From 273d7742f6f91cbac4693d8236df9a526802b33f Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Tue, 24 Sep 2024 13:59:33 +0530 Subject: [PATCH] fix deployment yamls --- .../gateway-runtime-autoscaller.yaml | 0 .../gateway-runtime-deployment.yaml | 2 + .../gateway-runtime/gateway-service.yaml | 0 .../gateway-runtime-deployment.yaml | 478 ------------------ 4 files changed, 2 insertions(+), 478 deletions(-) rename helm-charts/templates/data-plane/{ => gateway-components}/gateway-runtime/gateway-runtime-autoscaller.yaml (100%) rename helm-charts/templates/data-plane/{ => gateway-components}/gateway-runtime/gateway-service.yaml (100%) delete mode 100644 helm-charts/templates/data-plane/gateway-runtime/gateway-runtime-deployment.yaml diff --git a/helm-charts/templates/data-plane/gateway-runtime/gateway-runtime-autoscaller.yaml b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-autoscaller.yaml similarity index 100% rename from helm-charts/templates/data-plane/gateway-runtime/gateway-runtime-autoscaller.yaml rename to helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-autoscaller.yaml diff --git a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml index 50d9bc91f..ea31eab48 100644 --- a/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml +++ b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml @@ -15,6 +15,7 @@ # under the License. {{- if .Values.wso2.apk.dp.enabled }} +{{- if and .Values.wso2.apk.dp.adapter .Values.wso2.apk.dp.adapter.deployment .Values.wso2.apk.dp.adapter.deployment.configs (not .Values.wso2.apk.dp.adapter.deployment.configs.enableGatewayClassController) }} apiVersion: apps/v1 kind: Deployment metadata: @@ -494,3 +495,4 @@ spec: - name: tmp emptyDir: {} {{end}} +{{end}} \ No newline at end of file diff --git a/helm-charts/templates/data-plane/gateway-runtime/gateway-service.yaml b/helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-service.yaml similarity index 100% rename from helm-charts/templates/data-plane/gateway-runtime/gateway-service.yaml rename to helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-service.yaml diff --git a/helm-charts/templates/data-plane/gateway-runtime/gateway-runtime-deployment.yaml b/helm-charts/templates/data-plane/gateway-runtime/gateway-runtime-deployment.yaml deleted file mode 100644 index c2b16457a..000000000 --- a/helm-charts/templates/data-plane/gateway-runtime/gateway-runtime-deployment.yaml +++ /dev/null @@ -1,478 +0,0 @@ -# Copyright (c) 2022, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. -# -# WSO2 LLC. licenses this file to you under the Apache License, -# Version 2.0 (the "License"); you may not use this file except -# in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -{{- if .Values.wso2.apk.dp.enabled }} -{{- if and .Values.wso2.apk.dp.adapter .Values.wso2.apk.dp.adapter.deployment .Values.wso2.apk.dp.adapter.deployment.configs (not .Values.wso2.apk.dp.adapter.deployment.configs.enableGatewayClassController) }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "apk-helm.resource.prefix" . }}-gateway-runtime-deployment - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.replicas }} - strategy: - type: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.strategy }} - selector: - matchLabels: -{{ include "apk-helm.pod.selectorLabels" (dict "root" . "app" "gateway" ) | indent 6}} - template: - metadata: - labels: -{{ include "apk-helm.pod.selectorLabels" (dict "root" . "app" "gateway" ) | indent 8}} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/data-plane/gateway-components/log-conf.yaml") . | sha256sum }} - spec: - affinity: {{- include "apk-helm.deployment.affinity" ( dict "value" .Values.wso2.apk.dp.gatewayRuntime.deployment.affinity "app" "gateway-runtime" "context" $) | nindent 8 }} - {{- if .Values.wso2.apk.dp.gatewayRuntime.deployment.nodeSelector }} - nodeSelector: {{- include "apk-helm.deployment.nodeSelector" ( dict "value" .Values.wso2.apk.dp.gatewayRuntime.deployment.nodeSelector "context" $) | nindent 8 }} - {{- end }} - automountServiceAccountToken: false - containers: - - name: enforcer - image: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.image }} - imagePullPolicy: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.imagePullPolicy }} - ports: - - containerPort: 8081 - protocol: "TCP" - - containerPort: 9001 - protocol: "TCP" - - containerPort: 5006 - protocol: "TCP" - - containerPort: 8084 - protocol: "TCP" - - containerPort: 9092 - protocol: "TCP" - - containerPort: 18002 - protocol: "TCP" - {{- if and .Values.wso2.apk.metrics .Values.wso2.apk.metrics.enabled}} - - containerPort: 18006 - protocol: "TCP" - {{- end }} -{{ include "apk-helm.deployment.resources" .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.resources | indent 10 }} -{{ include "apk-helm.deployment.env" .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.env | indent 10 }} - - name: ADAPTER_HOST_NAME - value: {{ template "apk-helm.resource.prefix" . }}-adapter-service.{{ .Release.Namespace }}.svc - - name: ADAPTER_HOST - value: {{ template "apk-helm.resource.prefix" . }}-adapter-service.{{ .Release.Namespace }}.svc - - name: COMMON_CONTROLLER_HOST_NAME - value: {{ template "apk-helm.resource.prefix" . }}-common-controller-service.{{ .Release.Namespace }}.svc - - name: COMMON_CONTROLLER_HOST - value: {{ template "apk-helm.resource.prefix" . }}-common-controller-service.{{ .Release.Namespace }}.svc - - name: ENFORCER_PRIVATE_KEY_PATH - value: /home/wso2/security/keystore/enforcer.key - - name: ENFORCER_PUBLIC_CERT_PATH - value: /home/wso2/security/keystore/enforcer.crt - - name: ENFORCER_SERVER_NAME - value: {{ template "apk-helm.resource.prefix" . }}-enforcer-service.{{ .Release.Namespace }}.svc - - name: TRUSTED_CA_CERTS_PATH - value: "/home/wso2/security/truststore" - - name: ADAPTER_XDS_PORT - value : "18000" - - name: COMMON_CONTROLLER_XDS_PORT - value : "18002" - - name: COMMON_CONTROLLER_REST_PORT - value : "18003" - - name: ENFORCER_LABEL - value : {{ .Values.wso2.apk.dp.gateway.name | default "wso2-apk-default" }} - - name: ENFORCER_REGION - value: UNKNOWN - - name: XDS_MAX_MSG_SIZE - value: "4194304" - - name: XDS_MAX_RETRIES - value: "3" - - name: enforcer_admin_pwd - value: admin - - name: JAVA_OPTS - {{- if and .Values.wso2.apk.metrics .Values.wso2.apk.metrics.enabled }} - value: -Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m -XX:MaxRAMFraction=2 -Dapk.jmx.metrics.enabled=true -javaagent:/home/wso2/lib/jmx_prometheus_javaagent-0.20.0.jar=18006:/tmp/metrics/prometheus-jmx-config-enforcer.yml - {{- else }} - value: -Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m -XX:MaxRAMFraction=2 - {{- end }} - {{- if and .Values.wso2.apk.dp.gatewayRuntime.analytics .Values.wso2.apk.dp.gatewayRuntime.analytics.publishers }} - {{- $defaultPublisherSecretName := "" }} - {{- $moesifPublisherSecretName := "" }} - {{- range .Values.wso2.apk.dp.gatewayRuntime.analytics.publishers }} - {{- if eq .type "default" }} - {{- $defaultPublisherSecretName = .secretName }} - {{- end }} - {{- if eq .type "moesif" }} - {{- $moesifPublisherSecretName = .secretName }} - {{- end }} - {{- end }} - {{- if $defaultPublisherSecretName }} - - name: CHOREO_ANALYTICS_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ $defaultPublisherSecretName }} - key: "authToken" - - name: CHOREO_ANALYTICS_AUTH_URL - valueFrom: - secretKeyRef: - name: {{ $defaultPublisherSecretName }} - key: "authURL" - {{- end }} - {{- if $moesifPublisherSecretName }} - - name: MOESIF_TOKEN - valueFrom: - secretKeyRef: - name: {{ $moesifPublisherSecretName }} - key: "moesifToken" - {{- end }} - {{- end }} - {{- if .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis }} - - name: REDIS_USERNAME - value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.username | default "default" }} - - name: REDIS_PASSWORD - value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.password | default "" }} - - name: REDIS_HOST - value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.host | default "redis-master" }} - - name: REDIS_PORT - value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.port | default "6379" }} - - name: IS_REDIS_TLS_ENABLED - value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.tlsEnabled | default "false" }} - - name: REDIS_REVOKED_TOKENS_CHANNEL - value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.channelName | default "wso2-apk-revoked-tokens-channel" }} - - name: REDIS_KEY_FILE - value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.userKeyPath | default "/home/wso2/security/redis/redis.key" }} - - name: REDIS_CERT_FILE - value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.userCertPath | default "/home/wso2/security/redis/redis.crt" }} - - name: REDIS_CA_CERT_FILE - value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.redisCaCertPath | default "/home/wso2/security/redis/redis-ca.key" }} - - name: REVOKED_TOKEN_CLEANUP_INTERVAL - value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.tokenCleanupInterval | default "3600" }} - {{- else }} - - name: REDIS_USERNAME - value: "default" - - name: REDIS_PASSWORD - value: "" - - name: REDIS_HOST - value: "redis-master" - - name: REDIS_PORT - value: "6379" - - name: IS_REDIS_TLS_ENABLED - value: "false" - - name: REDIS_REVOKED_TOKENS_CHANNEL - value: "wso2-apk-revoked-tokens-channel" - - name: REDIS_KEY_FILE - value: "/home/wso2/security/redis/redis.key" - - name: REDIS_CERT_FILE - value: "/home/wso2/security/redis/redis.crt" - - name: REDIS_CA_CERT_FILE - value: "/home/wso2/security/redis/redis-ca.key" - - name: REVOKED_TOKEN_CLEANUP_INTERVAL - value: "3600" - {{- end }} - volumeMounts: - - name: tmp - mountPath: /tmp - - name: enforcer-keystore-secret-volume - mountPath: /home/wso2/security/keystore/enforcer.key - {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls.certKeyFilename | default "tls.key" }} - {{- else }} - subPath: tls.key - {{- end }} - {{- if and .Values.wso2.apk.metrics .Values.wso2.apk.metrics.enabled }} - - name: prometheus-jmx-config-volume - mountPath: /tmp/metrics/prometheus-jmx-config-enforcer.yml - subPath: prometheus-jmx-config-enforcer.yml - {{- end }} - - name: enforcer-keystore-secret-volume - mountPath: /home/wso2/security/keystore/enforcer.crt - {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls.certFilename | default "tls.crt" }} - {{- else }} - subPath: tls.crt - {{- end }} - - name: enforcer-keystore-secret-volume - mountPath: /home/wso2/security/truststore/apk.crt - {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls.caCertFileName | default "ca.crt" }} - {{- else }} - subPath: ca.crt - {{- end }} - - name: enforcer-keystore-secret-volume - mountPath: /home/wso2/security/truststore/enforcer.crt - {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls.certFilename | default "tls.crt" }} - {{- else }} - subPath: tls.crt - {{- end }} - - name: adapter-truststore-secret-volume - mountPath: /home/wso2/security/truststore/adapter.crt - {{- if and .Values.wso2.apk.dp.adapter.deployment.configs .Values.wso2.apk.dp.adapter.deployment.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.adapter.deployment.configs.tls.certFilename | default "tls.crt" }} - {{- else }} - subPath: tls.crt - {{- end }} - # - name: common-controller-truststore-secret-volume - # mountPath: /home/wso2/security/truststore/adapter.pem - - name: router-keystore-secret-volume - mountPath: /home/wso2/security/truststore/router.crt - {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs.tls.certFilename | default "tls.crt" }} - {{- else }} - subPath: tls.crt - {{- end }} - - name: log-conf-volume - mountPath: /home/wso2/conf/ - - name: enforcer-jwt-secret-volume - mountPath: /home/wso2/security/keystore/mg.pem - subPath: mg.pem - - name: enforcer-jwt-secret-volume - mountPath: /home/wso2/security/truststore/mg.pem - subPath: mg.pem - - name: enforcer-jwt-secret-volume - mountPath: /home/wso2/security/keystore/mg.key - subPath: mg.key - - name: enforcer-trusted-certs - mountPath: /home/wso2/security/truststore/wso2carbon.pem - subPath: wso2carbon.pem - - name: enforcer-apikey-cert - mountPath: /home/wso2/security/truststore/wso2-apim-carbon.pem - subPath: wso2-apim-carbon.pem - - name: idp-certificate-secret-volume - mountPath: /home/wso2/security/truststore/idp.pem - {{ if and .Values.wso2.apk.idp.signing .Values.wso2.apk.idp.signing.fileName }} - subPath: {{ .Values.wso2.apk.idp.signing.fileName }} - {{ else }} - subPath: wso2carbon.pem - {{ end }} - {{ if and .Values.wso2.apk.idp.tls .Values.wso2.apk.idp.tls.fileName }} - - name: idp-tls-certificate-secret-volume - mountPath: /home/wso2/security/truststore/idp-tls.pem - subPath: {{ .Values.wso2.apk.idp.tls.fileName }} - {{ end }} - readinessProbe: - exec: - command: [ "sh", "check_health.sh" ] - initialDelaySeconds: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.readinessProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.readinessProbe.failureThreshold }} - livenessProbe: - exec: - command: [ "sh", "check_health.sh" ] - initialDelaySeconds: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.livenessProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.livenessProbe.failureThreshold }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - readOnlyRootFilesystem: true - runAsNonRoot: true - - name: router - image: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.image }} - imagePullPolicy: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.imagePullPolicy }} - ports: - {{ if and .Values.wso2.apk.dp.gateway.httpListener .Values.wso2.apk.dp.gateway.httpListener.enabled }} - - containerPort: {{ .Values.wso2.apk.dp.gateway.httpListener.port | default 9080}} - protocol: "TCP" - {{ end }} - - containerPort: 9095 - protocol: "TCP" - - containerPort: 9090 - protocol: "TCP" - - containerPort: 9091 - protocol: "TCP" - - containerPort: 9000 - protocol: "TCP" -{{ include "apk-helm.deployment.resources" .Values.wso2.apk.dp.gatewayRuntime.deployment.router.resources | indent 10 }} -{{ include "apk-helm.deployment.env" .Values.wso2.apk.dp.gatewayRuntime.deployment.router.env | indent 10 }} - - name: ADAPTER_HOST_NAME - value: {{ template "apk-helm.resource.prefix" . }}-adapter-service.{{ .Release.Namespace }}.svc - - name: ADAPTER_HOST - value: {{ template "apk-helm.resource.prefix" . }}-adapter-service.{{ .Release.Namespace }}.svc - - name: ENFORCER_HOST - value: "127.0.0.1" - - name: ENFORCER_ANALYTICS_HOST - value: "127.0.0.1" - - name: ROUTER_ADMIN_HOST - value: "0.0.0.0" - - name: ROUTER_ADMIN_PORT - value: "9000" - - name: ROUTER_PORT - value: "9095" - - name: ROUTER_CLUSTER - value: "apk_router_cluster" - - name: ROUTER_LABEL - value: {{ .Values.wso2.apk.dp.gateway.name | default "wso2-apk-default" }} - - name: ROUTER_PRIVATE_KEY_PATH - value: "/home/wso2/security/keystore/router.key" - - name: ROUTER_PUBLIC_CERT_PATH - value: "/home/wso2/security/keystore/router.crt" - - name: ADAPTER_PORT - value: "18000" - - name: ADAPTER_CA_CERT_PATH - value: "/home/wso2/security/truststore/adapter.crt" - - name: ENFORCER_PORT - value: "8081" - - name: ENFORCER_ANALYTICS_RECEIVER_PORT - value: "18090" - - name: ENFORCER_CA_CERT_PATH - value: "/home/wso2/security/truststore/enforcer.crt" - - name: CONCURRENCY - value: "2" - volumeMounts: - - name: router-keystore-secret-volume - mountPath: /home/wso2/security/keystore/router.key - {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs.tls.certKeyFilename | default "tls.key" }} - {{- else }} - subPath: tls.key - {{- end }} - - name: router-keystore-secret-volume - mountPath: /home/wso2/security/keystore/router.crt - {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs.tls.certFilename | default "tls.crt" }} - {{- else }} - subPath: tls.crt - {{- end }} - - name: adapter-truststore-secret-volume - mountPath: /home/wso2/security/truststore/adapter.crt - {{- if and .Values.wso2.apk.dp.adapter.deployment.configs .Values.wso2.apk.dp.adapter.deployment.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.adapter.deployment.configs.tls.certFilename | default "tls.crt" }} - {{- else }} - subPath: tls.crt - {{- end }} - - name: enforcer-keystore-secret-volume - mountPath: /home/wso2/security/truststore/enforcer.crt - {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls.certFilename | default "tls.crt" }} - {{- else }} - subPath: tls.crt - {{- end }} - - name: log-conf-volume - mountPath: /home/wso2/conf/ - {{ if and .Values.wso2.apk.dp.enabled .Values.wso2.apk.dp.ratelimiter.enabled }} - - name: ratelimiter-truststore-secret-volume - mountPath: /home/wso2/security/truststore/ratelimiter.crt - {{- if and .Values.wso2.apk.dp.ratelimiter.deployment.configs .Values.wso2.apk.dp.ratelimiter.deployment.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.ratelimiter.deployment.configs.tls.certFilename | default "tls.crt" }} - {{- else }} - subPath: tls.crt - {{- end }} - - name: ratelimiter-truststore-secret-volume - mountPath: /home/wso2/security/truststore/ratelimiter-ca.crt - {{- if and .Values.wso2.apk.dp.ratelimiter.deployment.configs .Values.wso2.apk.dp.ratelimiter.deployment.configs.tls }} - subPath: {{ .Values.wso2.apk.dp.ratelimiter.deployment.configs.tls.certCAFilename | default "ca.crt" }} - {{- else }} - subPath: ca.crt - {{- end }} - {{ end }} - livenessProbe: - exec: - command: [ "sh", "router_check_health.sh", "health" ] - initialDelaySeconds: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.livenessProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.livenessProbe.failureThreshold }} - readinessProbe: - exec: - command: [ "sh", "router_check_health.sh", "ready" ] - initialDelaySeconds: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.readinessProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.readinessProbe.failureThreshold }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - readOnlyRootFilesystem: true - runAsNonRoot: true - startupProbe: - exec: - command: [ "sh", "router_check_health.sh", "ready" ] - initialDelaySeconds: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.readinessProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.readinessProbe.failureThreshold }} - {{- if and .Values.wso2.subscription .Values.wso2.subscription.imagePullSecrets}} - imagePullSecrets: - - name: {{ .Values.wso2.subscription.imagePullSecrets }} - {{ end }} - securityContext: - seccompProfile: - type: "RuntimeDefault" - volumes: - {{ if and .Values.wso2.apk.dp.enabled .Values.wso2.apk.dp.ratelimiter.enabled }} - - name: ratelimiter-truststore-secret-volume - secret: - {{- if and .Values.wso2.apk.dp.ratelimiter.deployment.configs .Values.wso2.apk.dp.ratelimiter.deployment.configs.tls }} - secretName: {{ .Values.wso2.apk.dp.ratelimiter.deployment.configs.tls.certificatesSecret | default (printf "%s-ratelimiter-server-cert" (include "apk-helm.resource.prefix" .)) }} - {{- else }} - secretName: {{ template "apk-helm.resource.prefix" . }}-ratelimiter-server-cert - {{- end }} - {{ end }} - # - name: common-controller-truststore-secret-volume - # secret: - # {{- if and .Values.wso2.apk.dp.commonController.configs .Values.wso2.apk.dp.commonController.configs.tls }} - # secretName: {{ .Values.wso2.apk.dp.commonController.configs.tls.secretName | default (printf "%s-common-controller-server-cert" (include "apk-helm.resource.prefix" .)) }} - # {{- else }} - # secretName: {{ template "apk-helm.resource.prefix" . }}-common-controller-server-cert - # {{- end }} - # defaultMode: 420 - {{- if and .Values.wso2.apk.metrics .Values.wso2.apk.metrics.enabled }} - - name: prometheus-jmx-config-volume - configMap: - name: prometheus-jmx-config-enforcer - {{- end }} - - name: enforcer-keystore-secret-volume - secret: - {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls }} - secretName: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.configs.tls.certificatesSecret | default (printf "%s-enforcer-server-cert" (include "apk-helm.resource.prefix" .)) }} - {{- else }} - secretName: {{ template "apk-helm.resource.prefix" . }}-enforcer-server-cert - {{- end }} - - name: log-conf-volume - configMap: - name: {{ template "apk-helm.resource.prefix" . }}-log-conf - - name: router-keystore-secret-volume - secret: - {{- if and .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs.tls }} - secretName: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.router.configs.tls.certificatesSecret | default (printf "%s-gateway-server-cert" (include "apk-helm.resource.prefix" .)) }} - {{- else }} - secretName: {{ template "apk-helm.resource.prefix" . }}-gateway-server-cert - {{- end }} - - name: adapter-truststore-secret-volume - secret: - {{- if and .Values.wso2.apk.dp.adapter.deployment.configs .Values.wso2.apk.dp.adapter.deployment.configs.tls }} - secretName: {{ .Values.wso2.apk.dp.adapter.deployment.configs.tls.secretName | default (printf "%s-adapter-server-cert" (include "apk-helm.resource.prefix" .)) }} - {{- else }} - secretName: {{ template "apk-helm.resource.prefix" . }}-adapter-server-cert - {{- end }} - - name: enforcer-jwt-secret-volume - secret: - secretName: {{ template "apk-helm.resource.prefix" . }}-enforcer-keystore-secret - - name: enforcer-trusted-certs - secret: - secretName: {{ template "apk-helm.resource.prefix" . }}-enforcer-truststore-secret - - name: enforcer-apikey-cert - secret: - secretName: {{ template "apk-helm.resource.prefix" . }}-enforcer-truststore-secret - - name: idp-certificate-secret-volume - secret: - {{ if and .Values.wso2.apk.idp.signing .Values.wso2.apk.idp.signing.secretName }} - secretName: {{ .Values.wso2.apk.idp.signing.secretName }} - {{else}} - secretName: {{ template "apk-helm.resource.prefix" . }}-enforcer-truststore-secret - {{ end}} - {{ if and .Values.wso2.apk.idp.tls .Values.wso2.apk.idp.tls.secretName }} - - name: idp-tls-certificate-secret-volume - secret: - secretName: {{ .Values.wso2.apk.idp.tls.secretName }} - {{ end }} - - name: tmp - emptyDir: {} - {{end}} -{{- end}} \ No newline at end of file