumeExpansion: {{ . }}
{{- end }}
{{- with .parameters }}
parameters: {{- tpl (toYaml .) $ | nindent 2 }}
{{- end }}
{{- with .mountOptions }}
mountOptions: {{- toYaml . | nindent 2 }}
{{- end }}
{{- if eq (default $.Values.global.storage.provisioningType $.Values.apiportal.storage.provisioningType) "dynamic" }}
volumeBindingMode: WaitForFirstConsumer
{{- else }}
volumeBindingMode: Immediate
{{- end }}
{{- end }}
{{- end }}

12
templates/apitraffic/apitraffic-configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.apitraffic.enabled .Values.apitraffic.license }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-apitraffic-license-config
data:
{{- range $path, $config := .Values.apitraffic.license }}
{{ $path }}: |
{{ $config | indent 4 -}}
{{- end -}}
{{- end -}}

228
templates/apitraffic/apitraffic-deployment.yaml Normal file
View File

@@ -0,0 +1,228 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
{{- if not .Values.apitraffic.autoscaling.enabled }}
replicas: {{ .Values.apitraffic.replicaCount }}
{{- end }}
strategy:
{{- if eq (default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type) "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apitraffic.updateStrategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apitraffic.updateStrategy.rollingUpdate.maxUnavailable }}
{{- end }}
type: {{ default .Values.global.updateStrategy.type .Values.apitraffic.updateStrategy.type }}
selector:
matchLabels:
{{- include "gateway.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: apitraffic
{{- with .Values.apitraffic.podLabels }}
{{- toYaml . | nindent 6 }}
{{- end }}
template:
metadata:
{{- with .Values.apitraffic.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "gateway.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: apitraffic
{{- with .Values.apitraffic.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "gateway.apitraffic.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.apitraffic.podSecurityContext | nindent 8 }}
initContainers:
{{- if .Values.global.cassandra.enabled }}
- name: init-cassandra
image: {{ .Values.global.initContainers.image | quote }}
{{- with (first .Values.global.cassandra.hosts) }}
command: ["sh", "-c", "until nc -w 3 -v {{ .hostname }} 9042; do echo waiting for {{ .hostname }}; sleep 2; done;"]
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: init-mysql
image: {{ .Values.global.initContainers.image | quote }}
command: ["sh", "-c", "until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port | int }}; do echo waiting for mysql; sleep 2; done;"]
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
- name: init-anm
image: {{ .Values.global.initContainers.image | quote }}
{{- if .Values.anm.hostname }}
command: ["sh", "-c", "until nc -w 3 -v {{ .Values.anm.hostname }}; do echo waiting for anm; sleep 2; done;"]
{{- else }}
command: ["sh", "-c", "until nc -w 3 -v {{ include "gateway.fullname" . }}-anm 8090; do echo waiting for anm; sleep 2; done;"]
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.global.initContainers.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apitraffic.extraInitContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.apitraffic.securityContext | nindent 12 }}
image: "{{ default .Values.global.defaultRegistry .Values.apitraffic.image.registry }}/{{ .Values.apitraffic.image.repository }}:{{ .Values.apitraffic.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
ports:
- containerPort: {{ .Values.apitraffic.service.ports.traffic.port }}
protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }}
{{- with .Values.apitraffic.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.apitraffic.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.apitraffic.resources | nindent 12 }}
env:
{{- with .Values.apitraffic.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.apitraffic.FIPS.enabled }}
- name: EMT_FIPS_MODE
value: {{ .Values.apitraffic.FIPS.enabled | quote }}
{{- end }}
{{- if .Values.apitraffic.jvmHeapSize }}
- name: EMT_HEAP_SIZE_MB
value: {{ .Values.apitraffic.jvmHeapSize | quote }}
{{- end }}
{{- if .Values.apitraffic.logs.trace.level }}
- name: EMT_TRACE_LEVEL
value: {{ .Values.apitraffic.logs.trace.level | quote }}
{{- end }}
{{- if .Values.apitraffic.logs.trace.disk }}
- name: APIGW_LOG_TRACE_TO_FILE
value: {{ .Values.apitraffic.logs.trace.disk | quote }}
{{- end }}
- name: APIGW_LOG_TRACE_JSON_TO_STDOUT
value: {{ default .Values.apitraffic.logs.trace.stdoutJSON false | quote }}
{{- if .Values.apitraffic.logs.opentraffic.output | quote}}
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: {{ .Values.apitraffic.logs.opentraffic.output | quote }}
{{- end }}
{{- if .Values.global.domainkeypassphrase }}
- name: DOMAIN_KEY_PASSPHRASE
valueFrom:
secretKeyRef:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
key: passphrase
{{- end }}
{{- if .Values.global.database.metrics.enabled }}
- name: METRICS_DB_URL
value: {{ tpl .Values.global.database.metrics.url . | quote }}
- name: METRICS_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
- name: METRICS_DB_PASS
valueFrom:
secretKeyRef:
name: {{ include "gateway.metrics-db.secretName" . }}
key: {{ with .Values.global.database.metrics.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
{{- end }}
- name: GROUP_ID
value: {{ .Values.apitraffic.groupId }}
{{- if .Values.global.domainId }}
- name: DOMAIN_ID
value: {{ .Values.global.domainId }}
{{- end }}
{{- if .Values.global.cassandra.enabled }}
{{- range .Values.global.cassandra.hosts }}
- name: {{ .variable }}
value: {{ .hostname | quote }}
{{- end }}
- name: CASS_PORT
value: {{ .Values.global.cassandra.port | quote }}
- name: CASS_KEYSPACE
value: {{ tpl .Values.global.cassandra.keyspace . | quote }}
- name: CASS_TKEYSPACE
value: {{ tpl .Values.global.cassandra.tkeyspace . | quote }}
- name: CASS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }}
- name: CASS_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "gateway.cassandra.secretName" . }}
key: {{ with .Values.global.cassandra.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }}
{{- end }}
{{- if .Values.apitraffic.image.generalConditions }}
- name: ACCEPT_GENERAL_CONDITIONS
value: {{ .Values.apitraffic.image.generalConditions.accept | quote }}
{{- end }}
{{- if .Values.anm.hostname }}
- name: EMT_ANM_HOSTS
value: {{ .Values.anm.hostname | quote }}
{{- else }}
- name: EMT_ANM_HOSTS
value: "{{ include "gateway.fullname" . }}-anm:8090"
{{- end }}
{{- if .Values.apitraffic.extraVolumeMounts }}
volumeMounts:
{{- if .Values.apitraffic.license }}
- name: license
mountPath: "/opt/Axway/apigateway/conf/licenses/license.lic"
subPath: "license.lic"
{{- end }}
{{- toYaml ( .Values.apitraffic.extraVolumeMounts ) | nindent 12 }}
{{- end }}
{{- if .Values.apitraffic.extraVolumes }}
volumes:
{{- if .Values.apitraffic.license }}
- name: license
configMap:
name: {{ .Release.Name }}-apitraffic-license-config
{{- end }}
{{ toYaml ( .Values.apitraffic.extraVolumes ) | indent 8 }}
{{- end }}
{{- with .Values.apitraffic.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apitraffic.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.apitraffic.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

33
templates/apitraffic/apitraffic-hpa.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- if .Values.apitraffic.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: "{{ include "gateway.fullname" . }}-apitraffic"
minReplicas: {{ .Values.apitraffic.autoscaling.minReplicas }}
maxReplicas: {{ .Values.apitraffic.autoscaling.maxReplicas }}
metrics:
{{- if .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.apitraffic.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.apitraffic.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

47
templates/apitraffic/apitraffic-ingress.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if .Values.apitraffic.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apitraffic.service.ports.traffic.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-apitraffic
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apitraffic.ingress.annotations }}
annotations:
{{- tpl (toYaml .) $ | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apitraffic.ingress.className }}
ingressClassName: {{ .Values.apitraffic.ingress.className }}
{{- end }}
{{- if .Values.apitraffic.ingress.tls }}
tls:
{{- range .Values.apitraffic.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ tpl . $ | quote }}
{{- end }}
{{- if .secretName }}
secretName: {{ tpl (.secretName) $ }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apitraffic.ingress.hosts }}
- host: {{ tpl .host $ | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-apitraffic
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
templates/apitraffic/apitraffic-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.apitraffic.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
{{- if .Values.global.domainName }}
host: apitraffic.{{ .Values.global.domainName }}
{{- end }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-apitraffic"
port:
targetPort: {{ tpl .Values.apitraffic.route.targetPort . }}
{{- if .Values.apitraffic.route.tls.enabled }}
tls:
termination: {{ .Values.apitraffic.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apitraffic.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apitraffic.route.tls.key }}
key: |-
{{- .Values.apitraffic.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apitraffic.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apitraffic.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.route.tls.certificate }}
certificate: |-
{{- .Values.apitraffic.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

39
templates/apitraffic/apitraffic-service.yaml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
type: {{ .Values.apitraffic.service.type }}
ports:
- port: {{ .Values.apitraffic.service.ports.traffic.port }}
targetPort: {{ .Values.apitraffic.service.ports.traffic.port }}
protocol: {{ .Values.apitraffic.service.ports.traffic.protocol }}
name: apigatewaytraffic
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
---
{{- if eq .Values.apitraffic.oauth.enabled true }}
apiVersion: v1
kind: Service
metadata:
name: "{{ include "gateway.fullname" . }}-oauth"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
spec:
type: {{ .Values.apitraffic.oauth.type }}
ports:
- port: {{ .Values.apitraffic.oauth.port }}
targetPort: {{ .Values.apitraffic.oauth.port }}
protocol: {{ .Values.apitraffic.oauth.protocol }}
name: oauth
selector:
{{- include "gateway.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
{{- end }}

13
templates/apitraffic/apitraffic-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.apitraffic.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.apitraffic.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: apitraffic
{{- with .Values.apitraffic.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

45
templates/apitraffic/oauth-ingress.yaml Normal file
View File

@@ -0,0 +1,45 @@
{{- if .Values.apitraffic.oauth.ingress.enabled -}}
{{- $fullName := include "gateway.fullname" . -}}
{{- $svcPort := .Values.apitraffic.oauth.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-oauth
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- with .Values.apitraffic.oauth.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.apitraffic.oauth.ingress.className }}
ingressClassName: {{ .Values.apitraffic.oauth.ingress.className }}
{{- end }}
{{- if .Values.apitraffic.oauth.ingress.tls }}
tls:
{{- range .Values.apitraffic.oauth.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.apitraffic.oauth.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}-oauth
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

40
templates/apitraffic/oauth-routes.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.apitraffic.oauth.route.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: "{{ include "gateway.fullname" . }}-oauth"
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: oauth
spec:
{{- if .Values.global.domainName }}
host: oauth.{{ .Values.global.domainName }}
{{- end }}
to:
kind: Service
name: "{{ include "gateway.fullname" . }}-oauth"
port:
targetPort: {{ tpl .Values.apitraffic.oauth.route.targetPort . }}
{{- if .Values.apitraffic.oauth.route.tls.enabled }}
tls:
termination: {{ .Values.apitraffic.oauth.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.apitraffic.oauth.route.tls.insecureEdgeTerminationPolicy }}
{{- if .Values.apitraffic.oauth.route.tls.key }}
key: |-
{{- .Values.apitraffic.oauth.route.tls.key | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.oauth.route.tls.destinationCACertificate }}
destinationCACertificate: |-
{{- .Values.apitraffic.oauth.route.tls.destinationCACertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.oauth.route.tls.caCertificate }}
caCertificate: |-
{{- .Values.apitraffic.oauth.route.tls.caCertificate | nindent 6 }}
{{- end }}
{{- if .Values.apitraffic.oauth.route.tls.certificate }}
certificate: |-
{{- .Values.apitraffic.oauth.route.tls.certificate | nindent 6 }}
{{- end }}
{{- end }}
wildcardPolicy: None
{{- end }}

11
templates/common/cassandra-secret.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if (not .Values.global.cassandra.existingSecret) -}}
apiVersion: v1
data:
username: {{ .Values.global.cassandra.username | b64enc }}
password: {{ .Values.global.cassandra.password | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.cassandra.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- end }}

10
templates/common/domain-key-secret.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- if ((.Values.global.domainkeypassphrase).passphrase) -}}
apiVersion: v1
data:
passphrase: {{ .Values.global.domainkeypassphrase.passphrase | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.domainkeypassphrase.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- end }}

11
templates/common/metrics-db-secret.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if and .Values.global.database.metrics.enabled (not .Values.global.database.metrics.existingSecret) -}}
apiVersion: v1
data:
username: {{ .Values.global.database.metrics.username | b64enc }}
password: {{ .Values.global.database.metrics.password | b64enc }}
kind: Secret
metadata:
name: {{ include "gateway.metrics-db.secretName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
{{- end }}

53
templates/storage/pvc.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- range .Values.global.storage.volumes }}
{{- if .enabled }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
spec:
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
{{- if .volumeName }}
volumeName: {{ .volumeName | quote }}
{{- end}}
storageClassName: {{ default $.Values.global.storage.storageClassName .storageClassName | quote }}
resources:
requests:
storage: {{ default "1Mi" .capacity | quote }}
{{- if eq $.Values.global.storage.provisioningType "static" }}
# PersistentVolume needs to be created only for Static storage provisioning
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "gateway.fullname" $ }}-{{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
app.kubernetes.io/component: apiportal
spec:
capacity:
storage: {{ .capacity | quote }}
volumeMode: Filesystem
accessModes:
{{- with .accessModes }}
{{- toYaml . | nindent 4 }}
{{- else }}
- ReadWriteMany
{{- end }}
persistentVolumeReclaimPolicy: {{ .persistentVolume.reclaimPolicy | quote }}
csi:
driver: {{ .persistentVolume.csiDriver }}
volumeHandle: {{ .persistentVolume.volumeHandle }}
claimRef:
name: {{ .name | lower }}
namespace: {{ $.Release.Namespace | quote }}
{{- end }}
{{- end }}
{{- end }}

24
templates/storage/storage-class.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- range .Values.global.storage.classes }}
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ .name | lower }}
labels:
{{- include "gateway.labels" $ | nindent 4 }}
provisioner: {{ .provisioner | quote }}
{{- if .allowVolumeExpansion }}
allowVolumeExpansion: {{ .allowVolumeExpansion }}
{{- end }}
{{- with .parameters }}
parameters: {{- tpl (toYaml .) $ | nindent 2 }}
{{- end }}
{{- with .mountOptions }}
mountOptions: {{- toYaml . | nindent 2 }}
{{- end }}
{{- if eq $.Values.global.storage.provisioningType "dynamic" }}
volumeBindingMode: WaitForFirstConsumer
{{- else }}
volumeBindingMode: Immediate
{{- end }}
{{- end }}

114
templates/tests/gw-test-connection.yaml Normal file
View File

@@ -0,0 +1,114 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-anm-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-anm:{{ .Values.anm.service.ports.traffic.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-apimgr-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apimgr:{{ .Values.apimgr.service.ports.ui.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-apitraffic-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-apitraffic:{{ .Values.apitraffic.service.ports.traffic.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
---
{{- if .Values.aga.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ include "gateway.fullname" . }}-aga-test-connection"
labels:
{{- include "gateway.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
template:
spec:
serviceAccountName: {{ include "gateway.tests.serviceAccountName" . }}
containers:
- name: curl
image: {{ default .Values.global.defaultRegistry .Values.global.tests.images.curl.registry }}/{{ default "curlimages/curl" .Values.global.tests.images.curl.repository }}:{{ default "latest" .Values.global.tests.images.curl.tag }}
command: ["bin/sh"]
args: ["-c", "curl -k https://{{ include "gateway.fullname" . }}-aga:{{ .Values.aga.service.ports.ui.port}}/healthcheck"]
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: {{ .Values.global.tests.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.global.tests.securityContext.runAsNonRoot }}
allowPrivilegeEscalation: {{ .Values.global.tests.securityContext.allowPrivilegeEscalation }}
restartPolicy: Never
backoffLimit: 3
{{- end }}

13
templates/tests/test-connection-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.global.tests.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gateway.tests.serviceAccountName" . }}
labels:
{{- include "gateway.labels" . | nindent 4 }}
app.kubernetes.io/component: test-connection
{{- with .Values.global.tests.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

659
values-override.yaml Normal file
View File

@@ -0,0 +1,659 @@
nameOverride: gateway
global:
domainName: apilab.us
defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7
imagePullPolicy: Always
imagePullSecrets:
- name: regcred
storage:
provisioningType: "dynamic"
storageClassName: "nfs"
volumes:
- name: events
enabled: true
usedBy:
- anm
- apimgr
- traffic
accessModes:
- ReadWriteMany
capacity: 1Gi
volumeName: apim-events
- name: payloads
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 16Gi
volumeName: apim-payloads
- name: audit
enabled: true
usedBy:
- anm
- apimgr
- traffic
accessModes:
- ReadWriteMany
capacity: 1Gi
volumeName: apim-audit
- name: anm-external-config
enabled: true
usedBy:
- anm
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: apimgr-external-config
enabled: true
usedBy:
- apimgr
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: apitraffic-external-config
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: aga-external-config
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: opentraffic
enabled: true
usedBy:
- traffic
- anm
- apimgr
accessModes:
- ReadWriteOnce
capacity: 8Gi
volumeName: apim-opentraffic
initContainers:
securityContext:
runAsNonRoot: false
database:
host: mysql.metrics.svc.cluster.local
metrics:
enabled: false
username: "root"
password: "password"
sslMode: "NONE"
url: jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}
cassandra:
enabled: true
hosts:
- variable: CASS_HOST
hostname: cassandra.cassandra.svc.cluster.local
username: cassandra
password: cassandra
keyspace: ks
tkeyspace: tks
anm:
image:
repository: "admin-nodemanager"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
securityContext:
runAsNonRoot: false
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
# className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: anm.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: anm-tls
# hosts:
# - anm.apilab.us
#service:
# port: 8091
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
- name: audit
mountPath: /opt/Axway/apigateway/logs
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
- name: API_BUILDER_URL
value: "https://axway-elk-apim4elastic-apibuilder4elastic.apim4elastic:8443"
apimgr:
name: apimgr
image:
repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
groupId: Group1
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
securityContext:
runAsNonRoot: false
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
#className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: apimgr.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: apimgr-tls
# hosts:
# - apimgr.apilab.us
#service:
# port: 8075
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
- name: apimgr-external-config
mountPath: /merge
- name: opentraffic
mountPath: /opt/Axway/apigateway/logs/opentraffic
- name: audit
mountPath: /opt/Axway/apigateway/logs/transaction
extraVolumes:
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: apimgr-external-config
name: apimgr-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Wed, 30 Apr 2025 16:21:51 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233
# SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548
# SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69
# SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6
# SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd
# SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e
# SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8
# SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6
apitraffic:
image:
repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
groupId: Group1
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 6
targetCPUUtilizationPercentage: 80
replicaCount: 2
securityContext:
runAsNonRoot: false
oauth:
enabled: true
type: ClusterIP
port: 8089
protocol: TCP
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
#className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: oauth.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: oauth-tls
# hosts:
# - oauth.apilab.us
#ingress:
# enabled: true
#className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: apitraffic.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: apitraffic-tls
# hosts:
# - apitraffic.apilab.us
service:
port: 8065
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
- name: apitraffic-external-config
mountPath: /merge
- name: opentraffic
mountPath: /opt/Axway/apigateway/logs/opentraffic
- name: payloads
mountPath: /opt/Axway/apigateway/logs/payloads
- name: audit
mountPath: /opt/Axway/apigateway/logs/transaction
extraVolumes:
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: apitraffic-external-config
name: apitraffic-external-config
- persistentVolumeClaim:
claimName: payloads
name: payloads
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ENV_SECRET_EXAMPLE
valueFrom:
secretKeyRef:
name: apim-gateway-cassandra
key: username
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Wed, 30 Apr 2025 16:21:51 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233
# SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548
# SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69
# SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6
# SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd
# SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e
# SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8
# SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6
apiportal:
enabled: false
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: docker.repository.axway.com/apiportal-docker-prod/7.7
repository: "apiportal"
tag: "7.7.20240228-BN1285"
generalConditions:
accept: "yes"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
service:
type: ClusterIP
ports:
# target:
# port: 8443
# https:
# port: 8443
# protocol: TCP
http:
port: 8080
protocol: TCP
force:
port: 8080
protocol: TCP
# OpenShift configuration
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
# className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: portal.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: apiportal-tls
# hosts:
# - portal.apilab.us
apiManager:
configured: 1
name: Main
host: "apimgr.apilab.us"
port: 443
# database settings for API Portal, also check the instance settings in global section
mysql:
enabled: false
# if the credentials are already available in a secret, set existingSecret
existingSecret: {}
# name: "mysql-credentials"
# keyMapping:
# password: password
# username: root
# else, set username and password, this will create a new secret
username: "root"
password: "password"
# if it doesn't exist, a database with this name will be created by the app
databaseName: "portal"
sslOn: 0
sslVerifyCert: 0
redis:
enabled: false
host: ""
port: 6379
cacheTimeout: 600
apache:
sslOn: 0
extraEnvVars: []
# podSecurityContext:
# runAsUser: 1048
# runAsGroup: 1048
# fsGroup: 1048
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
aga:
enabled: false
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Wed, 30 Apr 2025 16:21:51 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233
# SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548
# SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69
# SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6
# SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd
# SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e
# SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8
# SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
repository: "analytics"
tag: "7.7.0.20240228-1-BN0065-ubi9"
# Overrides the image tag whose default is the chart appVersion.
generalConditions:
accept: "yes"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
extraEnvVars:
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
podAnnotations: {}
podSecurityContext: {}
securityContext:
allowPrivilegeEscalation: false
#NOTE readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
runAsNonRoot: false
service:
type: ClusterIP
ports:
ui:
port: 8040
protocol: TCP
#ingress:
# enabled: true
#className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
#nginx.ingress.kubernetes.io/ssl-passthrough: "true"
#nginx.ingress.kubernetes.io/ssl-redirect: "true"
#nginx.ingress.kubernetes.io/secure-backends: "true"
#nginx.ingress.kubernetes.io/ingress.class: "nginx"
#kubernetes.io/tls-acme: "true"
#cert-manager.io/cluster-issuer: "letsencrypt-issuer"
# kubernetes.io/i:ngress.class: nginx
#kubernetes.io/tls-acme: "true"
#hosts:
# - host: analytics.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: analytics-tls
# hosts:
# - analytics.apilab.us
# OpenShift configuration
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
# targetPort: "{{ .Values.aga.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html
# tls:
# enabled: true
# termination: passthrough
# insecureEdgeTerminationPolicy: Redirect
# key:
# caCertificate:
# certificate:
# destinationCACertificate:
# ref: https://kubernetes.io/docs/user-guide/compute-resources/
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
#targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6

2284
values.schema.json.bak Normal file
View File

File diff suppressed because it is too large Load Diff

1192
values.yaml Normal file
View File

File diff suppressed because it is too large Load Diff