{{- if .Values.apiportal.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: name: "{{ include "gateway.fullname" . }}-apiportal" labels: {{- include "gateway.labels" . | nindent 4 }} app.kubernetes.io/component: apiportal spec: replicas: {{ .Values.apiportal.replicaCount }} strategy: {{- if eq (default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type) "RollingUpdate" }} rollingUpdate: maxSurge: {{ default .Values.global.updateStrategy.rollingUpdate.maxSurge .Values.apiportal.updateStrategy.rollingUpdate.maxSurge }} maxUnavailable: {{ default .Values.global.updateStrategy.rollingUpdate.maxUnavailable .Values.apiportal.updateStrategy.rollingUpdate.maxUnavailable }} {{- end }} type: {{ default .Values.global.updateStrategy.type .Values.apiportal.updateStrategy.type }} selector: matchLabels: {{- include "gateway.selectorLabels" . | nindent 6 }} app.kubernetes.io/component: apiportal {{- with .Values.apiportal.podLabels }} {{- toYaml . | nindent 6 }} {{- end }} template: metadata: {{- with .Values.apiportal.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "gateway.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: apiportal {{- with .Values.apiportal.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "gateway.apiportal.serviceAccountName" . }} securityContext: {{- toYaml .Values.apiportal.podSecurityContext | nindent 8 }} containers: - name: "{{ include "gateway.fullname" . }}-apiportal" securityContext: {{- toYaml .Values.apiportal.securityContext | nindent 12 }} command: ["/usr/local/bin/entrypoint.sh", "apiportal"] {{- with .Values.apiportal.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.apiportal.readinessProbe }} readinessProbe: {{- toYaml . | nindent 12 }} {{- end }} resources: {{- toYaml .Values.apiportal.resources | nindent 12 }} env: # Same mysql database has been used for both metrics and apiportal {{- if .Values.apiportal.mysql.enabled }} - name: MYSQL_HOST value: {{ tpl .Values.global.database.host . | quote }} - name: MYSQL_PORT value: {{ .Values.global.database.port | quote }} - name: MYSQL_USER valueFrom: secretKeyRef: name: {{ include "gateway.apiportal.secretName" . }} key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "username" .username }}{{- else -}}"username"{{- end }} - name: MYSQL_PASSWORD valueFrom: secretKeyRef: name: {{ include "gateway.apiportal.secretName" . }} key: {{ with .Values.apiportal.mysql.existingSecret.keyMapping }}{{- default "password" .password }}{{- else -}}"password"{{- end }} - name: MYSQL_DATABASE value: {{ .Values.apiportal.mysql.databaseName | quote }} - name: MYSQL_SSL_ON value: {{ .Values.apiportal.mysql.sslOn | quote }} - name: MYSQL_SSL_VERIFY_CERT value: {{ .Values.apiportal.mysql.sslVerifyCert | quote }} {{- end }} {{- if .Values.apiportal.redis.enabled }} - name: REDIS_CONFIGURED value: "1" - name: REDIS_ON value: "1" - name: REDIS_HOST value: {{ required "A redis host should be specified" .Values.apiportal.redis.host | quote }} - name: REDIS_PORT value: {{ default "6379" .Values.apiportal.redis.port | quote }} - name: REDIS_CACHE_TIMEOUT_SEC value: {{ default "600" .Values.apiportal.redis.cacheTimeout | quote }} {{- end }} - name: APACHE_SSL_ON value: {{ .Values.apiportal.apache.sslOn | quote }} - name: APIMANAGER_CONFIGURED value: {{ default "1" .Values.apiportal.apiManager.configured | quote }} - name: API_WHITELIST_CONFIGURED value: "1" - name: API_WHITELIST value: "apitraffic.{{ .Values.global.domainName }}" - name: APIMANAGER_NAME value: {{ .Values.apiportal.apiManager.name | quote }} - name: APIMANAGER_HOST value: "{{ include "gateway.fullname" . }}-apimgr" - name: APIMANAGER_PORT value: {{ .Values.apimgr.service.ports.ui.port | quote }} - name: HTTP_PORT value: {{ .Values.apiportal.service.ports.http.port | quote }} - name: HTTPS_PORT value: {{ .Values.apiportal.service.ports.https.port | quote }} - name: HTTPS_FORCE_PORT value: {{ .Values.apiportal.service.ports.force.port | quote }} - name: T4_DOWNLOADED value: {{ .Values.apiportal.t4_downloaded | quote }} {{- if .Values.apiportal.extraEnvVars }} {{- toYaml .Values.apiportal.extraEnvVars | nindent 12 }} {{- end }} image: "{{ default .Values.global.defaultRegistry .Values.apiportal.image.registry }}/{{ .Values.apiportal.image.repository }}:{{ .Values.apiportal.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.global.imagePullPolicy }} ports: - name: "apiportal" containerPort: {{ .Values.apiportal.service.ports.force.port }} protocol: TCP volumeMounts: {{- $mounts := list }} {{- if .Values.apiportal.mysql.sslOn }} {{- $mounts = append $mounts (dict "name" "mysql-certs" "mountPath" "/opt/axway/apiportal/certs/mysql/mysql-ca.pem" "subPath" "mysql-ca.pem") }} {{- end }} {{- if .Values.apiportal.apache.sslOn }} {{- $mounts = append $mounts (dict "name" "apache" "mountPath" "/opt/axway/apiportal/certs/apache/") }} {{- end }} {{- include "gateway.volumeMounts" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $mounts | default list | toYaml | nindent 12 }} initContainers: - name: init-mysql image: {{ .Values.global.initContainers.image | quote }} command: [ 'sh', '-c', 'until nc -w 3 -v {{ tpl .Values.global.database.host . }} {{ .Values.global.database.port }}; do echo waiting for MySQL; sleep 2; done;' ] {{- with .Values.global.initContainers.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.global.initContainers.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.apiportal.apiManager.configured }} - name: init-apimanager image: {{ .Values.global.initContainers.image | quote }} command: [ 'sh', '-c', 'until nc -w 3 -v {{ include "gateway.fullname" . }}-apimgr 8075; do echo waiting for API Manager; sleep 2; done;' ] {{- with .Values.global.initContainers.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.global.initContainers.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} {{- end }} {{- with .Values.apiportal.extraInitContainers }} {{- toYaml . | nindent 8 }} {{- end }} volumes: {{- $vols := list }} {{- if .Values.apiportal.mysql.sslOn }} {{- $vols = append $vols (dict "name" "mysql-certs" "secret" (dict "secretName" "mysql-ca-cert" "items" (list (dict "key" "mysql-ca.pem" "path" "mysql-ca.pem")))) }} {{- end }} {{- if .Values.apiportal.apache.sslOn }} {{- $vols = append $vols (dict "name" "apache" "secret" (dict "secretName" "apache" "items" (list (dict "key" "tls.key" "path" "apache.key") (dict "key" "tls.crt" "path" "apache.crt")))) }} {{- end }} {{- include "gateway.volumes" (dict "component" "portal" "storage" (dict "volumes" (.Values.global.storage.volumes | concat .Values.apiportal.storage.volumes))) | fromYamlArray | concat $vols | default list | toYaml | nindent 8 }} {{- end }}