cscott/apigateway-ocp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b162efd9b89c368f0231d1a9a78ba147a727bcdd
apigateway-ocp/apigateway/values.yaml
Conan Scott 555c441ad1 Updated to 7.7.0.20250830-3-BN0276-ubi 
Updated ANM destinationCertCA for 7.7.0.20250830-3-BN0276-ubi
2025-11-20 15:56:45 +08:00

1252 lines
38 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Structural changes to this file should be reflected in values.schema.yaml
#
# Sample values for different use cases are available in the samples folder
# override for the name of the chart
nameOverride: ""
# override for the fully qualified name
fullnameOverride: ""
# global values that can be read by all components of the APIM solution
global:
# if apimVersion is not set, the appVersion in Chart.yaml will be used
apimVersion: ""
# domain used in the ingresses or routes
domainName: ""
# NOTE: if not using the default domain certs set domainId to the Unique ID (or Common Name) that was used to create custom domain certs
domainId: ""
# default docker registry
defaultRegistry: ""
imagePullSecrets: []
imagePullPolicy: IfNotPresent
initContainers:
image: "docker.io/busybox:1.34"
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
updateStrategy:
# RollingUpdate or Recreate
type: RollingUpdate
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
storage:
# static (a template will be created for the PV),
# or dynamic (default, a storage class is used, and PV doesnt' require a template)
provisioningType: "dynamic"
# for dynamic provisioning, the persistent volume will be created based
# on the storage class specs
# global storage class name, will be used by all volumes not overriding it
# leave empty for static provisioning
# can be the name of a storage class specified in `classes` below, or an external one
storageClassName: ""
# storage class managed by this chart
classes: []
# - name: ""
# # provisioner (CSI driver), example: efs.csi.aws.com
# provisioner: ""
# allowVolumeExpansion: true
# mountOptions: []
# # storage class parameters to use if create is true
# parameters: {}
# # example
# # provisioningMode: "efs-ap"
# # fileSystemId: "fs-05d1bd09462e124d8"
# # directoryPerms: "770"
volumes:
- name: events
enabled: false
accessModes:
- ReadWriteMany
# storage request, if provisioner is elastic, leave it to 1Mi
capacity: 1Mi
# for dynamic provisioning, the persistent volume will be created based
# on the storage class specs
# if the storage class name is set for the volume, it will override the one defined
# in global.storage.storageClassName
# examples: azurefile-premium, efs-sc
# leave empty for static provisioning
# can be a storage class defined above, or an external one
# storageClassName: ""
# for static provisioning, the persistent volume will be created based on these specs
persistentVolume:
# CSI driver, for example efs.csi.aws.com
csiDriver: ""
# volume handle
# EFS: FS_ID::AP_ID
volumeHandle: ""
# reclaim policy, what happens to the storage when the PVC is deleted
# Delete or Retain
reclaimPolicy: Delete
- name: gw-external-config
enabled: true
accessModes:
- ReadWriteMany
# storage request, if provisioner is elastic, leave it to 1Mi
capacity: 1Mi
# for dynamic provisioning, the persistent volume will be created based
# on the storage class specs
# if the storage class name is set for the volume, it will override the one defined
# in global.storage.storageClassName
# examples: azurefile-premium, efs-sc
# leave empty for static provisioning
# can be a storage class defined above, or an external one
# storageClassName: "nfs-client"
# for static provisioning, the persistent volume will be created based on these specs
persistentVolume:
# CSI driver, for example efs.csi.aws.com
csiDriver: ""
# volume handle
# EFS: FS_ID::AP_ID
volumeHandle: ""
# reclaim policy, what happens to the storage when the PVC is deleted
# Delete or Retain
reclaimPolicy: Delete
- name: aga-external-config
enabled: true
accessModes:
- ReadWriteMany
# storage request, if provisioner is elastic, leave it to 1Mi
capacity: 1Mi
# for dynamic provisioning, the persistent volume will be created based
# on the storage class specs
# if the storage class name is set for the volume, it will override the one defined
# in global.storage.storageClassName
# examples: azurefile-premium, efs-sc
# leave empty for static provisioning
# can be a storage class defined above, or an external one
# storageClassName: "nfs-client"
# for static provisioning, the persistent volume will be created based on these specs
persistentVolume:
# CSI driver, for example efs.csi.aws.com
csiDriver: ""
# volume handle
# EFS: FS_ID::AP_ID
volumeHandle: ""
# reclaim policy, what happens to the storage when the PVC is deleted
# Delete or Retain
reclaimPolicy: Delete
- name: anm-external-config
enabled: true
accessModes:
- ReadWriteMany
# storage request, if provisioner is elastic, leave it to 1Mi
capacity: 1Mi
# for dynamic provisioning, the persistent volume will be created based
# on the storage class specs
# if the storage class name is set for the volume, it will override the one defined
# in global.storage.storageClassName
# examples: azurefile-premium, efs-sc
# leave empty for static provisioning
# can be a storage class defined above, or an external one
# storageClassName: "nfs-client"
# for static provisioning, the persistent volume will be created based on these specs
persistentVolume:
# CSI driver, for example efs.csi.aws.com
csiDriver: ""
# volume handle
# EFS: FS_ID::AP_ID
volumeHandle: ""
# reclaim policy, what happens to the storage when the PVC is deleted
# Delete or Retain
reclaimPolicy: Delete
# Database server instance used for metrics and for API Portal
database:
# templating available
# host: example-mysql.{{ .Values.global.domainName }}
host: ""
port: 3306
# database name for the metrics, used by gateway components
metrics:
enabled: false
# a database with this name has to be created in the MySQL instance as a prerequisite
databaseName: metrics
# 8.0.12 and earlier, useSSL is a string, verifyServerCertificate is a boolean value
useSSL: "false"
# verifyServerCertificate: true
# 8.0.13 and later: Server Certificate Verification is enabled when the sslMode property is set to VERIFY_CA or VERIFY_IDENTITY
# sslMode: "NONE"
# MySQL JDBC URL
url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}"
# additional QueryString parameters in jdbc url can be added as shown below
# encoding: "UTF-8"
# url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}&{{ .Values.global.database.metrics.encoding }}"
# if the credentials are already available in a secret, set existingSecret
existingSecret: {}
# name: "mysql-credentials"
# keyMapping:
# password: metricsDbPasswordKey
# username: metricsDbUsernameKey
# else, set username and password, this will create a new secret
username: ""
password: ""
# portal database is only used by the portal pods, so it's configuration is in the apiportal section
# cassandra connection configuration
cassandra:
enabled: false
# if the credentials are already available in a secret, set existingSecret
# if not, set username and password
existingSecret: {}
# name: cassandra
# keyMapping:
# username: myCassandraUsernameKey
# password: myCassandraPasswordKey
# list of hostnames and name of the env var passed to the gateway image,
# the variable name should be consistent with the content of the FED
hosts: []
## single cassandra node, or service of a containerized cassandra:
# - variable: CASS_HOST
# hostname: cassandra.cassandra
## multi node cassandra:
# - variable: CASS_HOST_1
# hostname: cassandra-1
# - variable: CASS_HOST_2
# hostname: cassandra-2
# - variable: CASS_HOST_3
# hostname: cassandra-3
username: ""
password: ""
port: 9042
# templating available
# keyspace: keyspace-{{ .Values.global.domainID }}
# tkeyspace: tkeyspace-{{ .Values.global.domainID }}
keyspace: ""
tkeyspace: ""
# Set the domain key passphrase. If passphrase is blank, do not set.
# domainkeypassphrase:
# passphrase: ""
tests:
images:
curl:
registry: docker.io
repository: "curlimages/curl"
# leave empty for "latest" or specify an immutable tag
tag: ""
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# cpu: 100m
# memory: 50Mi
# requests:
# cpu: 100m
# memory: 50Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
anm:
# a single replica is the only supported value for ANM
enabled: true
replicaCount: 1
updateStrategy:
# RollingUpdate or Recreate
type: ""
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: ""
repository: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Accept general conditions on the image by setting accept to yes
generalConditions:
accept: ""
# Enables FIPS mode
FIPS:
enabled: false
logs:
trace:
# FATAL, ERROR, INFO, DEBUG, DATA
level: INFO
# Write trace logs to file on disk
disk: true
# Write trace logs to stdout in JSON Format
stdoutJSON: false
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext:
# set user id for k8s, set null for openshift
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
# NOTE: readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
runAsNonRoot: true
service:
type: ClusterIP
ports:
traffic:
port: 8090
protocol: TCP
ui:
port: 8091
protocol: TCP
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
#set if extra ANM ingress required
extraIngress:
enabled: false
# OpenShift configuration
route:
enabled: true
targetPort: "{{ .Values.anm.service.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html
tls:
enabled: true
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
# JVM Heap Size in MB
jvmHeapSize: "1024"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 1
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
#extraInitContainers:
# - name: extra
# image: "docker.io/busybox:1.34"
# command: []
# resources:
# limits:
# memory: "500Mi"
# cpu: 0.5
# securityContext:
# allowPrivilegeEscalation: false
# runAsNonRoot: true
extraEnvVars: []
# - name: MY_ENV_VARIABLE
# value: "true"
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.anm
path: /healthcheck
port: 8091
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.anm
path: /healthcheck
port: 8091
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
# extraVolumeMounts:
# - name: events
# mountPath: /opt/Axway/apigateway/logs/events
# extraVolumes:
# - persistentVolumeClaim:
# claimName: events
# name: events
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
apimgr:
enabled: true
replicaCount: 1
updateStrategy:
# RollingUpdate or Recreate
type: ""
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: ""
repository: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Accept general conditions on the image by setting accept to yes
generalConditions:
accept: ""
groupId: "DefaultGroup"
# Enables FIPS mode
FIPS:
enabled: false
logs:
trace:
# FATAL, ERROR, INFO, DEBUG, DATA
level: INFO
# Write trace logs to file on disk
disk: true
# Write trace logs to stdout in JSON Format
stdoutJSON: false
opentraffic:
# none, file or stdout
output: stdout
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext:
# set user id for k8s, set null for openshift
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
# NOTE: readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
runAsNonRoot: true
service:
type: ClusterIP
ports:
ui:
port: 8075
protocol: TCP
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
#set if extra API Manager ingress required
extraIngress:
enabled: false
# OpenShift configuration
route:
enabled: true
targetPort: "{{ .Values.apimgr.service.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html
tls:
enabled: true
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# memory: "2Gi"
# cpu: 2
# requests:
# memory: "0.5Gi"
# cpu: 0.5
# JVM Heap Size in MB
jvmHeapSize: "1512"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
#extraInitContainers:
# - name: extra
# image: "docker.io/busybox:1.34"
# command: []
# resources:
# limits:
# memory: "500Mi"
# cpu: 0.5
# securityContext:
# allowPrivilegeEscalation: false
# runAsNonRoot: true
extraEnvVars: []
# - name: MY_ENV_VARIABLE
# value: "true"
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apimgr
path: /healthcheck
port: 8075
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apimgr
path: /healthcheck
port: 8075
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
# extraVolumeMounts:
# - name: events
# mountPath: /opt/Axway/apigateway/logs/events
# - name: opentraffic
# mountPath: /opt/Axway/apigateway/logs/opentraffic
# extraVolumes:
# - persistentVolumeClaim:
# claimName: events
# name: events
# - persistentVolumeClaim:
# claimName: opentraffic
# name: opentraffic
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
license:
license.lic: |
# FIPS=1
# Mock Connector=1
# SalesForce Connector=1
# ServiceNow Connector=1
# analytics=1
# api_visual_mapper=1
# apiportal=1
# expires=Sun, 05 May 2025 00:00:00 GMT
# mcafee=1
# mobile integration=1
# unrestricted=1
# # SIGNATURE: abc123
apitraffic:
enabled: true
replicaCount: 1
updateStrategy:
# RollingUpdate or Recreate
type: ""
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: ""
repository: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Accept general conditions on the image by setting accept to yes
generalConditions:
accept: ""
groupId: "DefaultGroup"
# Enables FIPS mode
FIPS:
enabled: false
logs:
trace:
# FATAL, ERROR, INFO, DEBUG or DATA
level: INFO
# Write trace logs to file on disk
disk: true
# Write trace logs to stdout in JSON Format
stdoutJSON: false
opentraffic:
# none, file or stdout
output: stdout
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext:
# set user id for k8s, set null for openshift
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
# NOTE: readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
runAsNonRoot: true
service:
type: ClusterIP
ports:
traffic:
port: 8065
protocol: TCP
oauth:
enabled: true
type: ClusterIP
port: 8089
protocol: TCP
route:
enabled: true
targetPort: "{{ .Values.apitraffic.oauth.port }}"
tls:
enabled: true
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
#oauth ingress
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
#apitraffic ingress
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
#set if extra apitraffic ingress required
extraIngress:
enabled: false
# OpenShift configuration
route:
enabled: true
targetPort: "{{ .Values.apitraffic.service.ports.traffic.port }}"
## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html
tls:
enabled: true
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# memory: "2Gi"
# cpu: 2
# requests:
# memory: "0.5Gi"
# cpu: 0.5
# JVM Heap Size in MB
jvmHeapSize: "1512"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
#extraInitContainers:
# - name: extra
# image: "docker.io/busybox:1.34"
# command: []
# resources:
# limits:
# memory: "500Mi"
# cpu: 0.5
# securityContext:
# allowPrivilegeEscalation: false
# runAsNonRoot: true
extraEnvVars: []
# - name: MY_ENV_VARIABLE
# value: "true"
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apitraffic
path: /healthcheck
port: 8065
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apitraffic
path: /healthcheck
port: 8065
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
# extraVolumeMounts:
# - name: events
# mountPath: /opt/Axway/apigateway/logs/events
# - name: opentraffic
# mountPath: /opt/Axway/apigateway/logs/opentraffic
# extraVolumes:
# - persistentVolumeClaim:
# claimName: events
# name: events
# - persistentVolumeClaim:
# claimName: opentraffic
# name: opentraffic
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
license:
license.lic: |
# FIPS=1
# Mock Connector=1
# SalesForce Connector=1
# ServiceNow Connector=1
# analytics=1
# api_visual_mapper=1
# apiportal=1
# expires=Sun, 05 May 2025 00:00:00 GMT
# mcafee=1
# mobile integration=1
# unrestricted=1
# # SIGNATURE: abc123
aga:
enabled: false
replicaCount: 1
updateStrategy:
# RollingUpdate or Recreate
type: ""
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: ""
repository: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Accept general conditions on the image by setting accept to yes
generalConditions:
accept: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext:
# set user id for k8s, set null for openshift
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
# NOTE: readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
runAsNonRoot: true
service:
type: ClusterIP
ports:
ui:
port: 8040
protocol: TCP
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
#set if extra Analytics(aga) ingress required
extraIngress:
enabled: false
# OpenShift configuration
route:
enabled: true
targetPort: "{{ .Values.aga.service.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html
tls:
enabled: true
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers//
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
#extraInitContainers:
# - name: extra
# image: "docker.io/busybox:1.34"
# command: []
# resources:
# limits:
# memory: "500Mi"
# cpu: 0.5
# securityContext:
# allowPrivilegeEscalation: false
# runAsNonRoot: true
extraEnvVars: []
# - name: MY_ENV_VARIABLE
# value: "true"
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
#extraVolumeMounts:
#- name: events
# mountPath: /opt/Axway/apigateway/logs/events
#extraVolumes:
#- persistentVolumeClaim:
# claimName: events
# name: events
extraVolumeMounts:
- name: aga-external-config
mountPath: /merge
extraVolumes:
- persistentVolumeClaim:
claimName: aga-external-config
name: aga-external-config
apiportal:
enabled: false
replicaCount: 1
updateStrategy:
# RollingUpdate or Recreate
type: ""
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: ""
repository: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
service:
type: ClusterIP
ports:
target:
port: 8443
https:
port: 8443
protocol: TCP
http:
port: 8080
protocol: TCP
force:
port: 443
protocol: TCP
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
#set if extra Apiportal ingress required
extraIngress:
enabled: false
# OpenShift configuration
route:
enabled: true
targetPort: "{{ .Values.apiportal.service.ports.http.port }}"
## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html
tls:
enabled: true
termination: edge
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
apiManager:
configured: 1
name: Main
# host: ""
# port: 8075
# database settings for API Portal, also check the instance settings in global section
mysql:
# if the credentials are already available in a secret, set existingSecret
existingSecret: {}
# name: "mysql-credentials"
# keyMapping:
# password: portalDbPasswordKey
# username: portalDbUsernameKey
# else, set username and password, this will create a new secret
username: ""
password: ""
# With empty host the value from global section will be used
host: ""
port: "{{ .Values.global.database.port }}"
# if it doesn't exist, a database with this name will be created by the app
databaseName: "portal"
# When mysql ssl is enabled, a k8s tls secret must be created, named 'mysql-certs':
# kubectl create secret tls mysql-certs --cert=mysql-cert.pem --key=mysql-key.pem
sslOn: 0
sslVerifyCert: 0
redis:
enabled: false
host: ""
port: 6379
cacheTimeout: 600
apache:
# When apache ssl is enabled, a k8s tls secret must be created, named 'apache':
# kubectl create secret tls apache --cert=apache-cert.pem --key=apache-key.pem
sslOn: 0
#extraInitContainers:
# - name: extra
# image: "docker.io/busybox:1.34"
# command: []
# resources:
# limits:
# memory: "500Mi"
# cpu: 0.5
# securityContext:
# allowPrivilegeEscalation: false
# runAsNonRoot: true
extraEnvVars: []
# - name: MY_ENV_VARIABLE
# value: "true"
podAnnotations: {}
podLabels: {}
podSecurityContext:
runAsUser: 1048
runAsGroup: 1048
fsGroup: 1048
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
#
# Flag indicating that the user has downloaded
# their own copy of the T4 Page Builder component from Joomlart
# (https://www.joomlart.com/member/downloads/joomlart/t4/t4-page-builder).
# Joomlart require registration prior to free download.
# Valid values: 0 or 1
t4_downloaded: 1
storage:
# if provisioningType=static, a template will be created for the PV,
# if provisioningType=dynamic (default), a storage class is used, and PV doesn't require a template
provisioningType: "dynamic"
classes: []
volumes:
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "enckey"
usedBy:
- portal
capacity: 3Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/enckey"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
# for static provisioning, the persistent volume will be created based on these specs
persistentVolume:
# CSI driver, for example efs.csi.aws.com
csiDriver: ""
# volume handle
volumeHandle: ""
# reclaim policy, what happens to the storage when the PVC is deleted
reclaimPolicy: Delete
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "images"
usedBy:
- portal
capacity: 100Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/htdoc/images"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "language"
usedBy:
- portal
capacity: 10Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/htdoc/language"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "templates"
usedBy:
- portal
capacity: 100Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/htdoc/templates"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "admlanguage"
usedBy:
- portal
capacity: 10Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/htdoc/administrator/admlanguage"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "certs"
usedBy:
- portal
capacity: 10Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/htdoc/administrator/components/com_apiportal/assets/cert"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
cronjob:
# If enabled a cronjob will be created which runs according to the schedule you set and removes event files
enabled: false
# Schedule - i.e how often to run the cronjob to purge the event log files
# * * * * *
# | | | | |
# | | | | day of the week (06) (Sunday to Saturday) * means every day
# | | | month of the year (112); * means every month
# | | day of the month (131); "*/n" means every n days;* means all days
# | hour of the day (023); * means every hours
# minute of the hour (059); "*/n" means every n minutes; * means every minute
# further details here: https://en.wikipedia.org/wiki/Cron
# By default the schedule is set to run every 60 minutes
schedule: "*/60 * * * *"
# When purging remove files older than the number of days set in older_than. Set to 30 days by default
older_than: 30
# If the schedule is frequent then the number of jobs will build up. job_ttl allows these to be cleaned up
# Number of seconds a job should live after it is finished. Default is 3600 which matches the default
# schedule interval
job_ttl: 3600
# image defaults to init container image which is docker.io/busybox:1.34 but can be overwritten
image: ""
# claimName defaults to events - i.e the claimName used to store events
claimName: events
nodeSelector: {}
tolerations: []
affinity: {}
tests:
images:
curl:
registry: docker.io
repository: "curlimages/curl"
# leave empty for "latest" or specify an immutable tag
tag: ""
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# cpu: 100m
# memory: 50Mi
# requests:
# cpu: 100m
# memory: 50Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
## Configuration for v7-discovery subchart
discovery-agent:
# Deploy the discovery agent
enabled: false
## Configuration for v7-traceability subchart
traceability-agent:
## Deploy the traceability agent
enabled: false
Reference in New Issue View Git Blame Copy Permalink