diff --git a/apigateway/helm/Chart.lock b/apigateway/helm/Chart.lock index 3555b27..aec4bec 100644 --- a/apigateway/helm/Chart.lock +++ b/apigateway/helm/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 1.0.3 - name: prometheus-elasticsearch-exporter repository: https://prometheus-community.github.io/helm-charts - version: 5.0.0 -digest: sha256:ca4d38e54226ff732696e5af73cb2ed423acece567769328f72d07fd38e6c15c -generated: "2024-06-25T14:25:11.045085+02:00" + version: 6.5.0 +digest: sha256:b09f538632326fa846608cca98435da9b12ab19393f782b95e43f330753ac04d +generated: "2024-11-08T09:28:49.886783483+01:00" diff --git a/apigateway/helm/Chart.yaml b/apigateway/helm/Chart.yaml index 30e3dd9..87a52b2 100644 --- a/apigateway/helm/Chart.yaml +++ b/apigateway/helm/Chart.yaml @@ -33,7 +33,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.9 +version: 2.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -50,5 +50,5 @@ dependencies: repository: "https://prometheus-community.github.io/helm-charts" tags: - prometheus-elasticsearch-exporter - version: 5.0.0 + version: 6.5.0 condition: prometheus-elasticsearch-exporter.enabled diff --git a/apigateway/helm/README.md b/apigateway/helm/README.md index 5aae370..e992dae 100644 --- a/apigateway/helm/README.md +++ b/apigateway/helm/README.md @@ -103,13 +103,12 @@ spec: sessionAffinityConfig: clientIP: timeoutSeconds: 1000 - --- # apigateway-ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: - annotations: + annotations: nginx.ingress.kubernetes.io/affinity: "cookie" ``` @@ -170,6 +169,25 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use | `1.2.7` | Added possibility to rename roleBinding for API Gateway, Kibana and Elasticsearch. This allows for multiple deployments into the same namespace. Also, CRD ServiceMonitor selector corrected. Support of ES storage PVC annotations. | | `1.2.8` | `tpl` function support in `affinity` value added. `affinity` support added for Kibana and Elasticsearch. `topologySpreadConstraints` support added for APIGW, Elasticsearch and Kibana. | | `1.2.9` | `priorityClassName` support added for APIGW, Elasticsearch and Kibana. | +| `2.0.0` | Prometheus Elasticsearch Exporter version `6.5.0` is used. Value `revisionHistoryLimit` is added and documented. | + +## Chart Version `2.0.0` + +The Chart version `2.0.0` uses the [Prometheus Elasticsearch Exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-elasticsearch-exporter) version `6.5.0`. + +### Migrate from `1.x.x` to `2.0.0` + +If you want to migrate the Elasticsearch Exporter version `5.0.0`, you must delete the existing deployment. Over install is not working. You see the error ... + +``` +Error: UPGRADE FAILED: cannot patch "apigw-prometheus-elasticsearch-exporter" ... +``` + +To delete the Elasticsearch Exporter deployment ... + +``` +kubectl delete deployment -prometheus-elasticsearch-exporter -n +``` ## Values diff --git a/apigateway/helm/README.md.gotmpl b/apigateway/helm/README.md.gotmpl index 920259c..c3451c6 100644 --- a/apigateway/helm/README.md.gotmpl +++ b/apigateway/helm/README.md.gotmpl @@ -103,18 +103,16 @@ spec: sessionAffinityConfig: clientIP: timeoutSeconds: 1000 - --- # apigateway-ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: - annotations: + annotations: nginx.ingress.kubernetes.io/affinity: "cookie" ``` -Note, if you are using the default configuration and nginx as your ingress controller, sticky sessions will be enabled by default for the UI port and ingress. Change the ingress annotations accordingly for other ingress controllers like Traefik. - +Note, if you are using the default configuration and nginx as your ingress controller, sticky sessions will be enabled by default for the UI port and ingress. Change the ingress annotations accordingly for other ingress controllers like Traefik. ## Using an external load balancer @@ -171,5 +169,24 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use | `1.2.7` | Added possibility to rename roleBinding for API Gateway, Kibana and Elasticsearch. This allows for multiple deployments into the same namespace. Also, CRD ServiceMonitor selector corrected. Support of ES storage PVC annotations. | | `1.2.8` | `tpl` function support in `affinity` value added. `affinity` support added for Kibana and Elasticsearch. `topologySpreadConstraints` support added for APIGW, Elasticsearch and Kibana. | | `1.2.9` | `priorityClassName` support added for APIGW, Elasticsearch and Kibana. | +| `2.0.0` | Prometheus Elasticsearch Exporter version `6.5.0` is used. Value `revisionHistoryLimit` is added and documented. | + +## Chart Version `2.0.0` + +The Chart version `2.0.0` uses the [Prometheus Elasticsearch Exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-elasticsearch-exporter) version `6.5.0`. + +### Migrate from `1.x.x` to `2.0.0` + +If you want to migrate the Elasticsearch Exporter version `5.0.0`, you must delete the existing deployment. Over install is not working. You see the error ... + +``` +Error: UPGRADE FAILED: cannot patch "apigw-prometheus-elasticsearch-exporter" ... +``` + +To delete the Elasticsearch Exporter deployment ... + +``` +kubectl delete deployment -prometheus-elasticsearch-exporter -n +``` {{ template "chart.valuesSection" . }} diff --git a/apigateway/helm/charts/common-1.0.3.tgz b/apigateway/helm/charts/common-1.0.3.tgz index c89d9b8..19e6fe3 100644 Binary files a/apigateway/helm/charts/common-1.0.3.tgz and b/apigateway/helm/charts/common-1.0.3.tgz differ diff --git a/apigateway/helm/charts/prometheus-elasticsearch-exporter-5.0.0.tgz b/apigateway/helm/charts/prometheus-elasticsearch-exporter-5.0.0.tgz deleted file mode 100644 index 1ce688f..0000000 Binary files a/apigateway/helm/charts/prometheus-elasticsearch-exporter-5.0.0.tgz and /dev/null differ diff --git a/apigateway/helm/charts/prometheus-elasticsearch-exporter-6.5.0.tgz b/apigateway/helm/charts/prometheus-elasticsearch-exporter-6.5.0.tgz new file mode 100644 index 0000000..8e0dae6 Binary files /dev/null and b/apigateway/helm/charts/prometheus-elasticsearch-exporter-6.5.0.tgz differ diff --git a/apigateway/helm/templates/_helper.tpl b/apigateway/helm/templates/_helper.tpl index 4e0e061..e9c26f8 100644 --- a/apigateway/helm/templates/_helper.tpl +++ b/apigateway/helm/templates/_helper.tpl @@ -59,27 +59,27 @@ Build the secret name for truststore for Elasticsearch {{- end }} {{/* -Renders API Gateway's password key identifier for API Gateway for the keystore. Defaults to "password" if no Value for .Values.apigw.elastic. +Renders API Gateway's password key identifier for API Gateway for the keystore. Defaults to "password" if no Value for .Values.apigw.elastic. */}} {{- define "apigateway.elastickeystoresecretPasswordKey" -}} {{- default ( printf "%s" "password" ) .Values.apigw.elastickeyStorePassKey }} {{- end }} {{/* -Renders API Gateway's password key identifier for API Gateway for the truststore. Defaults to "password" if no Value for .Values.apigw.elastic. +Renders API Gateway's password key identifier for API Gateway for the truststore. Defaults to "password" if no Value for .Values.apigw.elastic. */}} {{- define "apigateway.elastictruststoresecretPasswordKey" -}} {{- default ( printf "%s" "password" ) .Values.apigw.elastictruststoreStorePassKey }} {{- end }} -{{/* +{{/* Build the tls secret name, which holds the jks trust and keystore for API Gateway to communicate with Elasticsearch */}} {{- define "apigateway.elastictls" -}} {{- default (printf "%s%s" (include "common.names.fullname" .) "-es-tls-secret") .Values.elasticsearch.tlsSecretName }} {{- end }} -{{/* +{{/* Build the admin secret name, which holds the Administrator password */}} {{- define "apigateway.adminsecret" -}} diff --git a/apigateway/helm/templates/configmap.yaml b/apigateway/helm/templates/configmap.yaml index 4006abd..b317eb2 100644 --- a/apigateway/helm/templates/configmap.yaml +++ b/apigateway/helm/templates/configmap.yaml @@ -36,9 +36,8 @@ data: {{- if .Values.apigw.extraConfigSources }} {{- toYaml .Values.apigw.extraConfigSources | nindent 4 -}} {{- end }} - apigw-config.yml: | - apigw: + apigw: {{- range $key, $value := .Values.apigw.configSources }} {{- if kindIs "map" $value }} {{- printf "%s:" $key | nindent 6 }} @@ -46,10 +45,9 @@ data: {{- else if kindIs "string" $value }} {{- printf "%s: %s" $key (tpl $value $) }} {{- else if or (kindIs "bool" $value) (or (kindIs "float" $value) (kindIs "int" $value)) }} - {{- printf "%s: %v" $key $value }} + {{- printf "%s: %v" $key $value }} {{- end }} {{- end }} - {{ if .Values.apigw.applicationProperties -}} application.properties: | {{- printf "%s" (tpl .Values.apigw.applicationProperties .) | nindent 4 }} diff --git a/apigateway/helm/templates/configmaps-extra.yaml b/apigateway/helm/templates/configmaps-extra.yaml index 2b7c76b..3edea64 100644 --- a/apigateway/helm/templates/configmaps-extra.yaml +++ b/apigateway/helm/templates/configmaps-extra.yaml @@ -27,6 +27,6 @@ metadata: {{- with $.Values.extraLabels -}} {{ toYaml . | nindent 4 }} {{- end }} -data: - {{- toYaml .data | nindent 2 }} +data: + {{- toYaml .data | nindent 2 }} {{- end }} diff --git a/apigateway/helm/templates/deployment.yaml b/apigateway/helm/templates/deployment.yaml index 5923120..37002fc 100644 --- a/apigateway/helm/templates/deployment.yaml +++ b/apigateway/helm/templates/deployment.yaml @@ -60,20 +60,20 @@ spec: {{- end }} {{- if .Values.serviceAccount.create }} serviceAccountName: {{ include "common.names.serviceAccountName" . }} - {{- end }} + {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if or ( .Values.apigw.initContainer.enabled ) ( .Values.extraInitContainers ) }} initContainers: - {{- if .Values.elasticsearch.deploy }} + {{- if .Values.elasticsearch.deploy }} - name: waitforelasticsearch image: {{ .Values.global.curlImage }} imagePullPolicy: IfNotPresent - {{- if .Values.resources.apigwInitContainer }} + {{- if .Values.resources.apigwInitContainer }} resources: {{- toYaml .Values.resources.apigwInitContainer | nindent 12 }} {{- end }} - {{- if .Values.apigw.initContainer.securityContext }} + {{- if .Values.apigw.initContainer.securityContext }} securityContext: {{- toYaml .Values.apigw.initContainer.securityContext | nindent 12 }} {{- end }} @@ -148,7 +148,7 @@ spec: valueFrom: secretKeyRef: name: {{ include "apigateway.elastickeystoresecret" . }} - key: {{ include "apigateway.elastickeystoresecretPasswordKey" . }} + key: {{ include "apigateway.elastickeystoresecretPasswordKey" . }} - name: apigw_elasticsearch_https_truststorePassword valueFrom: secretKeyRef: @@ -171,7 +171,7 @@ spec: - containerPort: {{ int .Values.apigw.adminPort }} name: admin-http protocol: TCP - - containerPort: {{ int .Values.apigw.runtimeExternalPort }} + - containerPort: {{ int .Values.apigw.runtimeExternalPort }} name: external-http protocol: TCP {{- if .Values.grpcService.enabled }} @@ -181,7 +181,7 @@ spec: {{- end }} {{- if .Values.extraPorts }} {{- toYaml .Values.extraPorts | nindent 10 }} - {{- end }} + {{- end }} livenessProbe: tcpSocket: port: {{ int .Values.apigw.adminPort }} @@ -194,7 +194,7 @@ spec: httpGet: path: /rest/apigateway/health port: {{ int .Values.apigw.adminPort }} - scheme: {{ .Values.apigw.readinessProbe.scheme }} + scheme: {{ .Values.apigw.readinessProbe.scheme }} failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 30 @@ -219,7 +219,7 @@ spec: {{- end }} {{- if .Values.extraVolumeMounts }} {{- if eq "string" (printf "%T" .Values.extraVolumeMounts) }} - {{- tpl .Values.extraVolumeMounts . | nindent 12 }} + {{- tpl .Values.extraVolumeMounts . | nindent 12 }} {{- else }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} @@ -245,7 +245,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.hostAliases }} - hostAliases: + hostAliases: {{- toYaml .Values.hostAliases | nindent 8 }} {{- end }} volumes: @@ -258,7 +258,7 @@ spec: - key: apigw-config.yml path: apigw-config.yml - key: application.properties - path: application.properties + path: application.properties - name: apigw-license configMap: name: {{ include "apigateway.licenseconfigname" . }} @@ -268,7 +268,7 @@ spec: path: licenseKey.xml {{- if .Values.elasticsearch.tlsEnabled }} - name: elastic-tls - secret: + secret: secretName: {{ include "apigateway.elastictls" .}} items: - key: truststore.jks diff --git a/apigateway/helm/templates/elasticsearch.yaml b/apigateway/helm/templates/elasticsearch.yaml index adf9f08..8dd9747 100644 --- a/apigateway/helm/templates/elasticsearch.yaml +++ b/apigateway/helm/templates/elasticsearch.yaml @@ -26,7 +26,7 @@ metadata: labels: {{- with .Values.extraLabels -}} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} spec: version: {{ .Values.elasticsearch.version }} {{- if .Values.elasticsearch.image }} @@ -35,7 +35,7 @@ spec: http: tls: {{- if .Values.elasticsearch.tlsEnabled }} - certificate: + certificate: secretName: {{ tpl .Values.elasticsearch.certificateSecretName . }} selfSignedCertificate: {{- if .Values.elasticsearch.subjectAltNames }} @@ -88,9 +88,9 @@ spec: {{- if not .Values.elasticsearch.defaultNodeSet.memoryMapping }} node.store.allow_mmap: false {{- end }} - podTemplate: + podTemplate: metadata: - labels: + labels: {{- with .Values.extraLabels -}} {{ toYaml . | nindent 12 }} {{- end }} @@ -99,8 +99,8 @@ spec: {{ toYaml . | nindent 12 }} {{- end }} spec: - {{- with .Values.revisionHistoryLimit }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- if .Values.revisionHistoryLimit }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- end }} {{- with .Values.elasticsearch.affinity }} affinity: @@ -144,7 +144,7 @@ spec: memory: 50Mi cpu: 500m limits: - memory: 100Mi + memory: 100Mi {{- end }} {{- end }} {{- end }} diff --git a/apigateway/helm/templates/ingress.yaml b/apigateway/helm/templates/ingress.yaml index c6c3a82..79f41ab 100644 --- a/apigateway/helm/templates/ingress.yaml +++ b/apigateway/helm/templates/ingress.yaml @@ -43,7 +43,7 @@ metadata: {{- $labels | nindent 4 }} {{- with $.Values.extraLabels -}} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} {{- with .annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/apigateway/helm/templates/job.yaml b/apigateway/helm/templates/job.yaml index b6ed50d..06e4f18 100644 --- a/apigateway/helm/templates/job.yaml +++ b/apigateway/helm/templates/job.yaml @@ -205,7 +205,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - + {{ end }} {{- end -}} diff --git a/apigateway/helm/templates/kibana.yaml b/apigateway/helm/templates/kibana.yaml index 06483fd..7d421be 100644 --- a/apigateway/helm/templates/kibana.yaml +++ b/apigateway/helm/templates/kibana.yaml @@ -74,7 +74,7 @@ spec: name: {{ include "common.names.fullname" . }} podTemplate: metadata: - labels: + labels: {{- with .Values.extraLabels -}} {{ toYaml . | nindent 8 }} {{- end }} @@ -147,7 +147,7 @@ spec: name: {{ include "apigateway.kibanasecret" . }} key: password {{- if .Values.kibana.tls.enabled }} - - name: KIBANA_TRUSTSTORE_PASSWORD + - name: KIBANA_TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ include "apigateway.kibanatruststorepassword" . }} diff --git a/apigateway/helm/templates/license.yaml b/apigateway/helm/templates/license.yaml index ed2fd2c..4a2c262 100644 --- a/apigateway/helm/templates/license.yaml +++ b/apigateway/helm/templates/license.yaml @@ -23,13 +23,13 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.names.fullname" . }}-license - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} {{- with .Values.extraLabels -}} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} annotations: - helm.sh/resource-policy: keep + helm.sh/resource-policy: keep data: licensekey: {{ .Values.license | toYaml | nindent 4 }} diff --git a/apigateway/helm/templates/nginx-configmap.yaml b/apigateway/helm/templates/nginx-configmap.yaml index cfc8c25..af2e3be 100644 --- a/apigateway/helm/templates/nginx-configmap.yaml +++ b/apigateway/helm/templates/nginx-configmap.yaml @@ -34,41 +34,41 @@ data: worker_processes 1; error_log /var/log/nginx/error.log debug; pid /var/run/nginx.pid; - + events { worker_connections 1024; } - + http { include /etc/nginx/mime.types; default_type application/octet-stream; - + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - + access_log /var/log/nginx/access.log main; - + sendfile on; #tcp_nopush on; keepalive_timeout 65; gzip on; - + upstream apigateway-rt { server {{ include "common.names.fullname" . }}-rt:{{ int .Values.apigw.runtimePort }}; } - + upstream apigateway-ui { server {{ include "common.names.fullname" . }}-ui:{{ int .Values.apigw.uiPort }}; } - + server { listen {{ int .Values.apigw.runtimePort }}; location / { proxy_pass http://apigateway-rt; } } - + server { listen {{ int .Values.apigw.uiPort }}; location / { diff --git a/apigateway/helm/templates/nginx-deployment.yaml b/apigateway/helm/templates/nginx-deployment.yaml index 9f7ecbc..b13b287 100644 --- a/apigateway/helm/templates/nginx-deployment.yaml +++ b/apigateway/helm/templates/nginx-deployment.yaml @@ -22,11 +22,11 @@ apiVersion: apps/v1 kind: Deployment metadata: - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} {{- with .Values.extraLabels -}} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} name: {{ include "common.names.fullname" . }}-nginx spec: replicas: 1 @@ -36,7 +36,7 @@ spec: selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - strategy: + strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 @@ -49,7 +49,7 @@ spec: {{- include "common.labels.standard" . | nindent 8 }} {{- with .Values.extraLabels -}} {{ toYaml . | nindent 8 }} - {{- end }} + {{- end }} spec: containers: - name: nginx @@ -72,8 +72,8 @@ spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} - {{- end }} - + {{- end }} + volumes: - name: nginx-config configMap: diff --git a/apigateway/helm/templates/nginx-svc.yaml b/apigateway/helm/templates/nginx-svc.yaml index 47036af..52298c6 100644 --- a/apigateway/helm/templates/nginx-svc.yaml +++ b/apigateway/helm/templates/nginx-svc.yaml @@ -23,18 +23,18 @@ apiVersion: v1 kind: Service metadata: name: {{ include "common.names.fullname" . }}-nginx-svc - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} {{- with .Values.extraLabels -}} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} spec: type: {{ .Values.service.type }} ports: - port: {{ int .Values.apigw.runtimePort }} protocol: TCP targetPort: {{ int .Values.apigw.runtimePort }} - name: rtport + name: rtport {{- if (eq .Values.service.type "ClusterIP") }} nodePort: null {{- end }} diff --git a/apigateway/helm/templates/secret.yaml b/apigateway/helm/templates/secret.yaml index c37e545..44de9fa 100644 --- a/apigateway/helm/templates/secret.yaml +++ b/apigateway/helm/templates/secret.yaml @@ -27,7 +27,7 @@ metadata: labels: {{- with .Values.extraLabels -}} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} type: kubernetes.io/basic-auth stringData: {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $name ) | default dict }} @@ -49,7 +49,7 @@ metadata: labels: {{- with .Values.extraLabels -}} {{ toYaml . | nindent 4 }} - {{- end }} + {{- end }} type: kubernetes.io/basic-auth stringData: {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $name ) | default dict }} diff --git a/apigateway/helm/templates/secrets-extra.yaml b/apigateway/helm/templates/secrets-extra.yaml index 9be2a1a..acb6b31 100644 --- a/apigateway/helm/templates/secrets-extra.yaml +++ b/apigateway/helm/templates/secrets-extra.yaml @@ -34,7 +34,7 @@ stringData: {{- $secretObj := (lookup "v1" "Secret" $.Release.Namespace .name ) | default dict }} {{- $secretData := get $secretObj "data" | default dict }} {{- $password := get $secretData "password" | b64dec | default (randAlphaNum 12) }} - username: {{ .username | quote }} + username: {{ .username | quote }} password: {{ $password | quote }} roles: {{ .roles | quote}} {{- end }} diff --git a/apigateway/helm/templates/service.yaml b/apigateway/helm/templates/service.yaml index ab8184e..2a01e7c 100644 --- a/apigateway/helm/templates/service.yaml +++ b/apigateway/helm/templates/service.yaml @@ -21,7 +21,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "common.names.fullname" . }}-rt - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} {{- with .Values.extraLabels -}} {{ toYaml . | nindent 4 }} @@ -44,7 +44,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "common.names.fullname" . }}-admin - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} {{- with .Values.extraLabels -}} {{ toYaml . | nindent 4 }} @@ -67,7 +67,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "common.names.fullname" . }}-ui - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} {{- with .Values.extraLabels -}} {{ toYaml . | nindent 4 }} @@ -102,7 +102,7 @@ metadata: {{- if .Values.grpcService.dnsExternal }} external-dns.alpha.kubernetes.io/hostname: {{ .Values.grpcService.hostname }} {{- end }} - labels: + labels: {{- include "common.labels.standard" . | nindent 4 }} {{- with .Values.extraLabels -}} {{ toYaml . | nindent 4 }} diff --git a/apigateway/helm/values.yaml b/apigateway/helm/values.yaml index 83bf6f0..9143a90 100644 --- a/apigateway/helm/values.yaml +++ b/apigateway/helm/values.yaml @@ -1,23 +1,23 @@ replicaCount: 1 # -- The number of old ReplicaSets to retain to allow rollback. -# revisionHistoryLimit: 10 +revisionHistoryLimit: 10 image: - # -- The repository for the image. By default, - # this points to the Software AG container repository. + # -- The repository for the image. By default, + # this points to the Software AG container repository. # Change this for air-gapped installations or custom images. - # For the Software AG container repository you need to have a + # For the Software AG container repository you need to have a # valid access token stored as registry credentials repository: sagcr.azurecr.io/apigateway-minimal pullPolicy: IfNotPresent - # -- The image tag of the apigateway image default this will be the latest version. - # For realworld scenarios SAG recommends to use a + # -- The image tag of the apigateway image default this will be the latest version. + # For realworld scenarios SAG recommends to use a # specific version to not accidently change production versions with newer images. tag: "10.15" # -- Image pull secret reference. By default looks for `regcred`. -imagePullSecrets: +imagePullSecrets: - name: regcred # -- Controls if secrets should be generated automatically. @@ -32,7 +32,7 @@ fullnameOverride: "" serviceAccount: # -- Specifies whether a service account should be created - # if you set this to false, you need to specify an existing service account in 'name'. + # if you set this to false, you need to specify an existing service account in 'name'. # A service account is required for the apigateway to access the kubernetes API (i.e, Apache Ignite clustering). # The default service account should be as follows: # apiVersion: v1 @@ -108,15 +108,15 @@ grpcService: dnsExternal: false hostname: "" -# multiple ingresses for ui, admin, ext and rt -ingresses: +# multiple ingresses for ui, admin, ext and rt +ingresses: ui: defaultHost: "" enabled: true svcName: "" svcPort: "" className: "nginx" - annotations: + annotations: nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/proxy-body-size: 10m nginx.ingress.kubernetes.io/proxy-read-timeout: "600" @@ -127,12 +127,12 @@ ingresses: paths: - path: / pathType: Prefix - tls: - - secretName: - hosts: + tls: + - secretName: + hosts: csiSecretProvider: secretProviderEnabled: false - secretProviderSecretName: + secretProviderSecretName: rt: defaultHost: "" enabled: true @@ -149,18 +149,18 @@ ingresses: paths: - path: /gateway pathType: Prefix - tls: - - secretName: + tls: + - secretName: hosts: secretProviderEnabled: false - secretProviderSecretName: + secretProviderSecretName: admin: defaultHost: "" enabled: true svcName: "" svcPort: "" className: "nginx" - annotations: + annotations: nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/proxy-body-size: 10m nginx.ingress.kubernetes.io/proxy-read-timeout: "600" @@ -171,27 +171,27 @@ ingresses: paths: - path: / pathType: Prefix - tls: + tls: - secretName: hosts: secretProviderEnabled: false - secretProviderSecretName: + secretProviderSecretName: # global ingress settings for tls secret name, cert and key ingress: - defaultDomain: my-domain.com + defaultDomain: my-domain.com tls: # -- default secret name for TLS. By default empty, # will look for tls". secretName: "" - cert: "" + cert: "" key: "" secretProviderEnabled: false secretProviderName: "" secretProviderClassName: "" secretProviderParameters: {} -resources: +resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -202,14 +202,14 @@ resources: # requests: # cpu: 100m # memory: 128Mi - apigwInitContainer: + apigwInitContainer: requests: cpu: 100m memory: 50Mi limits: cpu: 200m memory: 100Mi - + apigwContainer: requests: cpu: 500m @@ -218,7 +218,7 @@ resources: # use a high cpu limit to avoid the container being throttled cpu: 8 memory: 8Gi - + autoscaling: enabled: false @@ -234,7 +234,7 @@ tolerations: [] # -- Set Pod (anti-) affinity for APIGW. You can use templates inside because `tpl` function is called for rendering. affinity: {} -# -- Set Pod topology spread constraints for APIGW. You can use templates inside because `tpl` function is called for rendering. +# -- Set Pod topology spread constraints for APIGW. You can use templates inside because `tpl` function is called for rendering. topologySpreadConstraints: {} # -- Set APIGW and Nginx Pods' Priority Class Name @@ -244,20 +244,20 @@ priorityClassName: "" # -- Value to add extra host aliases to APIGW container. hostAliases: [] -global: +global: curlImage: "curlimages/curl" # -- Protocol for health check for kibana startup, must be http / https - apigwHealthProtocol: "http" + apigwHealthProtocol: "http" # -- Service name for health check for kibana startup, must same value as apigwAdminService - apigwHealthService: "apigw-admin-svc" - # -- Port for health check for kibana startup, must same value as apigwAdminPort - apigwHealthPort: 5555 + apigwHealthService: "apigw-admin-svc" + # -- Port for health check for kibana startup, must same value as apigwAdminPort + apigwHealthPort: 5555 # -- Elasticsearch global settings # Required for Prometheus Exporter Sub Chart - elasticsearch: + elasticsearch: # -- The elasticsearch http service name that API Gateway uses. - # The default is compiled of the fullname (releasename + chart name) + "-http" + # The default is compiled of the fullname (releasename + chart name) + "-http" # You MUST override this if you use an external elastic search service and do not deploy the embedded elastic CRD from this chart. serviceName: "" port: 9200 @@ -304,17 +304,17 @@ extraConfigMaps: [] lifecycle: {} apigw: - # -- Deploy Elasticsearch. Depends on Elasic Search Helm Charts. See https://github.com/elastic/helm-charts/blob/main/elasticsearch + # -- Deploy Elasticsearch. Depends on Elasic Search Helm Charts. See https://github.com/elastic/helm-charts/blob/main/elasticsearch elasticSearchDeployment: true initMemory: 1024Mi maxMemory: 1024Mi - # -- The API Gateway runtime port for API invocations. By default API Gateway images do not have this port setup. + # -- The API Gateway runtime port for API invocations. By default API Gateway images do not have this port setup. # You must manually set up this port or create post init job that creates this port after API Gateway was initialized. runtimePort: 5556 - # -- The API Diagnostics port. - diagPort: 9999 + # -- The API Diagnostics port. + diagPort: 9999 # -- The default API Administration UI port uiPort: 9072 # -- The default administration port. Note in a default installation this port will also be used for runtime traffic. @@ -327,7 +327,7 @@ apigw: # -- The readinessprobe scheme (https or http). scheme: "HTTP" serviceName: "apigw" - + # -- SecurityContext for apigw initContainer # Deactivated by default. # Usage example: @@ -343,14 +343,14 @@ apigw: securityContext: {} # -- If apigw initContainer for ES should be enabled enabled: true - + # -- Specifies the location and name of the configuration variables template # or the directory containing templates for use with Microservices Runtime or # an Integration Server with licensed Microservices functionality. Use a # comma-separated list to specify multiple templates and/or directories. # See: https://documentation.softwareag.com/webmethods/integration_server/pie10-15/webhelp/pie-webhelp/index.html#page/pie-webhelp%2Fto-sag_environment_variables_2.html - # Note: should only be used for passing simple configurations such as extended - # settings. For all other configurations of API Gateway, use the official + # Note: should only be used for passing simple configurations such as extended + # settings. For all other configurations of API Gateway, use the official # Admin REST API. sagIsConfigProperties: "/config/application.properties" @@ -359,7 +359,7 @@ apigw: rtExternalService: "apigw-rt-ext-svc" apigwAdminService: "apigw-admin-svc" - # -- The secret that holds the admin password + # -- The secret that holds the admin password # Depends on secrets.genereateAdminSecret; if true the setting will be ignored. adminSecretName: "" @@ -371,16 +371,16 @@ apigw: # -- The key that holds the truststore password; defaults to "password" elastictrustStorePassKey: "" - + # -- The secret that holds the keystore password. If empty the chart will generate the name: fullname + "-es-keystore-secret". elastickeyStoreName: "" # -- The key that holds the keystore password; defaults to "password" elastickeyStorePassKey: "" - # -- Application Properties to overwrite default API Gateway settings. Please check - # Handle with care - Most settings should be set via the UI, Admin API, configSources values, or via environment variables. - # By default only the default Administrator password is set through this mechanism if nothing is set here. + # -- Application Properties to overwrite default API Gateway settings. Please check + # Handle with care - Most settings should be set via the UI, Admin API, configSources values, or via environment variables. + # By default only the default Administrator password is set through this mechanism if nothing is set here. # Other examples are extended settings which can be set through this mechanism. # Examples: # @@ -406,16 +406,16 @@ apigw: # settings.watt.net.default.content-type=json # # Avoid IS internal statistic data collector ... - # statisticsdatacollector.monitorConfig.enabled=false + # statisticsdatacollector.monitorConfig.enabled=false applicationProperties: | # -- configuration source files for API Gateway configSources: - elasticsearch: + elasticsearch: tenantId: default hosts: "{{ default (printf \"%s-%s-es-http\" .Release.Name .Chart.Name) .Values.global.elasticsearch.serviceName }}:{{ .Values.global.elasticsearch.port }}" - + kibana: dashboardInstance: "{{ printf \"http://%s-%s-kb-http:%d\" .Release.Name .Chart.Name (int .Values.kibana.port) }}" autostart: false @@ -432,7 +432,7 @@ apigw: communicationPort: "10400" # -- Extra configuration sources for API Gateway - # Example: + # Example: # - type: YAML # allowEdit: false # properties: @@ -447,7 +447,7 @@ prometheus: path: "/metrics" port: "5555" scheme: "http" - ## -- Only used on annotation + ## -- Only used on annotation scrape: "true" ## -- Only used on ServiceMonitor interval: 10s @@ -457,23 +457,23 @@ prometheus: serviceMonitor: # -- Create and enable CRD ServiceMonitor. The default is `false`. enabled: false - # -- Set the monitored service which is connected by ServiceMonitor. Default (if not set) is the `rt` runtime service. + # -- Set the monitored service which is connected by ServiceMonitor. Default (if not set) is the `rt` runtime service. serviceName: "" metering: - # -- enable metering + # -- enable metering enabled: true # -- The URL of the metering aggregator server REST API. serverUrl: "https://metering.softwareag.cloud/api/measurements" - # -- The type of the proxy that the metering client uses. - # Valid values are: - # *DIRECT (default). - # *HTTP + # -- The type of the proxy that the metering client uses. + # Valid values are: + # *DIRECT (default). + # *HTTP # *SOCKS - # Indicates that the metering client does not use a proxy. + # Indicates that the metering client does not use a proxy. proxyType: "DIRECT" - # -- The proxy address in a : format that the metering client uses. + # -- The proxy address in a : format that the metering client uses. # Configure this property only if you use a metering proxy. proxyAddress: # -- The proxy password that the metering client uses. @@ -483,7 +483,7 @@ metering: # *Letters: A-Z, a-z # *Numbers: 0-9 # *Special characters: !@#$%^&*()_+-=[]{}\/?,.<>; - proxyPass: + proxyPass: # -- The time in milliseconds to establish the initial TCP connection when the metering client calls the server REST endpoint. This is also the time to start the request. serverConnectTimeout: "60000" # -- The maximum time in milliseconds without data transfer over the TCP connection to the server. This is also the time that it takes for the server to respond. When this time passes, the request fails. @@ -502,7 +502,7 @@ metering: logLevel: # -- The absolute path to the metering client truststore that is used for HTTPS connections. Add this value in any of the following cases: # *If you use the Software AG Metering Server on premises (via HTTPS) and the certificates in the truststore do not match the certificates configured in Software AG Runtime (CTP). - # *If you use a metering proxy that terminates the SSL connection to the Metering Server in Software AG Cloud. + # *If you use a metering proxy that terminates the SSL connection to the Metering Server in Software AG Cloud. trustStoreFile: # -- The password for the metering client truststore. # Configure this property only if you use a truststore. @@ -520,27 +520,27 @@ metering: elasticsearch: - # -- Deploy elastic search instance + # -- Deploy elastic search instance deploy: true # -- The ECK version to be used version: 8.2.3 # -- The image that should be used. - # By default ECK will use the official Elasticsearch images. + # By default ECK will use the official Elasticsearch images. # Overwrite this to use an image from an internal registry or any custom images. # Make sure that the image corresponds to the version field. - image: + image: # -- Resource Settings for Elasticsearch - # Example: - # + # Example: + # # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m - # memory: 128Mi + # memory: 128Mi resources: {} # -- Request size of storage. The default is 1Gi. @@ -570,7 +570,7 @@ elasticsearch: # username: "elastic" # roles: "viewer" extraSecrets: [] - + # -- Customization of ElasticSearchs PodDisruptionBudget Policy. # Elastic Cloud on Kubernetes operator (ECK) creates a default PodDisruptionBudget Policy. podDisruptionBudget: @@ -582,7 +582,7 @@ elasticsearch: # Overwriting with custom PodDisruptionBudget Policy requires enabled=true. # Examples can be seen here: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ data: {} - + # -- Enable and configure service account creation. serviceAccount: # -- Whether to create a ServiceAccount for Elasticsearch @@ -595,7 +595,7 @@ elasticsearch: # -- Name of the ServiceAccount Rolebinding used by the Elasticsearch ServiceAccount. # Requires create=true to work. roleBindingName: "elasticsearch-rolebinding" - + # -- Whether the communication from APIGW and Kibana should be HTTPS # Note: you will need to create certificate and a separate truststore for the communication. tlsEnabled: false @@ -603,7 +603,7 @@ elasticsearch: # -- The name of the elasticsearch secret. By default it will created by the fullname + "-es-tls-secret" if tlsEnabled is set to true. tlsSecretName: "" - # -- The secret name that holds the keystore password + # -- The secret name that holds the keystore password keystoreSecretName: "" # -- The name of the secret holding the tls secret @@ -613,7 +613,7 @@ elasticsearch: # -- Set Pod (anti-) affinity for ElasticSearch. You can use templates inside because `tpl` function is called for rendering. affinity: {} - # -- Set Pod topology spread constraints for ElasticSearch. You can use templates inside because `tpl` function is called for rendering. + # -- Set Pod topology spread constraints for ElasticSearch. You can use templates inside because `tpl` function is called for rendering. topologySpreadConstraints: {} # -- Set Pods' Priority Class Name @@ -623,20 +623,20 @@ elasticsearch: # https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-orchestration.html # if you specify node sets here the defaultNodeSet will not be used. nodeSets: [] - + # -- Default Node Set defaultNodeSet: # -- the number of replicas for Elastic Search count: 1 - # -- Set this to true for production workloads, this will also + # -- Set this to true for production workloads, this will also # use an init container to increase the vm.max_map_count to 262144 on the nodes. - memoryMapping: false + memoryMapping: false # -- Controls whether to start an init container that increases the vm.max_map_count to 262144 on the node. # Set memoryMapping to true and this setting also to true to run the init container. # Note that this requires the ability to run privileged containers, which is likely not the case on many secure clusters. - setMaxMapCount: true + setMaxMapCount: true installMapperSizePlugin: true # -- Extra configuration parameters for Elasticsearch nodes to be appended to the default (none). @@ -645,11 +645,11 @@ elasticsearch: # -- Extra init containers to be started before Elasticsearch nodes are started. # See https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-init-containers-plugin-downloads.html - extraInitContainers: {} + extraInitContainers: {} # -- Annotations for Elasticsearch annotations: {} - + kibana: # -- The ECK version to be used @@ -658,17 +658,17 @@ kibana: # -- Set Pod (anti-) affinity for Kibana. You can use templates inside because `tpl` function is called for rendering. affinity: {} - # -- Set Pod topology spread constraints for Kibana. You can use templates inside because `tpl` function is called for rendering. + # -- Set Pod topology spread constraints for Kibana. You can use templates inside because `tpl` function is called for rendering. topologySpreadConstraints: {} # -- Set Pods' Priority Class Name priorityClassName: "" # -- The image that should be used. - # By default ECK will use the official Elasticsearch images. + # By default ECK will use the official Elasticsearch images. # Overwrite this to use an image from an internal registry or any custom images. # Make sure that the image corresponds to the version field. - image: + image: # -- The default Kibana Port port: 5601 @@ -677,7 +677,7 @@ kibana: # -- Annotations for Kibana annotations: {} - + # -- The secret name that holds the kibana user for API Gateway. secretName: "" @@ -724,14 +724,14 @@ kibana: extraInitContainers: [] # -- Resource Settings for Kibana - # Example: - # + # Example: + # # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m - # memory: 128Mi + # memory: 128Mi resources: {} # -- Additional labels to be added to kibana pod labels. @@ -749,7 +749,7 @@ kibana: # -- Name of the ServiceAccount Rolebinding used by the Kibana ServiceAccount. # Requires create=true to work. roleBindingName: "kibana-rolebinding" - + # -- Configure Kibana's readinessProbe. readinessProbe: httpGet: @@ -760,7 +760,7 @@ kibana: successThreshold: 1 periodSeconds: 10 timeoutSeconds: 1 - + # -- Configure Kibana's livenessProbe. livenessProbe: {} # tcpSocket: @@ -770,7 +770,7 @@ kibana: # initialDelaySeconds: 30 # periodSeconds: 30 # timeoutSeconds: 1 - + # Set to 'true' prevents API Gateway Error message in the log, indicating that Kibana is not available. # -- Enable anonymous access to /api/status. allowAnonymousStatus: true @@ -795,8 +795,11 @@ prometheus-elasticsearch-exporter: # -- Deploy the prometheus exporter for elasticsearch enabled: true + # -- The number of old ReplicaSets to retain to allow rollback. + revisionHistoryLimit: 10 + # -- secret for elasticsearch user. Will need to adjust the secret's name. By default the secret name is -apigateway-sag-user-es. - # Adjust accordingly if your release name is different. + # Adjust accordingly if your release name is different. extraEnvSecrets: ES_PASSWORD: secret: apigw-apigateway-sag-user-es @@ -809,7 +812,7 @@ prometheus-elasticsearch-exporter: # -- The uri of the elasticsearch service. By default this is null and the environment variable ES_URI is used instead. # Overwrite this if you are using an external Elasticsearch instance uri: "http://$(ES_USER):$(ES_PASSWORD)@apigw-apigateway-es-http:9200" - + serviceMonitor: enabled: false @@ -819,5 +822,5 @@ prometheus-elasticsearch-exporter: prometheus.io/scheme: http prometheus.io/scrape: "true" -# -- Import the content as license key and create a ConfigMap named by `licenseConfigMap` value. You can copy/past the content of your provided license key file here. +# -- Import the content as license key and create a ConfigMap named by `licenseConfigMap` value. You can copy/past the content of your provided license key file here. license: |