cscott/apigateway-ocp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
87db1a9aab01425bc5b6c82c6a80b6eaa28e4fe5
apigateway-ocp/values-override.yaml
Conan Scott 87db1a9aab Added scripts for adding and removing static PVs using nfs-csi 
Altered values-override to use nfs-csi for static PVs
2025-11-14 18:36:05 +08:00

664 lines
19 KiB
YAML
Raw Blame History

nameOverride: gateway
global:
domainName: apilab.us
defaultRegistry: docker.repository.axway.com/apigateway-docker-prod/7.7
imagePullPolicy: Always
imagePullSecrets:
- name: regcred
storage:
provisioningType: "dynamic"
storageClassName: "nfs"
volumes:
- name: events
enabled: true
usedBy:
- anm
- apimgr
- traffic
accessModes:
- ReadWriteMany
capacity: 1Gi
volumeName: apim-events
storageClassName: nfs-csi
- name: payloads
enabled: true
usedBy:
- traffic
storageClassName: nfs-csi
accessModes:
- ReadWriteOnce
capacity: 16Gi
volumeName: apim-payloads
- name: audit
enabled: true
usedBy:
- anm
- apimgr
- traffic
storageClassName: nfs-csi
accessModes:
- ReadWriteMany
capacity: 1Gi
volumeName: apim-audit
- name: anm-external-config
enabled: true
usedBy:
- anm
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: apimgr-external-config
enabled: true
usedBy:
- apimgr
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: apitraffic-external-config
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: aga-external-config
enabled: true
usedBy:
- traffic
accessModes:
- ReadWriteOnce
capacity: 8Mi
- name: opentraffic
enabled: true
usedBy:
- traffic
- anm
- apimgr
storageClassName: nfs-csi
accessModes:
- ReadWriteOnce
capacity: 8Gi
volumeName: apim-opentraffic
initContainers:
securityContext:
runAsNonRoot: true
database:
host: mysql.metrics.svc.cluster.local
metrics:
enabled: false
username: "root"
password: "password"
sslMode: "NONE"
url: jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}
cassandra:
enabled: true
hosts:
- variable: CASS_HOST
hostname: cassandra.cassandra.svc.cluster.local
username: cassandra
password: cassandra
keyspace: ks
tkeyspace: tks
anm:
image:
repository: "admin-nodemanager"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
resources:
limits:
memory: "2048Mi"
cpu: "1000m"
requests:
memory: "1Gi"
cpu: "250m"
securityContext:
runAsNonRoot: true
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
# className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: anm.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: anm-tls
# hosts:
# - anm.apilab.us
#service:
# port: 8091
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
- name: events
mountPath: /opt/Axway/apigateway/events
- name: audit
mountPath: /opt/Axway/apigateway/logs
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
- name: API_BUILDER_URL
value: "https://axway-elk-apim4elastic-apibuilder4elastic.apim4elastic:8443"
apimgr:
name: apimgr
image:
repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
groupId: Group1
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
securityContext:
runAsNonRoot: true
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
#className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: apimgr.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: apimgr-tls
# hosts:
# - apimgr.apilab.us
#service:
# port: 8075
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
- name: apimgr-external-config
mountPath: /merge
- name: opentraffic
mountPath: /opt/Axway/apigateway/logs/opentraffic
- name: audit
mountPath: /opt/Axway/apigateway/logs/transaction
extraVolumes:
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: apimgr-external-config
name: apimgr-external-config
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Wed, 30 Apr 2025 16:21:51 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233
# SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548
# SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69
# SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6
# SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd
# SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e
# SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8
# SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6
apitraffic:
image:
repository: "gateway"
tag: "7.7.0.20240228-1-BN0065-ubi9"
generalConditions:
accept: "yes"
groupId: Group1
resources:
limits:
memory: "2Gi"
cpu: 2
requests:
memory: "0.5Gi"
cpu: 0.5
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 6
targetCPUUtilizationPercentage: 80
replicaCount: 2
securityContext:
runAsNonRoot: true
oauth:
enabled: true
type: ClusterIP
port: 8089
protocol: TCP
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
#className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: oauth.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: oauth-tls
# hosts:
# - oauth.apilab.us
#ingress:
# enabled: true
#className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: apitraffic.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: apitraffic-tls
# hosts:
# - apitraffic.apilab.us
service:
port: 8065
extraVolumeMounts:
- name: events
mountPath: /opt/Axway/apigateway/events
- name: apitraffic-external-config
mountPath: /merge
- name: opentraffic
mountPath: /opt/Axway/apigateway/logs/opentraffic
- name: payloads
mountPath: /opt/Axway/apigateway/logs/payloads
- name: audit
mountPath: /opt/Axway/apigateway/logs/transaction
extraVolumes:
- persistentVolumeClaim:
claimName: events
name: events
- persistentVolumeClaim:
claimName: apitraffic-external-config
name: apitraffic-external-config
- persistentVolumeClaim:
claimName: payloads
name: payloads
- persistentVolumeClaim:
claimName: opentraffic
name: opentraffic
- persistentVolumeClaim:
claimName: audit
name: audit
extraEnvVars:
- name: EMT_HEALTHCHECK_PORT
value: "8065"
- name: EMT_HEALTHCHECK_PATH
value: /healthcheck
- name: GW_DIR
value: /opt/Axway/apigateway
- name: GW_TRACE_DIR
value: /opt/Axway/apigateway/groups/topologylinks/emt-group-emt-service/trace
- name: EMT_TOPOLOGY_TTL
value: "10"
- name: APIGW_LOG_OPENTRAFFIC_OUTPUT
value: "file"
- name: EMT_DEPLOYMENT_ENABLED
value: "true"
- name: ENV_SECRET_EXAMPLE
valueFrom:
secretKeyRef:
name: apim-gateway-cassandra
key: username
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Wed, 30 Apr 2025 16:21:51 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233
# SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548
# SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69
# SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6
# SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd
# SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e
# SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8
# SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6
apiportal:
enabled: false
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: docker.repository.axway.com/apiportal-docker-prod/7.7
repository: "apiportal"
tag: "7.7.20240228-BN1285"
generalConditions:
accept: "yes"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
service:
type: ClusterIP
ports:
# target:
# port: 8443
# https:
# port: 8443
# protocol: TCP
http:
port: 8080
protocol: TCP
force:
port: 8080
protocol: TCP
# OpenShift configuration
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
#ingress:
# enabled: true
# className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/ingress.class: "nginx"
# kubernetes.io/tls-acme: "true"
# cert-manager.io/cluster-issuer: "letsencrypt-issuer"
#hosts:
# - host: portal.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: apiportal-tls
# hosts:
# - portal.apilab.us
apiManager:
configured: 1
name: Main
host: "apimgr.apilab.us"
port: 443
# database settings for API Portal, also check the instance settings in global section
mysql:
enabled: false
# if the credentials are already available in a secret, set existingSecret
existingSecret: {}
# name: "mysql-credentials"
# keyMapping:
# password: password
# username: root
# else, set username and password, this will create a new secret
username: "root"
password: "password"
# if it doesn't exist, a database with this name will be created by the app
databaseName: "portal"
sslOn: 0
sslVerifyCert: 0
redis:
enabled: false
host: ""
port: 6379
cacheTimeout: 600
apache:
sslOn: 0
extraEnvVars: []
# podSecurityContext:
# runAsUser: 1048
# runAsGroup: 1048
# fsGroup: 1048
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
aga:
enabled: false
license:
license.lic: |
FIPS=1
SalesForce Connector=1
ServiceNow Connector=1
analytics=1
api_visual_mapper=1
apiportal=1
company=Axway
deployment_type=docker
expires=Wed, 30 Apr 2025 16:21:51 GMT
license_id=TEMP
mcafee=1
name=Axway
sdkgenerator=1
unrestricted=1
version=7.7
# SIGNATURE: 41dc0bb17867d8d62f2f6cb85c6129e1ff3e732fffda24116eb53cf7fcdba233
# SIGNATURE: 95c752a8cead778a11d997c624eca0d7e9b03b869b9a1ed169e016a9242f5548
# SIGNATURE: 943409c27b0376410ef06a1e7d67a19f210f5c68e30e1174630dbb7bddc06f69
# SIGNATURE: f2208e6a042ecf759388faec92335dd43ecaa96f5c7abd1ec0c23217fd08f7b6
# SIGNATURE: f62af5300b3884ceaa1ca7d459095f53a8980628d44344e02dd1fde2276c07cd
# SIGNATURE: 2f92a9d70d72e3ce9048ad6da4d18bab4923fe30a631d8dd751c4de9647e0a5e
# SIGNATURE: 1454756c50dccc40eb4b8475cd9b87e6c262fae732af6181addb34b41588bbc8
# SIGNATURE: e6c085116c1aca0174145d016459ee0843c437d05d4e270113703644b1ec75d6
replicaCount: 1
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
repository: "analytics"
tag: "7.7.0.20240228-1-BN0065-ubi9"
# Overrides the image tag whose default is the chart appVersion.
generalConditions:
accept: "yes"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
extraEnvVars:
- name: ACCEPT_GENERAL_CONDITIONS
value: "yes"
podAnnotations: {}
podSecurityContext: {}
securityContext:
allowPrivilegeEscalation: false
#NOTE readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
runAsNonRoot: true
service:
type: ClusterIP
ports:
ui:
port: 8040
protocol: TCP
#ingress:
# enabled: true
#className: "nginx"
#annotations:
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
#nginx.ingress.kubernetes.io/ssl-passthrough: "true"
#nginx.ingress.kubernetes.io/ssl-redirect: "true"
#nginx.ingress.kubernetes.io/secure-backends: "true"
#nginx.ingress.kubernetes.io/ingress.class: "nginx"
#kubernetes.io/tls-acme: "true"
#cert-manager.io/cluster-issuer: "letsencrypt-issuer"
# kubernetes.io/i:ngress.class: nginx
#kubernetes.io/tls-acme: "true"
#hosts:
# - host: analytics.apilab.us
# paths:
# - path: /
# pathType: ImplementationSpecific
#tls:
# - secretName: analytics-tls
# hosts:
# - analytics.apilab.us
# OpenShift configuration
route:
enabled: true
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-dns01-cloudflare
# targetPort: "{{ .Values.aga.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html
# tls:
# enabled: true
# termination: passthrough
# insecureEdgeTerminationPolicy: Redirect
# key:
# caCertificate:
# certificate:
# destinationCACertificate:
# ref: https://kubernetes.io/docs/user-guide/compute-resources/
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
#targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
Reference in New Issue View Git Blame Copy Permalink