nameOverride: gateway global: domainName: apilab.us defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7 imagePullPolicy: Always imagePullSecrets: - name: regcred storage: provisioningType: "dynamic" storageClassName: "nfs" volumes: - name: events enabled: true usedBy: - anm - apimgr - traffic accessModes: - ReadWriteMany capacity: 1Gi volumeName: apim-events storageClassName: nfs-csi - name: payloads enabled: true usedBy: - traffic storageClassName: nfs-csi accessModes: - ReadWriteOnce capacity: 16Gi volumeName: apim-payloads - name: audit enabled: true usedBy: - anm - apimgr - traffic storageClassName: nfs-csi accessModes: - ReadWriteMany capacity: 1Gi volumeName: apim-audit - name: anm-external-config enabled: true usedBy: - anm accessModes: - ReadWriteOnce capacity: 8Mi - name: apimgr-external-config enabled: true usedBy: - apimgr accessModes: - ReadWriteOnce capacity: 8Mi - name: apitraffic-external-config enabled: true usedBy: - traffic accessModes: - ReadWriteOnce capacity: 8Mi - name: aga-external-config enabled: true usedBy: - traffic accessModes: - ReadWriteOnce capacity: 8Mi - name: opentraffic enabled: true usedBy: - traffic - anm - apimgr storageClassName: nfs-csi accessModes: - ReadWriteOnce capacity: 8Gi volumeName: apim-opentraffic initContainers: securityContext: runAsNonRoot: true database: host: mysql.metrics.svc.cluster.local metrics: enabled: false username: "root" password: "password" sslMode: "NONE" url: jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }} cassandra: enabled: true hosts: - variable: CASS_HOST hostname: cassandra.cassandra.svc.cluster.local username: cassandra password: cassandra keyspace: ks tkeyspace: tks anm: image: repository: "admin-nodemanager" tag: "7.7.0.20240228-1-BN0065-ubi9" generalConditions: accept: "yes" resources: limits: memory: "2048Mi" cpu: "1000m" requests: memory: "1Gi" cpu: "250m" securityContext: runAsNonRoot: true route: enabled: true annotations: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare #ingress: # enabled: true # className: "nginx" #annotations: # nginx.ingress.kubernetes.io/backend-protocol: HTTPS # nginx.ingress.kubernetes.io/ssl-passthrough: "true" # nginx.ingress.kubernetes.io/ssl-redirect: "true" # nginx.ingress.kubernetes.io/secure-backends: "true" # nginx.ingress.kubernetes.io/ingress.class: "nginx" # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: "letsencrypt-issuer" #hosts: # - host: anm.apilab.us # paths: # - path: / # pathType: ImplementationSpecific #tls: # - secretName: anm-tls # hosts: # - anm.apilab.us #service: # port: 8091 extraVolumeMounts: - name: anm-external-config mountPath: /merge - name: events mountPath: /opt/Axway/apigateway/events - name: audit mountPath: /opt/Axway/apigateway/logs extraVolumes: - persistentVolumeClaim: claimName: anm-external-config name: anm-external-config - persistentVolumeClaim: claimName: events name: events - persistentVolumeClaim: claimName: audit name: audit extraEnvVars: - name: EMT_DEPLOYMENT_ENABLED value: "true" - name: ACCEPT_GENERAL_CONDITIONS value: "yes" - name: APIGW_LOG_OPENTRAFFIC_OUTPUT value: "file" - name: API_BUILDER_URL value: "https://axway-elk-apim4elastic-apibuilder4elastic.apim4elastic:8443" apimgr: name: apimgr image: repository: "gateway" tag: "7.7.0.20240228-1-BN0065-ubi9" generalConditions: accept: "yes" groupId: Group1 resources: limits: memory: "2Gi" cpu: 2 requests: memory: "0.5Gi" cpu: 0.5 securityContext: runAsNonRoot: true route: enabled: true annotations: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare #ingress: # enabled: true #className: "nginx" #annotations: # nginx.ingress.kubernetes.io/backend-protocol: HTTPS # nginx.ingress.kubernetes.io/ssl-passthrough: "true" # nginx.ingress.kubernetes.io/ssl-redirect: "true" # nginx.ingress.kubernetes.io/secure-backends: "true" # nginx.ingress.kubernetes.io/ingress.class: "nginx" # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: "letsencrypt-issuer" #hosts: # - host: apimgr.apilab.us # paths: # - path: / # pathType: ImplementationSpecific #tls: # - secretName: apimgr-tls # hosts: # - apimgr.apilab.us #service: # port: 8075 extraVolumeMounts: - name: events mountPath: /opt/Axway/apigateway/events - name: apimgr-external-config mountPath: /merge - name: opentraffic mountPath: /opt/Axway/apigateway/logs/opentraffic - name: audit mountPath: /opt/Axway/apigateway/logs/transaction extraVolumes: - persistentVolumeClaim: claimName: events name: events - persistentVolumeClaim: claimName: apimgr-external-config name: apimgr-external-config - persistentVolumeClaim: claimName: opentraffic name: opentraffic - persistentVolumeClaim: claimName: audit name: audit extraEnvVars: - name: EMT_HEALTHCHECK_PORT value: "8065" - name: EMT_HEALTHCHECK_PATH value: /healthcheck - name: GW_DIR value: /opt/Axway/apigateway - name: GW_TRACE_DIR value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace - name: EMT_TOPOLOGY_TTL value: "10" - name: EMT_DEPLOYMENT_ENABLED value: "true" - name: ACCEPT_GENERAL_CONDITIONS value: "yes" - name: APIGW_LOG_OPENTRAFFIC_OUTPUT value: "file" license: license.lic: | FIPS=1 SalesForce Connector=1 ServiceNow Connector=1 analytics=1 api_visual_mapper=1 apiportal=1 company=Axway deployment_type=docker expires=Wed, 30 Apr 2025 16:21:51 GMT license_id=TEMP mcafee=1 name=Axway sdkgenerator=1 unrestricted=1 version=7.7 # SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233 # SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548 # SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69 # SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6 # SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd # SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e # SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8 # SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6 apitraffic: image: repository: "gateway" tag: "7.7.0.20240228-1-BN0065-ubi9" generalConditions: accept: "yes" groupId: Group1 resources: limits: memory: "2Gi" cpu: 2 requests: memory: "0.5Gi" cpu: 0.5 autoscaling: enabled: false minReplicas: 2 maxReplicas: 6 targetCPUUtilizationPercentage: 80 replicaCount: 2 securityContext: runAsNonRoot: true oauth: enabled: true type: ClusterIP port: 8089 protocol: TCP route: enabled: true annotations: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare #ingress: # enabled: true #className: "nginx" #annotations: # nginx.ingress.kubernetes.io/backend-protocol: HTTPS # nginx.ingress.kubernetes.io/ssl-passthrough: "true" # nginx.ingress.kubernetes.io/ssl-redirect: "true" # nginx.ingress.kubernetes.io/secure-backends: "true" # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: "letsencrypt-issuer" #hosts: # - host: oauth.apilab.us # paths: # - path: / # pathType: ImplementationSpecific #tls: # - secretName: oauth-tls # hosts: # - oauth.apilab.us #ingress: # enabled: true #className: "nginx" #annotations: # nginx.ingress.kubernetes.io/backend-protocol: HTTPS # nginx.ingress.kubernetes.io/ssl-passthrough: "true" # nginx.ingress.kubernetes.io/ssl-redirect: "true" # nginx.ingress.kubernetes.io/secure-backends: "true" # nginx.ingress.kubernetes.io/ingress.class: "nginx" # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: "letsencrypt-issuer" #hosts: # - host: apitraffic.apilab.us # paths: # - path: / # pathType: ImplementationSpecific #tls: # - secretName: apitraffic-tls # hosts: # - apitraffic.apilab.us service: port: 8065 extraVolumeMounts: - name: events mountPath: /opt/Axway/apigateway/events - name: apitraffic-external-config mountPath: /merge - name: opentraffic mountPath: /opt/Axway/apigateway/logs/opentraffic - name: payloads mountPath: /opt/Axway/apigateway/logs/payloads - name: audit mountPath: /opt/Axway/apigateway/logs/transaction extraVolumes: - persistentVolumeClaim: claimName: events name: events - persistentVolumeClaim: claimName: apitraffic-external-config name: apitraffic-external-config - persistentVolumeClaim: claimName: payloads name: payloads - persistentVolumeClaim: claimName: opentraffic name: opentraffic - persistentVolumeClaim: claimName: audit name: audit extraEnvVars: - name: EMT_HEALTHCHECK_PORT value: "8065" - name: EMT_HEALTHCHECK_PATH value: /healthcheck - name: GW_DIR value: /opt/Axway/apigateway - name: GW_TRACE_DIR value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace - name: EMT_TOPOLOGY_TTL value: "10" - name: APIGW_LOG_OPENTRAFFIC_OUTPUT value: "file" - name: EMT_DEPLOYMENT_ENABLED value: "true" - name: ENV_SECRET_EXAMPLE valueFrom: secretKeyRef: name: apim-gateway-cassandra key: username - name: ACCEPT_GENERAL_CONDITIONS value: "yes" license: license.lic: | FIPS=1 SalesForce Connector=1 ServiceNow Connector=1 analytics=1 api_visual_mapper=1 apiportal=1 company=Axway deployment_type=docker expires=Wed, 30 Apr 2025 16:21:51 GMT license_id=TEMP mcafee=1 name=Axway sdkgenerator=1 unrestricted=1 version=7.7 # SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233 # SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548 # SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69 # SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6 # SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd # SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e # SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8 # SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6 apiportal: enabled: false replicaCount: 1 image: # an image reference is specified by registry/repository:tag, # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used registry: docker.repository.axway.com/apiportal-docker-prod/7.7 repository: "apiportal" tag: "7.7.20240228-BN1285" generalConditions: accept: "yes" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" service: type: ClusterIP ports: # target: # port: 8443 # https: # port: 8443 # protocol: TCP http: port: 8080 protocol: TCP force: port: 8080 protocol: TCP # OpenShift configuration route: enabled: true annotations: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare #ingress: # enabled: true # className: "nginx" #annotations: # nginx.ingress.kubernetes.io/ssl-passthrough: "true" # nginx.ingress.kubernetes.io/ssl-redirect: "true" # nginx.ingress.kubernetes.io/secure-backends: "true" # nginx.ingress.kubernetes.io/ingress.class: "nginx" # kubernetes.io/tls-acme: "true" # cert-manager.io/cluster-issuer: "letsencrypt-issuer" #hosts: # - host: portal.apilab.us # paths: # - path: / # pathType: ImplementationSpecific #tls: # - secretName: apiportal-tls # hosts: # - portal.apilab.us apiManager: configured: 1 name: Main host: "apimgr.apilab.us" port: 443 # database settings for API Portal, also check the instance settings in global section mysql: enabled: false # if the credentials are already available in a secret, set existingSecret existingSecret: {} # name: "mysql-credentials" # keyMapping: # password: password # username: root # else, set username and password, this will create a new secret username: "root" password: "password" # if it doesn't exist, a database with this name will be created by the app databaseName: "portal" sslOn: 0 sslVerifyCert: 0 redis: enabled: false host: "" port: 6379 cacheTimeout: 600 apache: sslOn: 0 extraEnvVars: [] # podSecurityContext: # runAsUser: 1048 # runAsGroup: 1048 # fsGroup: 1048 securityContext: allowPrivilegeEscalation: false runAsNonRoot: true aga: enabled: false license: license.lic: | FIPS=1 SalesForce Connector=1 ServiceNow Connector=1 analytics=1 api_visual_mapper=1 apiportal=1 company=Axway deployment_type=docker expires=Wed, 30 Apr 2025 16:21:51 GMT license_id=TEMP mcafee=1 name=Axway sdkgenerator=1 unrestricted=1 version=7.7 # SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233 # SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548 # SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69 # SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6 # SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd # SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e # SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8 # SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6 replicaCount: 1 image: # an image reference is specified by registry/repository:tag, # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used repository: "analytics" tag: "7.7.0.20240228-1-BN0065-ubi9" # Overrides the image tag whose default is the chart appVersion. generalConditions: accept: "yes" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" extraEnvVars: - name: ACCEPT_GENERAL_CONDITIONS value: "yes" podAnnotations: {} podSecurityContext: {} securityContext: allowPrivilegeEscalation: false #NOTE readOnlyRootFilesystem should be left to false # readOnlyRootFilesystem: false runAsNonRoot: true service: type: ClusterIP ports: ui: port: 8040 protocol: TCP #ingress: # enabled: true #className: "nginx" #annotations: # nginx.ingress.kubernetes.io/backend-protocol: HTTPS #nginx.ingress.kubernetes.io/ssl-passthrough: "true" #nginx.ingress.kubernetes.io/ssl-redirect: "true" #nginx.ingress.kubernetes.io/secure-backends: "true" #nginx.ingress.kubernetes.io/ingress.class: "nginx" #kubernetes.io/tls-acme: "true" #cert-manager.io/cluster-issuer: "letsencrypt-issuer" # kubernetes.io/i:ngress.class: nginx #kubernetes.io/tls-acme: "true" #hosts: # - host: analytics.apilab.us # paths: # - path: / # pathType: ImplementationSpecific #tls: # - secretName: analytics-tls # hosts: # - analytics.apilab.us # OpenShift configuration route: enabled: true annotations: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare # targetPort: "{{ .Values.aga.ports.ui.port }}" ## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html # tls: # enabled: true # termination: passthrough # insecureEdgeTerminationPolicy: Redirect # key: # caCertificate: # certificate: # destinationCACertificate: # ref: https://kubernetes.io/docs/user-guide/compute-resources/ resources: {} # limits: # memory: "2048Mi" # cpu: "1000m" # requests: # memory: "1Gi" # cpu: "250m" autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 #targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} livenessProbe: httpGet: httpHeaders: - name: k8sprobe value: liveness.apimgr path: /healthcheck port: 8040 scheme: HTTPS initialDelaySeconds: 40 periodSeconds: 30 failureThreshold: 5 readinessProbe: httpGet: httpHeaders: - name: k8sprobe value: readiness.apimgr path: /healthcheck port: 8040 scheme: HTTPS initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 6