# Structural changes to this file should be reflected in values.schema.yaml # # Sample values for different use cases are available in the samples folder # override for the name of the chart nameOverride: "" # override for the fully qualified name fullnameOverride: "" # global values that can be read by all components of the APIM solution global: # if apimVersion is not set, the appVersion in Chart.yaml will be used apimVersion: "" # domain used in the ingresses or routes domainName: "" # NOTE: if not using the default domain certs set domainId to the Unique ID (or Common Name) that was used to create custom domain certs domainId: "" # default docker registry defaultRegistry: "" imagePullSecrets: [] imagePullPolicy: IfNotPresent initContainers: image: "docker.io/busybox:1.34" # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: {} securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true #runAsNonRoot: true allowPrivilegeEscalation: false updateStrategy: # RollingUpdate or Recreate type: RollingUpdate # If RollingUpdate rollingUpdate: maxSurge: 2 maxUnavailable: 0 storage: # static (a template will be created for the PV), # or dynamic (default, a storage class is used, and PV doesnt' require a template) provisioningType: "dynamic" # for dynamic provisioning, the persistent volume will be created based # on the storage class specs # global storage class name, will be used by all volumes not overriding it # leave empty for static provisioning # can be the name of a storage class specified in `classes` below, or an external one storageClassName: "" # storage class managed by this chart classes: [] # - name: "" # # provisioner (CSI driver), example: efs.csi.aws.com # provisioner: "" # allowVolumeExpansion: true # mountOptions: [] # # storage class parameters to use if create is true # parameters: {} # # example # # provisioningMode: "efs-ap" # # fileSystemId: "fs-05d1bd09462e124d8" # # directoryPerms: "770" volumes: - name: events enabled: false accessModes: - ReadWriteMany # storage request, if provisioner is elastic, leave it to 1Mi capacity: 1Mi # for dynamic provisioning, the persistent volume will be created based # on the storage class specs # if the storage class name is set for the volume, it will override the one defined # in global.storage.storageClassName # examples: azurefile-premium, efs-sc # leave empty for static provisioning # can be a storage class defined above, or an external one # storageClassName: "" # for static provisioning, the persistent volume will be created based on these specs persistentVolume: # CSI driver, for example efs.csi.aws.com csiDriver: "" # volume handle # EFS: FS_ID::AP_ID volumeHandle: "" # reclaim policy, what happens to the storage when the PVC is deleted # Delete or Retain reclaimPolicy: Delete - name: gw-external-config enabled: true accessModes: - ReadWriteMany # storage request, if provisioner is elastic, leave it to 1Mi capacity: 1Mi # for dynamic provisioning, the persistent volume will be created based # on the storage class specs # if the storage class name is set for the volume, it will override the one defined # in global.storage.storageClassName # examples: azurefile-premium, efs-sc # leave empty for static provisioning # can be a storage class defined above, or an external one # storageClassName: "nfs" # for static provisioning, the persistent volume will be created based on these specs persistentVolume: # CSI driver, for example efs.csi.aws.com csiDriver: "" # volume handle # EFS: FS_ID::AP_ID volumeHandle: "" # reclaim policy, what happens to the storage when the PVC is deleted # Delete or Retain reclaimPolicy: Delete - name: aga-external-config enabled: true accessModes: - ReadWriteMany # storage request, if provisioner is elastic, leave it to 1Mi capacity: 1Mi # for dynamic provisioning, the persistent volume will be created based # on the storage class specs # if the storage class name is set for the volume, it will override the one defined # in global.storage.storageClassName # examples: azurefile-premium, efs-sc # leave empty for static provisioning # can be a storage class defined above, or an external one # storageClassName: "nfs" # for static provisioning, the persistent volume will be created based on these specs persistentVolume: # CSI driver, for example efs.csi.aws.com csiDriver: "" # volume handle # EFS: FS_ID::AP_ID volumeHandle: "" # reclaim policy, what happens to the storage when the PVC is deleted # Delete or Retain reclaimPolicy: Delete - name: anm-external-config enabled: true accessModes: - ReadWriteMany # storage request, if provisioner is elastic, leave it to 1Mi capacity: 1Mi # for dynamic provisioning, the persistent volume will be created based # on the storage class specs # if the storage class name is set for the volume, it will override the one defined # in global.storage.storageClassName # examples: azurefile-premium, efs-sc # leave empty for static provisioning # can be a storage class defined above, or an external one # storageClassName: "nfs" # for static provisioning, the persistent volume will be created based on these specs persistentVolume: # CSI driver, for example efs.csi.aws.com csiDriver: "" # volume handle # EFS: FS_ID::AP_ID volumeHandle: "" # reclaim policy, what happens to the storage when the PVC is deleted # Delete or Retain reclaimPolicy: Delete # Database server instance used for metrics and for API Portal database: # templating available # host: example-mysql.{{ .Values.global.domainName }} host: "" port: 3306 # database name for the metrics, used by gateway components metrics: enabled: false # a database with this name has to be created in the MySQL instance as a prerequisite databaseName: metrics # 8.0.12 and earlier, useSSL is a string, verifyServerCertificate is a boolean value useSSL: "false" # verifyServerCertificate: true # 8.0.13 and later: Server Certificate Verification is enabled when the sslMode property is set to VERIFY_CA or VERIFY_IDENTITY # sslMode: "NONE" # MySQL JDBC URL url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}" # additional QueryString parameters in jdbc url can be added as shown below # encoding: "UTF-8" # url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}&{{ .Values.global.database.metrics.encoding }}" # if the credentials are already available in a secret, set existingSecret existingSecret: {} # name: "mysql-credentials" # keyMapping: # password: metricsDbPasswordKey # username: metricsDbPasswordKey # else, set username and password, this will create a new secret username: "" password: "" # portal database is only used by the portal pods, so it's configuration is in the apiportal section # cassandra connection configuration cassandra: enabled: false # if the credentials are already available in a secret, set existingSecret # if not, set username and password existingSecret: {} # name: cassandra # keyMapping: # username: myCassandraUsernameKey # password: myCassandraPasswordKey # list of hostnames and name of the env var passed to the gateway image, # the variable name should be consistent with the content of the FED hosts: [] ## single cassandra node, or service of a containerized cassandra: # - variable: CASS_HOST # hostname: cassandra.cassandra ## multi node cassandra: # - variable: CASS_HOST_1 # hostname: cassandra-1 # - variable: CASS_HOST_2 # hostname: cassandra-2 # - variable: CASS_HOST_3 # hostname: cassandra-3 username: "" password: "" port: 9042 # templating available # keyspace: keyspace-{{ .Values.global.domainID }} # tkeyspace: tkeyspace-{{ .Values.global.domainID }} keyspace: "" tkeyspace: "" # Set the domain key passphrase. If passphrase is blank, do not set. # domainkeypassphrase: # passphrase: "" tests: images: curl: registry: docker.io repository: "curlimages/curl" # leave empty for "latest" or specify an immutable tag tag: "" # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: {} # limits: # cpu: 100m # memory: 50Mi # requests: # cpu: 100m # memory: 50Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true #runAsNonRoot: true serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" anm: # a single replica is the only supported value for ANM enabled: true replicaCount: 1 updateStrategy: # RollingUpdate or Recreate type: "" # If RollingUpdate rollingUpdate: maxSurge: 2 maxUnavailable: 0 image: # an image reference is specified by registry/repository:tag, # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used registry: "" repository: "" # Overrides the image tag whose default is the chart appVersion. tag: "" # Accept general conditions on the image by setting accept to yes generalConditions: accept: "" # Enables FIPS mode FIPS: enabled: false logs: trace: # FATAL, ERROR, INFO, DEBUG, DATA level: INFO # Write trace logs to file on disk disk: true # Write trace logs to stdout in JSON Format stdoutJSON: true serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podLabels: {} # podSecurityContext: # set user id for k8s, set null for openshift # runAsUser: 1000 # runAsGroup: 1000 # fsGroup: 1000 securityContext: allowPrivilegeEscalation: false # NOTE: readOnlyRootFilesystem should be left to false # readOnlyRootFilesystem: false #runAsNonRoot: true service: type: ClusterIP ports: traffic: port: 8090 protocol: TCP ui: port: 8091 protocol: TCP ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local # OpenShift configuration route: enabled: true targetPort: "{{ .Values.anm.service.ports.ui.port }}" ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html tls: enabled: true termination: passthrough insecureEdgeTerminationPolicy: Redirect key: caCertificate: certificate: destinationCACertificate: # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: {} # limits: # memory: "2048Mi" # cpu: "1000m" # requests: # memory: "1Gi" # cpu: "250m" # JVM Heap Size in MB jvmHeapSize: "1024" autoscaling: enabled: false minReplicas: 1 maxReplicas: 1 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} #extraInitContainers: # - name: extra # image: "docker.io/busybox:1.34" # command: [] # resources: # limits: # memory: "500Mi" # cpu: 0.5 # securityContext: # allowPrivilegeEscalation: false # runAsNonRoot: true extraEnvVars: [] # - name: MY_ENV_VARIABLE # value: "true" livenessProbe: httpGet: httpHeaders: - name: k8sprobe value: liveness.anm path: /healthcheck port: 8091 scheme: HTTPS initialDelaySeconds: 40 periodSeconds: 30 failureThreshold: 5 readinessProbe: httpGet: httpHeaders: - name: k8sprobe value: readiness.anm path: /healthcheck port: 8091 scheme: HTTPS initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 6 # extraVolumeMounts: # - name: events # mountPath: /opt/Axway/apigateway/logs/events # extraVolumes: # - persistentVolumeClaim: # claimName: events # name: events extraVolumeMounts: - name: anm-external-config mountPath: /merge extraVolumes: - persistentVolumeClaim: claimName: anm-external-config name: anm-external-config apimgr: enabled: true replicaCount: 1 updateStrategy: # RollingUpdate or Recreate type: "" # If RollingUpdate rollingUpdate: maxSurge: 2 maxUnavailable: 0 image: # an image reference is specified by registry/repository:tag, # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used registry: "" repository: "" # Overrides the image tag whose default is the chart appVersion. tag: "" # Accept general conditions on the image by setting accept to yes generalConditions: accept: "" groupId: "DefaultGroup" # Enables FIPS mode FIPS: enabled: false logs: trace: # FATAL, ERROR, INFO, DEBUG, DATA level: INFO # Write trace logs to file on disk disk: true # Write trace logs to stdout in JSON Format stdoutJSON: true opentraffic: # none, file or stdout output: file serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podLabels: {} #podSecurityContext: # set user id for k8s, set null for openshift # runAsUser: 1000 # runAsGroup: 1000 #fsGroup: 1000 securityContext: allowPrivilegeEscalation: false # NOTE: readOnlyRootFilesystem should be left to false # readOnlyRootFilesystem: false #runAsNonRoot: true service: type: ClusterIP ports: ui: port: 8075 protocol: TCP ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local # OpenShift configuration route: enabled: true targetPort: "{{ .Values.apimgr.service.ports.ui.port }}" ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html tls: enabled: true termination: passthrough insecureEdgeTerminationPolicy: Redirect key: caCertificate: certificate: destinationCACertificate: # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: {} # limits: # memory: "2Gi" # cpu: 2 # requests: # memory: "0.5Gi" # cpu: 0.5 # JVM Heap Size in MB jvmHeapSize: "1512" autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} #extraInitContainers: # - name: extra # image: "docker.io/busybox:1.34" # command: [] # resources: # limits: # memory: "500Mi" # cpu: 0.5 # securityContext: # allowPrivilegeEscalation: false # runAsNonRoot: true extraEnvVars: [] # - name: MY_ENV_VARIABLE # value: "true" livenessProbe: httpGet: httpHeaders: - name: k8sprobe value: liveness.apimgr path: /healthcheck port: 8075 scheme: HTTPS initialDelaySeconds: 40 periodSeconds: 30 failureThreshold: 5 readinessProbe: httpGet: httpHeaders: - name: k8sprobe value: readiness.apimgr path: /healthcheck port: 8075 scheme: HTTPS initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 6 # extraVolumeMounts: # - name: events # mountPath: /opt/Axway/apigateway/logs/events # - name: opentraffic # mountPath: /opt/Axway/apigateway/logs/opentraffic # extraVolumes: # - persistentVolumeClaim: # claimName: events # name: events # - persistentVolumeClaim: # claimName: opentraffic # name: opentraffic extraVolumeMounts: - name: gw-external-config mountPath: /merge extraVolumes: - persistentVolumeClaim: claimName: gw-external-config name: gw-external-config license: license.lic: | # FIPS=1 # Mock Connector=1 # SalesForce Connector=1 # ServiceNow Connector=1 # analytics=1 # api_visual_mapper=1 # apiportal=1 # expires=Sun, 05 May 2025 00:00:00 GMT # mcafee=1 # mobile integration=1 # unrestricted=1 # # SIGNATURE: abc123 apitraffic: enabled: true replicaCount: 1 updateStrategy: # RollingUpdate or Recreate type: "" # If RollingUpdate rollingUpdate: maxSurge: 2 maxUnavailable: 0 image: # an image reference is specified by registry/repository:tag, # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used registry: "" repository: "" # Overrides the image tag whose default is the chart appVersion. tag: "" # Accept general conditions on the image by setting accept to yes generalConditions: accept: "" groupId: "DefaultGroup" # Enables FIPS mode FIPS: enabled: false logs: trace: # FATAL, ERROR, INFO, DEBUG or DATA level: INFO # Write trace logs to file on disk disk: true # Write trace logs to stdout in JSON Format stdoutJSON: true opentraffic: # none, file or stdout output: file serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podLabels: {} #podSecurityContext: # set user id for k8s, set null for openshift # runAsUser: 1000 #runAsGroup: 1000 #fsGroup: 1000 securityContext: allowPrivilegeEscalation: false # NOTE: readOnlyRootFilesystem should be left to false # readOnlyRootFilesystem: false # runAsNonRoot: true service: type: ClusterIP ports: traffic: port: 8065 protocol: TCP oauth: enabled: true type: ClusterIP port: 8089 protocol: TCP route: enabled: false targetPort: "{{ .Values.apitraffic.oauth.port }}" tls: enabled: true termination: passthrough insecureEdgeTerminationPolicy: Redirect key: caCertificate: certificate: destinationCACertificate: #oauth ingress ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local #apitraffic ingress ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local # OpenShift configuration route: enabled: true targetPort: "{{ .Values.apitraffic.service.ports.traffic.port }}" ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html tls: enabled: true termination: passthrough insecureEdgeTerminationPolicy: Redirect key: caCertificate: certificate: destinationCACertificate: # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: {} # limits: # memory: "2Gi" # cpu: 2 # requests: # memory: "0.5Gi" # cpu: 0.5 # JVM Heap Size in MB jvmHeapSize: "1512" autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} #extraInitContainers: # - name: extra # image: "docker.io/busybox:1.34" # command: [] # resources: # limits: # memory: "500Mi" # cpu: 0.5 # securityContext: # allowPrivilegeEscalation: false # runAsNonRoot: true extraEnvVars: [] # - name: MY_ENV_VARIABLE # value: "true" livenessProbe: httpGet: httpHeaders: - name: k8sprobe value: liveness.apitraffic path: /healthcheck port: 8065 scheme: HTTPS initialDelaySeconds: 40 periodSeconds: 30 failureThreshold: 5 readinessProbe: httpGet: httpHeaders: - name: k8sprobe value: readiness.apitraffic path: /healthcheck port: 8065 scheme: HTTPS initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 6 # extraVolumeMounts: # - name: events # mountPath: /opt/Axway/apigateway/logs/events # - name: opentraffic # mountPath: /opt/Axway/apigateway/logs/opentraffic # extraVolumes: # - persistentVolumeClaim: # claimName: events # name: events # - persistentVolumeClaim: # claimName: opentraffic # name: opentraffic extraVolumeMounts: - name: gw-external-config mountPath: /merge extraVolumes: - persistentVolumeClaim: claimName: gw-external-config name: gw-external-config license: license.lic: | # FIPS=1 # Mock Connector=1 # SalesForce Connector=1 # ServiceNow Connector=1 # analytics=1 # api_visual_mapper=1 # apiportal=1 # expires=Sun, 05 May 2025 00:00:00 GMT # mcafee=1 # mobile integration=1 # unrestricted=1 # # SIGNATURE: abc123 aga: enabled: false replicaCount: 1 updateStrategy: # RollingUpdate or Recreate type: "" # If RollingUpdate rollingUpdate: maxSurge: 2 maxUnavailable: 0 image: # an image reference is specified by registry/repository:tag, # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used registry: "" repository: "" # Overrides the image tag whose default is the chart appVersion. tag: "" # Accept general conditions on the image by setting accept to yes generalConditions: accept: "" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podLabels: {} # podSecurityContext: # set user id for k8s, set null for openshift # runAsUser: 1000 # runAsGroup: 1000 # fsGroup: 1000 securityContext: allowPrivilegeEscalation: false # NOTE: readOnlyRootFilesystem should be left to false # readOnlyRootFilesystem: false #runAsNonRoot: true service: type: ClusterIP ports: ui: port: 8040 protocol: TCP ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local # OpenShift configuration route: enabled: true targetPort: "{{ .Values.aga.service.ports.ui.port }}" ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html tls: enabled: true termination: passthrough insecureEdgeTerminationPolicy: Redirect key: caCertificate: certificate: destinationCACertificate: # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers// resources: {} # limits: # memory: "2048Mi" # cpu: "1000m" # requests: # memory: "1Gi" # cpu: "250m" autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} #extraInitContainers: # - name: extra # image: "docker.io/busybox:1.34" # command: [] # resources: # limits: # memory: "500Mi" # cpu: 0.5 # securityContext: # allowPrivilegeEscalation: false # runAsNonRoot: true extraEnvVars: [] # - name: MY_ENV_VARIABLE # value: "true" livenessProbe: httpGet: httpHeaders: - name: k8sprobe value: liveness.apimgr path: /healthcheck port: 8040 scheme: HTTPS initialDelaySeconds: 40 periodSeconds: 30 failureThreshold: 5 readinessProbe: httpGet: httpHeaders: - name: k8sprobe value: readiness.apimgr path: /healthcheck port: 8040 scheme: HTTPS initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 6 #extraVolumeMounts: #- name: events # mountPath: /opt/Axway/apigateway/logs/events #extraVolumes: #- persistentVolumeClaim: # claimName: events # name: events extraVolumeMounts: - name: aga-external-config mountPath: /merge extraVolumes: - persistentVolumeClaim: claimName: aga-external-config name: aga-external-config apiportal: enabled: false replicaCount: 1 updateStrategy: # RollingUpdate or Recreate type: "" # If RollingUpdate rollingUpdate: maxSurge: 2 maxUnavailable: 0 image: # an image reference is specified by registry/repository:tag, # for instance registry=docker.io, repository=library/alpine, tag=3.15 # if registry is left empty, global.defaultRegistry will be used registry: "" repository: "" # Overrides the image tag whose default is the chart appVersion. tag: "" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" service: type: ClusterIP ports: target: port: 8443 https: port: 8443 protocol: TCP http: port: 8080 protocol: TCP force: port: 443 protocol: TCP ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local # OpenShift configuration route: enabled: true targetPort: "{{ .Values.apiportal.service.ports.http.port }}" ## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html tls: enabled: true termination: edge insecureEdgeTerminationPolicy: Redirect key: caCertificate: certificate: destinationCACertificate: apiManager: configured: 1 name: Main # host: "" # port: 8075 # database settings for API Portal, also check the instance settings in global section mysql: enabled: true # if the credentials are already available in a secret, set existingSecret existingSecret: {} # name: "mysql-credentials" # keyMapping: # password: portalPasswordKey # username: portalPasswordKey # else, set username and password, this will create a new secret username: "" password: "" # if it doesn't exist, a database with this name will be created by the app databaseName: "portal" sslOn: 0 sslVerifyCert: 0 redis: enabled: false host: "" port: 6379 cacheTimeout: 600 apache: sslOn: 0 #extraInitContainers: # - name: extra # image: "docker.io/busybox:1.34" # command: [] # resources: # limits: # memory: "500Mi" # cpu: 0.5 # securityContext: # allowPrivilegeEscalation: false # runAsNonRoot: true extraEnvVars: [] # - name: MY_ENV_VARIABLE # value: "true" podAnnotations: {} podLabels: {} # podSecurityContext: # runAsUser: 1048 # runAsGroup: 1048 # fsGroup: 1048 securityContext: allowPrivilegeEscalation: false #runAsNonRoot: true # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: {} # limits: # memory: "2048Mi" # cpu: "1000m" # requests: # memory: "1Gi" # cpu: "250m" t4_downloaded: 1 storage: # if provisioningType=static, a template will be created for the PV, # if provisioningType=dynamic (default), a storage class is used, and PV doesn't require a template provisioningType: "dynamic" classes: nfs volumes: - enabled: false # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character name: "enckey" usedBy: - portal capacity: 3Mi accessModes: - ReadWriteMany mountPath: "/opt/axway/apiportal/enckey" # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName # storageClassName: "" # for static provisioning, the persistent volume will be created based on these specs persistentVolume: # CSI driver, for example efs.csi.aws.com csiDriver: "" # volume handle volumeHandle: "" # reclaim policy, what happens to the storage when the PVC is deleted reclaimPolicy: Delete - enabled: false # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character name: "images" usedBy: - portal capacity: 100Mi accessModes: - ReadWriteMany mountPath: "/opt/axway/apiportal/htdoc/images" # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName # storageClassName: "" - enabled: false # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character name: "language" usedBy: - portal capacity: 10Mi accessModes: - ReadWriteMany mountPath: "/opt/axway/apiportal/htdoc/language" # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName # storageClassName: "" - enabled: false # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character name: "templates" usedBy: - portal capacity: 100Mi accessModes: - ReadWriteMany mountPath: "/opt/axway/apiportal/htdoc/templates" # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName # storageClassName: "" - enabled: false # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character name: "admlanguage" usedBy: - portal capacity: 10Mi accessModes: - ReadWriteMany mountPath: "/opt/axway/apiportal/htdoc/administrator/admlanguage" # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName # storageClassName: "" - enabled: false # must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character name: "certs" usedBy: - portal capacity: 10Mi accessModes: - ReadWriteMany mountPath: "/opt/axway/apiportal/htdoc/administrator/components/com_apiportal/assets/cert" # if storageClassName is not set, it will default to the one specified in global.storage.storageClassName # storageClassName: "" tests: images: curl: registry: docker.io repository: "curlimages/curl" # leave empty for "latest" or specify an immutable tag tag: "" # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: {} # limits: # cpu: 100m # memory: 50Mi # requests: # cpu: 100m # memory: 50Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true #runAsNonRoot: true serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" ## Configuration for v7-discovery subchart discovery-agent: # Deploy the discovery agent enabled: false ## Configuration for v7-traceability subchart traceability-agent: ## Deploy the traceability agent enabled: false