Template helm

helm-charts/templates/data-plane/gateway-components/common-log-conf.yaml

@@ -21,6 +21,17 @@ data:
       location = "/home/wso2/security/truststore"
 
     [commoncontroller.redis]
+    {{- if .Values.wso2.apk.dp.commonController.deployment.redis }}
+      host = "{{ .Values.wso2.apk.dp.commonController.deployment.redis.host | default "redis-master" }}"
+      port = "{{ .Values.wso2.apk.dp.commonController.deployment.redis.port | default "6379" }}"
+      username = "{{ .Values.wso2.apk.dp.commonController.deployment.redis.username | default "default" }}"
+      password = "{{ .Values.wso2.apk.dp.commonController.deployment.redis.password | default "" }}"
+      userCertPath = "{{ .Values.wso2.apk.dp.commonController.deployment.redis.userCertPath | default "/home/wso2/security/keystore/commoncontroller.crt" }}"
+      userKeyPath = "{{ .Values.wso2.apk.dp.commonController.deployment.redis.userKeyPath | default "/home/wso2/security/keystore/commoncontroller.key" }}"
+      cACertPath = "{{ .Values.wso2.apk.dp.commonController.deployment.redis.redisCaCertPath | default "/home/wso2/security/keystore/commoncontroller.crt" }}"
+      tlsEnabled = {{ .Values.wso2.apk.dp.commonController.deployment.redis.tlsEnabled | default false }}
+      revokedTokenChannel = "{{ .Values.wso2.apk.dp.commonController.deployment.redis.channelName | default "wso2-apk-revoked-tokens-channel" }}"
+    {{- else }}
       host = "redis-master"
       port = "6379"
       username = "default"
@@ -30,7 +41,7 @@ data:
       cACertPath = "/home/wso2/security/keystore/commoncontroller.crt"
       tlsEnabled = false
       revokedTokenChannel = "wso2-apk-revoked-tokens-channel"
-
+    {{- end }}
     [commoncontroller.sts]
       authKeyPath = "/home/wso2/security/sts/auth_key.txt"
       authKeyHeader = "stsAuthKey"

helm-charts/templates/data-plane/gateway-components/gateway-runtime/gateway-runtime-deployment.yaml

@@ -58,6 +58,8 @@ spec:
               protocol: "TCP"
             - containerPort: 9001
               protocol: "TCP"
+            - containerPort: 5006	
+              protocol: "TCP"
             - containerPort: 8084
               protocol: "TCP"
             - containerPort: 9092
@@ -89,7 +91,50 @@ spec:
             - name: enforcer_admin_pwd
               value: admin
             - name: JAVA_OPTS
-              value: -Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m -XX:MaxRAMFraction=2
+              value: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5006 -Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m -XX:MaxRAMFraction=2
+            {{- if .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis }}
+            - name: REDIS_USERNAME
+              value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.username | default "default" }}
+            - name: REDIS_PASSWORD
+              value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.password | default "" }}
+            - name: REDIS_HOST
+              value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.host | default "redis-master" }}
+            - name: REDIS_PORT
+              value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.port | default "6379" }}
+            - name: IS_REDIS_TLS_ENABLED
+              value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.tlsEnabled | default "false" }}
+            - name: REDIS_REVOKED_TOKENS_CHANNEL
+              value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.channelName | default "wso2-apk-revoked-tokens-channel" }}
+            - name: REDIS_KEY_FILE
+              value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.userKeyPath | default "/home/wso2/security/redis/redis.key" }}
+            - name: REDIS_CERT_FILE
+              value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.userCertPath | default "/home/wso2/security/redis/redis.crt" }}
+            - name: REDIS_CA_CERT_FILE
+              value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.redisCaCertPath | default "/home/wso2/security/redis/redis-ca.key" }}
+            - name: REVOKED_TOKEN_CLEANUP_INTERVAL
+              value: {{ .Values.wso2.apk.dp.gatewayRuntime.deployment.enforcer.redis.tokenCleanupInterval | default "3600" }}
+            {{- else }}
+            - name: REDIS_USERNAME
+              value: "default"
+            - name: REDIS_PASSWORD
+              value: ""
+            - name: REDIS_HOST
+              value: "redis-master"
+            - name: REDIS_PORT
+              value: "6379"
+            - name: IS_REDIS_TLS_ENABLED
+              value: "false"
+            - name: REDIS_REVOKED_TOKENS_CHANNEL
+              value: "wso2-apk-revoked-tokens-channel"
+            - name: REDIS_KEY_FILE
+              value: "/home/wso2/security/redis/redis.key"
+            - name: REDIS_CERT_FILE
+              value: "/home/wso2/security/redis/redis.crt"
+            - name: REDIS_CA_CERT_FILE
+              value: "/home/wso2/security/redis/redis-ca.key"
+            - name: REVOKED_TOKEN_CLEANUP_INTERVAL
+              value: "3600"
+            {{- end }}
         {{- if and .Values.wso2.apk.dp.gatewayRuntime.analytics .Values.wso2.apk.dp.gatewayRuntime.analytics.secretName }}
             - name: analytics_authToken
               valueFrom:

helm-charts/values.yaml.template

@@ -447,6 +447,25 @@ wso2:
              # -- Optionally configure namespaces to watch for apis,ratelimitpolicies,etc.
              apiNamespaces:
                - "apk-v12"
+          redis:
+              # -- Redis host
+              host: "redis-master"
+              # -- Redis port
+              port: "6379"
+              # -- Redis user name
+              username: "default"
+              # -- Redis password
+              password: ""
+              # -- Redis TLS enabled or not
+              tlsEnabled: false
+              # -- Redis user cert to use for redis connections
+              userCertPath: "/home/wso2/security/keystore/commoncontroller.crt"
+              # -- Redis user key to use for redis connections
+              userKeyPath: "/home/wso2/security/keystore/commoncontroller.key"
+              # -- Redis CA cert to use for redis connections
+              cACertPath: "/home/wso2/security/keystore/commoncontroller.crt"
+              # -- Token revocation subscription channel name
+              channelName: "wso2-apk-revoked-tokens-channel"
       ratelimiter:
         # -- Enable the deployment of the Rate Limiter
         enabled: true
@@ -630,6 +649,25 @@ wso2:
               level: DEBUG
               # -- Log file name
               logFile: logs/enforcer.log
+            redis:
+              # -- Redis host
+              host: "redis-master"
+              # -- Redis port
+              port: "6379"
+              # -- Redis user name
+              username: "default"
+              # -- Redis password
+              password: ""
+              # -- Redis user cert to use for redis connections
+              # -- Redis TLS enabled or not
+              tlsEnabled: false
+              userCertPath: "/home/wso2/security/keystore/commoncontroller.crt"
+              # -- Redis user key to use for redis connections
+              userKeyPath: "/home/wso2/security/keystore/commoncontroller.key"
+              # -- Redis CA cert to use for redis connections
+              cACertPath: "/home/wso2/security/keystore/commoncontroller.crt"
+              # -- Token revocation subscription channel name
+              channelName: "wso2-apk-revoked-tokens-channel"
         # Tracing configurations for gateway runtime
         tracing: 
           # -- Enable/Disable tracing in gateway runtime.