diff --git a/helm-charts/templates/cert-manager/certificates/management-server-certificate.yaml b/helm-charts/templates/cert-manager/certificates/management-server-certificate.yaml deleted file mode 100644 index 2ee1a951e..000000000 --- a/helm-charts/templates/cert-manager/certificates/management-server-certificate.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright (c) 2022, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. -# -# WSO2 LLC. licenses this file to you under the Apache License, -# Version 2.0 (the "License"); you may not use this file except -# in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# The following manifests contain a self-signed issuer CR and a certificate CR. -# More document can be found at https://docs.cert-manager.io - -{{- if .Values.wso2.apk.cp.enabled }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ template "apk-helm.resource.prefix" . }}-management-server-cert - namespace: {{ .Release.Namespace }} -spec: - commonName: management-server - privateKey: - algorithm: RSA - encoding: PKCS8 - size: 2048 - dnsNames: - - {{ template "apk-helm.resource.prefix" . }}-management-server.{{ .Release.Namespace }}.svc - - {{ template "apk-helm.resource.prefix" . }}-management-server.{{ .Release.Namespace }}.svc.cluster.local - issuerRef: - kind: ClusterIssuer - name: selfsigned-issuer - secretName: {{ template "apk-helm.resource.prefix" . }}-management-server-cert -{{- end -}} diff --git a/helm-charts/templates/control-plane/management-server/management-server-config-toml.yaml b/helm-charts/templates/control-plane/management-server/management-server-config-toml.yaml deleted file mode 100644 index 63824f66c..000000000 --- a/helm-charts/templates/control-plane/management-server/management-server-config-toml.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.wso2.apk.cp.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "apk-helm.resource.prefix" . }}-management-server-config-toml - namespace: {{ .Release.Namespace }} -data: - config.toml: | - [backOffice] - host = "{{ template "apk-helm.resource.prefix" . }}-backoffice-ds-service.{{ .Release.Namespace }}.svc" - port = 9444 - serviceBasePath = "/api/backoffice/internal/apis" - [managementServer.keystore] - certPath = "/home/wso2/security/keystore/management-server.pem" - keyPath = "/home/wso2/security/keystore/management-server.key" - [managementServer.truststore] - location = "/home/wso2/security/truststore" - -{{- end -}} diff --git a/helm-charts/templates/control-plane/management-server/management-server-deployment.yaml b/helm-charts/templates/control-plane/management-server/management-server-deployment.yaml deleted file mode 100644 index fa0cd09fa..000000000 --- a/helm-charts/templates/control-plane/management-server/management-server-deployment.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# -------------------------------------------------------------------- -# Copyright (c) 2022, WSO2 LLC. (http://wso2.com) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ----------------------------------------------------------------------- - -{{- if .Values.wso2.apk.cp.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "apk-helm.resource.prefix" . }}-management-server-deployment - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.wso2.apk.cp.managementServer.deployment.replicas }} - strategy: - type: {{ .Values.wso2.apk.cp.managementServer.deployment.strategy }} - selector: - matchLabels: -{{ include "apk-helm.pod.selectorLabels" (dict "root" . "app" "management-server" ) | indent 6}} - template: - metadata: - labels: -{{ include "apk-helm.pod.selectorLabels" (dict "root" . "app" "management-server" ) | indent 8}} - spec: - containers: - - name: management-server - image: {{ .Values.wso2.apk.cp.managementServer.deployment.image }} - imagePullPolicy: {{ .Values.wso2.apk.cp.managementServer.deployment.imagePullPolicy }} - ports: - - containerPort: 18000 - - containerPort: 8765 - - containerPort: 8766 -{{ include "apk-helm.deployment.env" .Values.wso2.apk.cp.managementServer.deployment.env | indent 10 }} - - name: MGT_SERVER_PRIVATE_KEY_PATH - value: /home/wso2/security/keystore/management-server.key - - name: MGT_SERVER_PUBLIC_CERT_PATH - value: /home/wso2/security/keystore/management-server.pem - - name: MGT_SERVER_NAME - value: {{ template "apk-helm.resource.prefix" . }}-management-server.{{ .Release.Namespace }}.svc -{{ include "apk-helm.deployment.resources" .Values.wso2.apk.cp.managementServer.deployment.resources | indent 10 }} - volumeMounts: - - name: management-server-keystore-secret-volume - mountPath: /home/wso2/security/keystore/management-server.key - {{- if and .Values.wso2.apk.cp.managementServer.configs .Values.wso2.apk.cp.managementServer.configs.tls }} - subPath: {{ .Values.wso2.apk.cp.managementServer.configs.tls.certKeyFilename | default "tls.key" }} - {{- else }} - subPath: tls.key - {{- end }} - - name: management-server-keystore-secret-volume - mountPath: /home/wso2/security/keystore/management-server.pem - {{- if and .Values.wso2.apk.cp.managementServer.configs .Values.wso2.apk.cp.managementServer.configs.tls }} - subPath: {{ .Values.wso2.apk.cp.managementServer.configs.tls.certFilename | default "tls.crt" }} - {{- else }} - subPath: tls.crt - {{- end }} - - name: adapter-truststore-secret-volume - mountPath: /home/wso2/security/truststore/adapter.crt - {{ if and .Values.wso2.apk.dp.adapter.configs .Values.wso2.apk.dp.adapter.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.adapter.configs.tls.certFilename | default "tls.crt" }} - {{ else }} - subPath: tls.crt - {{ end }} - - name: management-server-config-toml-volume - mountPath: /home/wso2/conf/ - readinessProbe: - exec: - command: [ "sh", "check_health.sh" ] - initialDelaySeconds: {{ .Values.wso2.apk.cp.managementServer.deployment.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.apk.cp.managementServer.deployment.readinessProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.apk.cp.managementServer.deployment.readinessProbe.failureThreshold }} - livenessProbe: - exec: - command: [ "sh", "check_health.sh" ] - initialDelaySeconds: {{ .Values.wso2.apk.cp.managementServer.deployment.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.apk.cp.managementServer.deployment.livenessProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.apk.cp.managementServer.deployment.livenessProbe.failureThreshold }} - {{- if and .Values.wso2.subscription .Values.wso2.subscription.imagePullSecrets}} - imagePullSecrets: - - name: {{ .Values.wso2.subscription.imagePullSecrets }} - {{ end }} - - volumes: - - name: management-server-keystore-secret-volume - secret: - {{- if and .Values.wso2.apk.cp.managementServer.configs .Values.wso2.apk.cp.managementServer.configs.tls }} - secretName: {{ .Values.wso2.apk.cp.managementServer.configs.tls.secretName | default (printf "%s-management-server-cert" (include "apk-helm.resource.prefix" .)) }} - {{- else }} - secretName: {{ template "apk-helm.resource.prefix" . }}-management-server-cert - {{- end }} - - name: adapter-truststore-secret-volume - secret: - {{ if and .Values.wso2.apk.dp.adapter.configs .Values.wso2.apk.dp.adapter.configs.tls }} - secretName: {{ .Values.wso2.apk.dp.adapter.configs.tls.secretName | default "apk-root-certificate"}} - {{ else }} - secretName: apk-root-certificate - {{ end }} - - name: management-server-config-toml-volume - configMap: - name: {{ template "apk-helm.resource.prefix" . }}-management-server-config-toml - -{{- end -}} diff --git a/helm-charts/templates/control-plane/management-server/management-server-service.yaml b/helm-charts/templates/control-plane/management-server/management-server-service.yaml deleted file mode 100644 index c476d0c10..000000000 --- a/helm-charts/templates/control-plane/management-server/management-server-service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# -------------------------------------------------------------------- -# Copyright (c) 2022, WSO2 LLC. (http://wso2.com) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ----------------------------------------------------------------------- - -{{- if .Values.wso2.apk.cp.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "apk-helm.resource.prefix" . }}-management-server - namespace : {{ .Release.Namespace }} -spec: - type: ClusterIP - selector: -{{ include "apk-helm.pod.selectorLabels" (dict "root" . "app" "management-server" ) | indent 4}} - ports: - - name: "xds-management-server" - port: 18000 - targetPort: 18000 - protocol: TCP - - name: "grpc-management-server" - port: 8765 - targetPort: 8765 - protocol: TCP - - name: "notification-management-server" - port: 8766 - targetPort: 8766 - protocol: TCP -{{- end -}} diff --git a/helm-charts/templates/idp/idp-ds/idp-ds-deployment.yaml b/helm-charts/templates/idp/idp-ds/idp-ds-deployment.yaml index 8031938ca..d246dd99d 100644 --- a/helm-charts/templates/idp/idp-ds/idp-ds-deployment.yaml +++ b/helm-charts/templates/idp/idp-ds/idp-ds-deployment.yaml @@ -38,7 +38,7 @@ spec: initContainers: - name: init-db image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of DB Server deployment"; while ! nc -z "{{ .Values.wso2.apk.cp.database.host }}" {{.Values.wso2.apk.cp.database.port }}; do sleep 1; printf "-"; done; echo -e " >> DB Server has started";'] + command: ['sh', '-c', 'echo -e "Checking for the availability of DB Server deployment"; while ! nc -z "{{ .Values.idp.database.host }}" {{.Values.idp.database.port }}; do sleep 1; printf "-"; done; echo -e " >> DB Server has started";'] securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/helm-charts/values.yaml b/helm-charts/values.yaml index 386f786eb..287caf812 100644 --- a/helm-charts/values.yaml +++ b/helm-charts/values.yaml @@ -46,45 +46,6 @@ wso2: # jwksEndpoint: "https://idp.am.wso2.com:9095/oauth2/jwks" # secretName: "wso2apk-idp-signing" # fileName: "idp.crt" - cp: - enabled: true - database: - driver: "org.postgresql.Driver" - url: "jdbc:postgresql://wso2apk-db-service:5432/WSO2AM_DB" - host: "wso2apk-db-service" - port: 5432 - databaseName: "WSO2AM_DB" - username: "wso2carbon" - secretName: "apk-db-secret" - secretKey: "DB_PASSWORD" - validationQuery: "SELECT 1" - validationTimeout: 250 - managementServer: - deployment: - resources: - requests: - memory: "64Mi" - cpu: "50m" - limits: - memory: "256Mi" - cpu: "200m" - strategy: Recreate - replicas: 1 - imagePullPolicy: Always - image: wso2/apk-management-server:latest - readinessProbe: - initialDelaySeconds: 20 - periodSeconds: 20 - failureThreshold: 5 - livenessProbe: - initialDelaySeconds: 20 - periodSeconds: 20 - failureThreshold: 5 - # configs: - # tls: - # secretName: "management-server-cert" - # certKeyFilename: "tls.key" - # certFilename: "certchain.crt" dp: enabled: true gateway: diff --git a/helm-charts/values.yaml.template b/helm-charts/values.yaml.template index 396342811..2b2ccaca3 100644 --- a/helm-charts/values.yaml.template +++ b/helm-charts/values.yaml.template @@ -68,73 +68,6 @@ wso2: secretName: "" # -- IDP jwt signing certificate file name fileName: "" - cp: - # -- Enabled control plane. - enabled: true - database: - # -- Database Driver class. - driver: "org.postgresql.Driver" - # -- Database URL. - url: "jdbc:postgresql://wso2apk-db-service:5432/WSO2AM_DB" - # -- Database Host. - host: "wso2apk-db-service" - # -- Database Port. - port: 5432 - # -- Database Name. - databaseName: "WSO2AM_DB" - # -- Database Username. - username: "wso2carbon" - # -- Database Password secret name. - secretName: "apk-db-secret" - # -- Database Password secret key. - secretKey: "DB_PASSWORD" - # -- Database validation query. - validationQuery: "SELECT 1" - # -- Database validation timeout in ms. - validationTimeout: 250 - managementServer: - deployment: - resources: - requests: - # -- CPU request for the container - memory: "128Mi" - # -- Memory request for the container - cpu: "100m" - limits: - # -- CPU limit for the container - memory: "1028Mi" - # -- Memory limit for the container - cpu: "1000m" - # -- Deployment strategy - strategy: Recreate - # -- Number of replicas - replicas: 1 - # -- Image pull policy - imagePullPolicy: Always - # -- Image - image: wso2/apk-management-server:latest - readinessProbe: - # -- Number of seconds after the container has started before liveness probes are initiated. - initialDelaySeconds: 20 - # -- How often (in seconds) to perform the probe. - periodSeconds: 20 - # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. - failureThreshold: 5 - livenessProbe: - # -- Number of seconds after the container has started before liveness probes are initiated. - initialDelaySeconds: 20 - # -- How often (in seconds) to perform the probe. - periodSeconds: 20 - # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. - failureThreshold: 5 - configs: - tls: - # -- TLS secret name - secretName: "management-server-cert" - # -- TLS key file name - certKeyFilename: "tls.key" - # -- TLS certificate file name - certFilename: "certchain.crt" dp: # -- Enable the deployment of the Data Plane enabled: true