nameOverride: gateway global: domainName: apilab.us defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 imagePullPolicy: Always imagePullSecrets: - name: regcred storage: provisioningType: "dynamic" storageClassName: "nfs" volumes: - name: events enabled: true usedBy: - anm - apimgr - traffic accessModes: - ReadWriteMany capacity: 1Gi volumeName: apim-events - name: payloads enabled: true usedBy: - traffic accessModes: - ReadWriteOnce capacity: 16Gi volumeName: apim-payloads - name: audit enabled: true usedBy: - anm - apimgr - traffic accessModes: - ReadWriteMany capacity: 1Gi volumeName: apim-audit - name: anm-external-config enabled: true usedBy: - anm accessModes: - ReadWriteOnce capacity: 8Mi - name: apimgr-external-config enabled: true usedBy: - apimgr accessModes: - ReadWriteOnce capacity: 8Mi - name: apitraffic-external-config enabled: true usedBy: - traffic accessModes: - ReadWriteOnce capacity: 8Mi - name: aga-external-config enabled: true usedBy: - traffic accessModes: - ReadWriteOnce capacity: 8Mi - name: opentraffic enabled: true usedBy: - traffic - anm - apimgr accessModes: - ReadWriteOnce capacity: 8Gi volumeName: apim-opentraffic initContainers: securityContext: runAsNonRoot: false database: host: mysql.metrics.svc.cluster.local metrics: enabled: true username: "root" password: "password" sslMode: "NONE" url: jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }} cassandra: enabled: true hosts: - variable: CASS_HOST hostname: cassandra.cassandra.svc.cluster.local username: cassandra password: cassandra keyspace: ks tkeyspace: tks anm: image: repository: "admin-nodemanager" tag: "7.7.0.20240228-1-BN0065-ubi9" generalConditions: accept: "yes" resources: limits: memory: "2048Mi" cpu: "1000m" requests: memory: "1Gi" cpu: "250m" securityContext: runAsNonRoot: false route: enabled: false ingress: enabled: true className: "nginx" annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/ingress.class: "nginx" kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: "letsencrypt-issuer" hosts: - host: anm.apilab.us paths: - path: / pathType: ImplementationSpecific tls: - secretName: anm-tls hosts: - anm.apilab.us service: port: 8091 extraVolumeMounts: - name: anm-external-config mountPath: /merge - name: events mountPath: /opt/Axway/apigateway/events - name: audit mountPath: /opt/Axway/apigateway/logs extraVolumes: - persistentVolumeClaim: claimName: anm-external-config name: anm-external-config - persistentVolumeClaim: claimName: events name: events - persistentVolumeClaim: claimName: audit name: audit extraEnvVars: - name: EMT_DEPLOYMENT_ENABLED value: "true" - name: ACCEPT_GENERAL_CONDITIONS value: "yes" - name: APIGW_LOG_OPENTRAFFIC_OUTPUT value: "file" - name: API_BUILDER_URL value: "https://axway-elk-apim4elastic-apibuilder4elastic.apim4elastic:8443" apimgr: name: apimgr image: repository: "gateway" tag: "7.7.0.20240228-1-BN0065-ubi9" generalConditions: accept: "yes" groupId: Group1 resources: limits: memory: "2Gi" cpu: 2 requests: memory: "0.5Gi" cpu: 0.5 securityContext: runAsNonRoot: false route: enabled: false ingress: enabled: true className: "nginx" annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/ingress.class: "nginx" kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: "letsencrypt-issuer" hosts: - host: apimgr.apilab.us paths: - path: / pathType: ImplementationSpecific tls: - secretName: apimgr-tls hosts: - apimgr.apilab.us service: port: 8075 extraVolumeMounts: - name: events mountPath: /opt/Axway/apigateway/events - name: apimgr-external-config mountPath: /merge - name: opentraffic mountPath: /opt/Axway/apigateway/logs/opentraffic - name: audit mountPath: /opt/Axway/apigateway/logs/transaction extraVolumes: - persistentVolumeClaim: claimName: events name: events - persistentVolumeClaim: claimName: apimgr-external-config name: apimgr-external-config - persistentVolumeClaim: claimName: opentraffic name: opentraffic - persistentVolumeClaim: claimName: audit name: audit extraEnvVars: - name: EMT_HEALTHCHECK_PORT value: "8065" - name: EMT_HEALTHCHECK_PATH value: /healthcheck - name: GW_DIR value: /opt/Axway/apigateway - name: GW_TRACE_DIR value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace - name: EMT_TOPOLOGY_TTL value: "10" - name: EMT_DEPLOYMENT_ENABLED value: "true" - name: ACCEPT_GENERAL_CONDITIONS value: "yes" - name: APIGW_LOG_OPENTRAFFIC_OUTPUT value: "file" license: license.lic: | FIPS=1 SalesForce Connector=1 ServiceNow Connector=1 analytics=1 api_visual_mapper=1 apiportal=1 company=Axway deployment_type=docker expires=Sat, 30 Nov 2024 15:48:27 GMT license_id=TEMP mcafee=1 name=Axway sdkgenerator=1 unrestricted=1 version=7.7 # SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9 # SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba # SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d # SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4 # SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089 # SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d # SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472 # SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c apitraffic: image: repository: "gateway" tag: "7.7.0.20240228-1-BN0065-ubi9" generalConditions: accept: "yes" groupId: Group1 resources: limits: memory: "2Gi" cpu: 2 requests: memory: "0.5Gi" cpu: 0.5 autoscaling: enabled: false minReplicas: 2 maxReplicas: 6 targetCPUUtilizationPercentage: 80 replicaCount: 4 securityContext: runAsNonRoot: false oauth: enabled: true type: ClusterIP port: 8089 protocol: TCP route: enabled: false ingress: enabled: true className: "nginx" annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/secure-backends: "true" kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: "letsencrypt-issuer" hosts: - host: oauth.apilab.us paths: - path: / pathType: ImplementationSpecific tls: - secretName: oauth-tls hosts: - oauth.apilab.us route: enabled: false ingress: enabled: true className: "nginx" annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/ingress.class: "nginx" kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: "letsencrypt-issuer" hosts: - host: apitraffic.apilab.us paths: - path: / pathType: ImplementationSpecific tls: - secretName: apitraffic-tls hosts: - apitraffic.apilab.us service: port: 8065 extraVolumeMounts: - name: events mountPath: /opt/Axway/apigateway/events - name: apitraffic-external-config mountPath: /merge - name: opentraffic mountPath: /opt/Axway/apigateway/logs/opentraffic - name: payloads mountPath: /opt/Axway/apigateway/logs/payloads - name: audit mountPath: /opt/Axway/apigateway/logs/transaction extraVolumes: - persistentVolumeClaim: claimName: events name: events - persistentVolumeClaim: claimName: apitraffic-external-config name: apitraffic-external-config - persistentVolumeClaim: claimName: payloads name: payloads - persistentVolumeClaim: claimName: opentraffic name: opentraffic - persistentVolumeClaim: claimName: audit name: audit extraEnvVars: - name: EMT_HEALTHCHECK_PORT value: "8065" - name: EMT_HEALTHCHECK_PATH value: /healthcheck - name: GW_DIR value: /opt/Axway/apigateway - name: GW_TRACE_DIR value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace - name: EMT_TOPOLOGY_TTL value: "10" - name: APIGW_LOG_OPENTRAFFIC_OUTPUT value: "file" - name: EMT_DEPLOYMENT_ENABLED value: "true" - name: ENV_SECRET_EXAMPLE valueFrom: secretKeyRef: name: apim-gateway-cassandra key: username - name: ACCEPT_GENERAL_CONDITIONS value: "yes" license: license.lic: | FIPS=1 SalesForce Connector=1 ServiceNow Connector=1 analytics=1 api_visual_mapper=1 apiportal=1 company=Axway deployment_type=docker expires=Sat, 30 Nov 2024 15:48:27 GMT license_id=TEMP mcafee=1 name=Axway sdkgenerator=1 unrestricted=1 version=7.7 # SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9 # SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba # SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d # SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4 # SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089 # SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d # SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472 # SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c apiportal: enabled: true replicaCount: 1 image: # an image reference is specified by registry/repository:tag, # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used registry: docker.repository.axway.com/apiportal-docker-prod/7.7 repository: "apiportal" tag: "7.7.20240228-BN1285" generalConditions: accept: "yes" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" service: type: ClusterIP ports: # target: # port: 8443 # https: # port: 8443 # protocol: TCP http: port: 8080 protocol: TCP force: port: 8080 protocol: TCP # OpenShift configuration route: enabled: false ingress: enabled: true className: "nginx" annotations: nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/ingress.class: "nginx" kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: "letsencrypt-issuer" hosts: - host: portal.apilab.us paths: - path: / pathType: ImplementationSpecific tls: - secretName: apiportal-tls hosts: - portal.apilab.us apiManager: configured: 1 name: Main host: "apimgr.apilab.us" port: 443 # database settings for API Portal, also check the instance settings in global section mysql: enabled: true # if the credentials are already available in a secret, set existingSecret existingSecret: {} # name: "mysql-credentials" # keyMapping: # password: password # username: root # else, set username and password, this will create a new secret username: "root" password: "password" # if it doesn't exist, a database with this name will be created by the app databaseName: "portal" sslOn: 0 sslVerifyCert: 0 redis: enabled: false host: "" port: 6379 cacheTimeout: 600 apache: sslOn: 0 extraEnvVars: [] podSecurityContext: runAsUser: 1048 runAsGroup: 1048 fsGroup: 1048 securityContext: allowPrivilegeEscalation: false runAsNonRoot: true aga: enabled: false license: license.lic: | FIPS=1 SalesForce Connector=1 ServiceNow Connector=1 analytics=1 api_visual_mapper=1 apiportal=1 company=Axway deployment_type=docker expires=Sat, 30 Nov 2024 15:48:27 GMT license_id=TEMP mcafee=1 name=Axway sdkgenerator=1 unrestricted=1 version=7.7 # SIGNATURE: ce164db4840083f2741d364f45ffb6efdc2f6caee8307f9fd5e6899b430488f9 # SIGNATURE: b0357a0baa4af4c348ae551054c5885db831275f382a3e153dde4cf5852131ba # SIGNATURE: f8458619453363b6ed4b0c6fd6aa3fe81f28542193074f88b4c514c45048997d # SIGNATURE: 312dc89de6684bc864099da581aa226c73a93bb184d29a392826a93a72cc68b4 # SIGNATURE: e12c9daa05cc1d7caed7319943d9fba41dd48b9918bd468a05c8f2cff2a9c089 # SIGNATURE: cae24bd8d6754cc99c0549b53b92dc7ebc60f1d83a9c8f3a773baff464a82d8d # SIGNATURE: b35c5476f61a9153ebd15a436d00eb21bef8d7a4e87bb3430d3b0427d57a4472 # SIGNATURE: 0641f5f2b0de45e74f019cedf92ac3ea5644490d65f3d9f76f57ab1b6f9e1e8c replicaCount: 1 image: # an image reference is specified by registry/repository:tag, # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used repository: "analytics" tag: "7.7.0.20240228-1-BN0065-ubi9" # Overrides the image tag whose default is the chart appVersion. generalConditions: accept: "yes" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" extraEnvVars: - name: ACCEPT_GENERAL_CONDITIONS value: "yes" podAnnotations: {} podSecurityContext: {} securityContext: allowPrivilegeEscalation: false #NOTE readOnlyRootFilesystem should be left to false # readOnlyRootFilesystem: false runAsNonRoot: false service: type: ClusterIP ports: ui: port: 8040 protocol: TCP ingress: enabled: true className: "nginx" annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/ingress.class: "nginx" kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: "letsencrypt-issuer" # kubernetes.io/i:ngress.class: nginx kubernetes.io/tls-acme: "true" hosts: - host: analytics.apilab.us paths: - path: / pathType: ImplementationSpecific tls: - secretName: analytics-tls hosts: - analytics.apilab.us # OpenShift configuration route: enabled: false # targetPort: "{{ .Values.aga.ports.ui.port }}" ## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html # tls: # enabled: true # termination: passthrough # insecureEdgeTerminationPolicy: Redirect # key: # caCertificate: # certificate: # destinationCACertificate: # ref: https://kubernetes.io/docs/user-guide/compute-resources/ resources: {} # limits: # memory: "2048Mi" # cpu: "1000m" # requests: # memory: "1Gi" # cpu: "250m" autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 #targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} livenessProbe: httpGet: httpHeaders: - name: k8sprobe value: liveness.apimgr path: /healthcheck port: 8040 scheme: HTTPS initialDelaySeconds: 40 periodSeconds: 30 failureThreshold: 5 readinessProbe: httpGet: httpHeaders: - name: k8sprobe value: readiness.apimgr path: /healthcheck port: 8040 scheme: HTTPS initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 6