cscott/apigateway-ocp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cfbb1ac1366fa3f4140569d8ea29da39d77cb2f6
apigateway-ocp/values.yaml
Conan Scott 99f425d503
Some checks failed
Helm Publish / publish (push) Failing after 4m21s
Details
Added scc script for sa 
disabled run as non root
disabled metrics
2025-12-12 18:04:33 +11:00

1193 lines
36 KiB
YAML
Raw Blame History

# Structural changes to this file should be reflected in values.schema.yaml
#
# Sample values for different use cases are available in the samples folder
# override for the name of the chart
nameOverride: ""
# override for the fully qualified name
fullnameOverride: ""
# global values that can be read by all components of the APIM solution
global:
# if apimVersion is not set, the appVersion in Chart.yaml will be used
apimVersion: ""
# domain used in the ingresses or routes
domainName: ""
# NOTE: if not using the default domain certs set domainId to the Unique ID (or Common Name) that was used to create custom domain certs
domainId: ""
# default docker registry
defaultRegistry: ""
imagePullSecrets: []
imagePullPolicy: IfNotPresent
initContainers:
image: "docker.io/busybox:1.34"
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
#runAsNonRoot: true
allowPrivilegeEscalation: false
updateStrategy:
# RollingUpdate or Recreate
type: RollingUpdate
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
storage:
# static (a template will be created for the PV),
# or dynamic (default, a storage class is used, and PV doesnt' require a template)
provisioningType: "dynamic"
# for dynamic provisioning, the persistent volume will be created based
# on the storage class specs
# global storage class name, will be used by all volumes not overriding it
# leave empty for static provisioning
# can be the name of a storage class specified in `classes` below, or an external one
storageClassName: ""
# storage class managed by this chart
classes: []
# - name: ""
# # provisioner (CSI driver), example: efs.csi.aws.com
# provisioner: ""
# allowVolumeExpansion: true
# mountOptions: []
# # storage class parameters to use if create is true
# parameters: {}
# # example
# # provisioningMode: "efs-ap"
# # fileSystemId: "fs-05d1bd09462e124d8"
# # directoryPerms: "770"
volumes:
- name: events
enabled: false
accessModes:
- ReadWriteMany
# storage request, if provisioner is elastic, leave it to 1Mi
capacity: 1Mi
# for dynamic provisioning, the persistent volume will be created based
# on the storage class specs
# if the storage class name is set for the volume, it will override the one defined
# in global.storage.storageClassName
# examples: azurefile-premium, efs-sc
# leave empty for static provisioning
# can be a storage class defined above, or an external one
# storageClassName: ""
# for static provisioning, the persistent volume will be created based on these specs
persistentVolume:
# CSI driver, for example efs.csi.aws.com
csiDriver: ""
# volume handle
# EFS: FS_ID::AP_ID
volumeHandle: ""
# reclaim policy, what happens to the storage when the PVC is deleted
# Delete or Retain
reclaimPolicy: Delete
- name: gw-external-config
enabled: true
accessModes:
- ReadWriteMany
# storage request, if provisioner is elastic, leave it to 1Mi
capacity: 1Mi
# for dynamic provisioning, the persistent volume will be created based
# on the storage class specs
# if the storage class name is set for the volume, it will override the one defined
# in global.storage.storageClassName
# examples: azurefile-premium, efs-sc
# leave empty for static provisioning
# can be a storage class defined above, or an external one
# storageClassName: "nfs"
# for static provisioning, the persistent volume will be created based on these specs
persistentVolume:
# CSI driver, for example efs.csi.aws.com
csiDriver: ""
# volume handle
# EFS: FS_ID::AP_ID
volumeHandle: ""
# reclaim policy, what happens to the storage when the PVC is deleted
# Delete or Retain
reclaimPolicy: Delete
- name: aga-external-config
enabled: true
accessModes:
- ReadWriteMany
# storage request, if provisioner is elastic, leave it to 1Mi
capacity: 1Mi
# for dynamic provisioning, the persistent volume will be created based
# on the storage class specs
# if the storage class name is set for the volume, it will override the one defined
# in global.storage.storageClassName
# examples: azurefile-premium, efs-sc
# leave empty for static provisioning
# can be a storage class defined above, or an external one
# storageClassName: "nfs"
# for static provisioning, the persistent volume will be created based on these specs
persistentVolume:
# CSI driver, for example efs.csi.aws.com
csiDriver: ""
# volume handle
# EFS: FS_ID::AP_ID
volumeHandle: ""
# reclaim policy, what happens to the storage when the PVC is deleted
# Delete or Retain
reclaimPolicy: Delete
- name: anm-external-config
enabled: true
accessModes:
- ReadWriteMany
# storage request, if provisioner is elastic, leave it to 1Mi
capacity: 1Mi
# for dynamic provisioning, the persistent volume will be created based
# on the storage class specs
# if the storage class name is set for the volume, it will override the one defined
# in global.storage.storageClassName
# examples: azurefile-premium, efs-sc
# leave empty for static provisioning
# can be a storage class defined above, or an external one
# storageClassName: "nfs"
# for static provisioning, the persistent volume will be created based on these specs
persistentVolume:
# CSI driver, for example efs.csi.aws.com
csiDriver: ""
# volume handle
# EFS: FS_ID::AP_ID
volumeHandle: ""
# reclaim policy, what happens to the storage when the PVC is deleted
# Delete or Retain
reclaimPolicy: Delete
# Database server instance used for metrics and for API Portal
database:
# templating available
# host: example-mysql.{{ .Values.global.domainName }}
host: ""
port: 3306
# database name for the metrics, used by gateway components
metrics:
enabled: false
# a database with this name has to be created in the MySQL instance as a prerequisite
databaseName: metrics
# 8.0.12 and earlier, useSSL is a string, verifyServerCertificate is a boolean value
useSSL: "false"
# verifyServerCertificate: true
# 8.0.13 and later: Server Certificate Verification is enabled when the sslMode property is set to VERIFY_CA or VERIFY_IDENTITY
# sslMode: "NONE"
# MySQL JDBC URL
url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}"
# additional QueryString parameters in jdbc url can be added as shown below
# encoding: "UTF-8"
# url: "jdbc:mysql://{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.metrics.databaseName }}?useSSL={{ default false .Values.global.database.metrics.useSSL }}&{{ .Values.global.database.metrics.encoding }}"
# if the credentials are already available in a secret, set existingSecret
existingSecret: {}
# name: "mysql-credentials"
# keyMapping:
# password: metricsDbPasswordKey
# username: metricsDbPasswordKey
# else, set username and password, this will create a new secret
username: ""
password: ""
# portal database is only used by the portal pods, so it's configuration is in the apiportal section
# cassandra connection configuration
cassandra:
enabled: false
# if the credentials are already available in a secret, set existingSecret
# if not, set username and password
existingSecret: {}
# name: cassandra
# keyMapping:
# username: myCassandraUsernameKey
# password: myCassandraPasswordKey
# list of hostnames and name of the env var passed to the gateway image,
# the variable name should be consistent with the content of the FED
hosts: []
## single cassandra node, or service of a containerized cassandra:
# - variable: CASS_HOST
# hostname: cassandra.cassandra
## multi node cassandra:
# - variable: CASS_HOST_1
# hostname: cassandra-1
# - variable: CASS_HOST_2
# hostname: cassandra-2
# - variable: CASS_HOST_3
# hostname: cassandra-3
username: ""
password: ""
port: 9042
# templating available
# keyspace: keyspace-{{ .Values.global.domainID }}
# tkeyspace: tkeyspace-{{ .Values.global.domainID }}
keyspace: ""
tkeyspace: ""
# Set the domain key passphrase. If passphrase is blank, do not set.
# domainkeypassphrase:
# passphrase: ""
tests:
images:
curl:
registry: docker.io
repository: "curlimages/curl"
# leave empty for "latest" or specify an immutable tag
tag: ""
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# cpu: 100m
# memory: 50Mi
# requests:
# cpu: 100m
# memory: 50Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
#runAsNonRoot: true
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
anm:
# a single replica is the only supported value for ANM
enabled: true
replicaCount: 1
updateStrategy:
# RollingUpdate or Recreate
type: ""
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: ""
repository: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Accept general conditions on the image by setting accept to yes
generalConditions:
accept: ""
# Enables FIPS mode
FIPS:
enabled: false
logs:
trace:
# FATAL, ERROR, INFO, DEBUG, DATA
level: INFO
# Write trace logs to file on disk
disk: true
# Write trace logs to stdout in JSON Format
stdoutJSON: true
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
# podSecurityContext:
# set user id for k8s, set null for openshift
# runAsUser: 1000
# runAsGroup: 1000
# fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
# NOTE: readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
#runAsNonRoot: true
service:
type: ClusterIP
ports:
traffic:
port: 8090
protocol: TCP
ui:
port: 8091
protocol: TCP
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# OpenShift configuration
route:
enabled: true
targetPort: "{{ .Values.anm.service.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html
tls:
enabled: true
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
# JVM Heap Size in MB
jvmHeapSize: "1024"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 1
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
#extraInitContainers:
# - name: extra
# image: "docker.io/busybox:1.34"
# command: []
# resources:
# limits:
# memory: "500Mi"
# cpu: 0.5
# securityContext:
# allowPrivilegeEscalation: false
# runAsNonRoot: true
extraEnvVars: []
# - name: MY_ENV_VARIABLE
# value: "true"
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.anm
path: /healthcheck
port: 8091
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.anm
path: /healthcheck
port: 8091
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
# extraVolumeMounts:
# - name: events
# mountPath: /opt/Axway/apigateway/logs/events
# extraVolumes:
# - persistentVolumeClaim:
# claimName: events
# name: events
extraVolumeMounts:
- name: anm-external-config
mountPath: /merge
extraVolumes:
- persistentVolumeClaim:
claimName: anm-external-config
name: anm-external-config
apimgr:
enabled: true
replicaCount: 1
updateStrategy:
# RollingUpdate or Recreate
type: ""
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: ""
repository: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Accept general conditions on the image by setting accept to yes
generalConditions:
accept: ""
groupId: "DefaultGroup"
# Enables FIPS mode
FIPS:
enabled: false
logs:
trace:
# FATAL, ERROR, INFO, DEBUG, DATA
level: INFO
# Write trace logs to file on disk
disk: true
# Write trace logs to stdout in JSON Format
stdoutJSON: true
opentraffic:
# none, file or stdout
output: file
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
#podSecurityContext:
# set user id for k8s, set null for openshift
# runAsUser: 1000
# runAsGroup: 1000
#fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
# NOTE: readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
#runAsNonRoot: true
service:
type: ClusterIP
ports:
ui:
port: 8075
protocol: TCP
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# OpenShift configuration
route:
enabled: true
targetPort: "{{ .Values.apimgr.service.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html
tls:
enabled: true
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# memory: "2Gi"
# cpu: 2
# requests:
# memory: "0.5Gi"
# cpu: 0.5
# JVM Heap Size in MB
jvmHeapSize: "1512"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
#extraInitContainers:
# - name: extra
# image: "docker.io/busybox:1.34"
# command: []
# resources:
# limits:
# memory: "500Mi"
# cpu: 0.5
# securityContext:
# allowPrivilegeEscalation: false
# runAsNonRoot: true
extraEnvVars: []
# - name: MY_ENV_VARIABLE
# value: "true"
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apimgr
path: /healthcheck
port: 8075
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apimgr
path: /healthcheck
port: 8075
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
# extraVolumeMounts:
# - name: events
# mountPath: /opt/Axway/apigateway/logs/events
# - name: opentraffic
# mountPath: /opt/Axway/apigateway/logs/opentraffic
# extraVolumes:
# - persistentVolumeClaim:
# claimName: events
# name: events
# - persistentVolumeClaim:
# claimName: opentraffic
# name: opentraffic
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
license:
license.lic: |
# FIPS=1
# Mock Connector=1
# SalesForce Connector=1
# ServiceNow Connector=1
# analytics=1
# api_visual_mapper=1
# apiportal=1
# expires=Sun, 05 May 2025 00:00:00 GMT
# mcafee=1
# mobile integration=1
# unrestricted=1
# # SIGNATURE: abc123
apitraffic:
enabled: true
replicaCount: 1
updateStrategy:
# RollingUpdate or Recreate
type: ""
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: ""
repository: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Accept general conditions on the image by setting accept to yes
generalConditions:
accept: ""
groupId: "DefaultGroup"
# Enables FIPS mode
FIPS:
enabled: false
logs:
trace:
# FATAL, ERROR, INFO, DEBUG or DATA
level: INFO
# Write trace logs to file on disk
disk: true
# Write trace logs to stdout in JSON Format
stdoutJSON: true
opentraffic:
# none, file or stdout
output: file
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
#podSecurityContext:
# set user id for k8s, set null for openshift
# runAsUser: 1000
#runAsGroup: 1000
#fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
# NOTE: readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
# runAsNonRoot: true
service:
type: ClusterIP
ports:
traffic:
port: 8065
protocol: TCP
oauth:
enabled: true
type: ClusterIP
port: 8089
protocol: TCP
route:
enabled: false
targetPort: "{{ .Values.apitraffic.oauth.port }}"
tls:
enabled: true
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
#oauth ingress
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
#apitraffic ingress
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# OpenShift configuration
route:
enabled: true
targetPort: "{{ .Values.apitraffic.service.ports.traffic.port }}"
## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html
tls:
enabled: true
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# memory: "2Gi"
# cpu: 2
# requests:
# memory: "0.5Gi"
# cpu: 0.5
# JVM Heap Size in MB
jvmHeapSize: "1512"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
#extraInitContainers:
# - name: extra
# image: "docker.io/busybox:1.34"
# command: []
# resources:
# limits:
# memory: "500Mi"
# cpu: 0.5
# securityContext:
# allowPrivilegeEscalation: false
# runAsNonRoot: true
extraEnvVars: []
# - name: MY_ENV_VARIABLE
# value: "true"
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apitraffic
path: /healthcheck
port: 8065
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apitraffic
path: /healthcheck
port: 8065
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
# extraVolumeMounts:
# - name: events
# mountPath: /opt/Axway/apigateway/logs/events
# - name: opentraffic
# mountPath: /opt/Axway/apigateway/logs/opentraffic
# extraVolumes:
# - persistentVolumeClaim:
# claimName: events
# name: events
# - persistentVolumeClaim:
# claimName: opentraffic
# name: opentraffic
extraVolumeMounts:
- name: gw-external-config
mountPath: /merge
extraVolumes:
- persistentVolumeClaim:
claimName: gw-external-config
name: gw-external-config
license:
license.lic: |
# FIPS=1
# Mock Connector=1
# SalesForce Connector=1
# ServiceNow Connector=1
# analytics=1
# api_visual_mapper=1
# apiportal=1
# expires=Sun, 05 May 2025 00:00:00 GMT
# mcafee=1
# mobile integration=1
# unrestricted=1
# # SIGNATURE: abc123
aga:
enabled: false
replicaCount: 1
updateStrategy:
# RollingUpdate or Recreate
type: ""
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: ""
repository: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Accept general conditions on the image by setting accept to yes
generalConditions:
accept: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
# podSecurityContext:
# set user id for k8s, set null for openshift
# runAsUser: 1000
# runAsGroup: 1000
# fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
# NOTE: readOnlyRootFilesystem should be left to false
# readOnlyRootFilesystem: false
#runAsNonRoot: true
service:
type: ClusterIP
ports:
ui:
port: 8040
protocol: TCP
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# OpenShift configuration
route:
enabled: true
targetPort: "{{ .Values.aga.service.ports.ui.port }}"
## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html
tls:
enabled: true
termination: passthrough
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers//
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
#extraInitContainers:
# - name: extra
# image: "docker.io/busybox:1.34"
# command: []
# resources:
# limits:
# memory: "500Mi"
# cpu: 0.5
# securityContext:
# allowPrivilegeEscalation: false
# runAsNonRoot: true
extraEnvVars: []
# - name: MY_ENV_VARIABLE
# value: "true"
livenessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: liveness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 40
periodSeconds: 30
failureThreshold: 5
readinessProbe:
httpGet:
httpHeaders:
- name: k8sprobe
value: readiness.apimgr
path: /healthcheck
port: 8040
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
#extraVolumeMounts:
#- name: events
# mountPath: /opt/Axway/apigateway/logs/events
#extraVolumes:
#- persistentVolumeClaim:
# claimName: events
# name: events
extraVolumeMounts:
- name: aga-external-config
mountPath: /merge
extraVolumes:
- persistentVolumeClaim:
claimName: aga-external-config
name: aga-external-config
apiportal:
enabled: false
replicaCount: 1
updateStrategy:
# RollingUpdate or Recreate
type: ""
# If RollingUpdate
rollingUpdate:
maxSurge: 2
maxUnavailable: 0
image:
# an image reference is specified by registry/repository:tag,
# for instance registry=docker.io, repository=library/alpine, tag=3.15
# if registry is left empty, global.defaultRegistry will be used
registry: ""
repository: ""
# Overrides the image tag whose default is the chart appVersion.
tag: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
service:
type: ClusterIP
ports:
target:
port: 8443
https:
port: 8443
protocol: TCP
http:
port: 8080
protocol: TCP
force:
port: 443
protocol: TCP
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# OpenShift configuration
route:
enabled: true
targetPort: "{{ .Values.apiportal.service.ports.http.port }}"
## More information: https://docs.openshift.com/container-platform/4.12/networking/routes/secured-routes.html
tls:
enabled: true
termination: edge
insecureEdgeTerminationPolicy: Redirect
key:
caCertificate:
certificate:
destinationCACertificate:
apiManager:
configured: 1
name: Main
# host: ""
# port: 8075
# database settings for API Portal, also check the instance settings in global section
mysql:
enabled: true
# if the credentials are already available in a secret, set existingSecret
existingSecret: {}
# name: "mysql-credentials"
# keyMapping:
# password: portalPasswordKey
# username: portalPasswordKey
# else, set username and password, this will create a new secret
username: ""
password: ""
# if it doesn't exist, a database with this name will be created by the app
databaseName: "portal"
sslOn: 0
sslVerifyCert: 0
redis:
enabled: false
host: ""
port: 6379
cacheTimeout: 600
apache:
sslOn: 0
#extraInitContainers:
# - name: extra
# image: "docker.io/busybox:1.34"
# command: []
# resources:
# limits:
# memory: "500Mi"
# cpu: 0.5
# securityContext:
# allowPrivilegeEscalation: false
# runAsNonRoot: true
extraEnvVars: []
# - name: MY_ENV_VARIABLE
# value: "true"
podAnnotations: {}
podLabels: {}
# podSecurityContext:
# runAsUser: 1048
# runAsGroup: 1048
# fsGroup: 1048
securityContext:
allowPrivilegeEscalation: false
#runAsNonRoot: true
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# memory: "2048Mi"
# cpu: "1000m"
# requests:
# memory: "1Gi"
# cpu: "250m"
t4_downloaded: 1
storage:
# if provisioningType=static, a template will be created for the PV,
# if provisioningType=dynamic (default), a storage class is used, and PV doesn't require a template
provisioningType: "dynamic"
classes: nfs
volumes:
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "enckey"
usedBy:
- portal
capacity: 3Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/enckey"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
# for static provisioning, the persistent volume will be created based on these specs
persistentVolume:
# CSI driver, for example efs.csi.aws.com
csiDriver: ""
# volume handle
volumeHandle: ""
# reclaim policy, what happens to the storage when the PVC is deleted
reclaimPolicy: Delete
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "images"
usedBy:
- portal
capacity: 100Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/htdoc/images"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "language"
usedBy:
- portal
capacity: 10Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/htdoc/language"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "templates"
usedBy:
- portal
capacity: 100Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/htdoc/templates"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "admlanguage"
usedBy:
- portal
capacity: 10Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/htdoc/administrator/admlanguage"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
- enabled: false
# must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
name: "certs"
usedBy:
- portal
capacity: 10Mi
accessModes:
- ReadWriteMany
mountPath: "/opt/axway/apiportal/htdoc/administrator/components/com_apiportal/assets/cert"
# if storageClassName is not set, it will default to the one specified in global.storage.storageClassName
# storageClassName: ""
tests:
images:
curl:
registry: docker.io
repository: "curlimages/curl"
# leave empty for "latest" or specify an immutable tag
tag: ""
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}
# limits:
# cpu: 100m
# memory: 50Mi
# requests:
# cpu: 100m
# memory: 50Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
#runAsNonRoot: true
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
## Configuration for v7-discovery subchart
discovery-agent:
# Deploy the discovery agent
enabled: false
## Configuration for v7-traceability subchart
traceability-agent:
## Deploy the traceability agent
enabled: false
Reference in New Issue View Git Blame Copy Permalink