-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Helm install broken #1989
Comments
I think I found the issue. In here: I have a hunch you now have all sorts of this issues spread all over several templates inside the chart. Please fix. And next time please test your changes before commiting! |
diff_report.txt However, not all the pods spin up successfully. Especially the "apk-test-wso2-apk-adapter-deployment" has issues. After some time it crashes. Here is the related container error logging: $ kubectl logs -f -n apk apk-test-wso2-apk-adapter-deployment-7d8ffd74b5-w84hv ...
2024-02-05T15:08:44Z INFO Observed a panic in reconciler: runtime error: invalid memory address or nil pointer dereference {"controller": "GatewayController", "object": {"name":"default","namespace":"apk"}, "namespace": "apk", "name": "default", "reconcileID": "2a59458c-68f5-49bf-abc2-3abcef07cd5f"}
2024-02-05 15:08:44 INFO [api_controller.go:838] - [dp.(*APIReconciler).getAPIForHTTPRoute] [-] Adding reconcile request for API: apk/apk-test-wso2-apk-wso2-apk-config-deployer-api with API UUID: 9666e8a6-db81-4a21-b082-37d50c368863 []
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x13fc52c]
goroutine 370 [running]:
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile.func1()
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:115 +0x1b0
panic({0x162a880, 0x2c81160})
/opt/hostedtoolcache/go/1.19.12/x64/src/runtime/panic.go:884 +0x20c
github.com/wso2/apk/adapter/internal/operator/controllers/dp.(*GatewayReconciler).resolveGatewayState(_, {_, _}, {{{0x1465eb1, 0x7}, {0x40006b4ff0, 0x21}}, {{0x4000a40380, 0x7}, {0x0, ...}, ...}, ...})
/home/runner/work/apk/apk/apk-repo/adapter/internal/operator/controllers/dp/gateway_controller.go:226 +0x4dc
github.com/wso2/apk/adapter/internal/operator/controllers/dp.(*GatewayReconciler).Reconcile(0x40004aa440, {0x1c57188, 0x4000435200}, {{{0x4000a40387?, 0x4000435200?}, {0x4000a40380?, 0xffffbe4c1101?}}})
/home/runner/work/apk/apk/apk-repo/adapter/internal/operator/controllers/dp/gateway_controller.go:178 +0x308
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0x1c57188?, {0x1c57188?, 0x4000435200?}, {{{0x4000a40387?, 0x157ca60?}, {0x4000a40380?, 0x400097e680?}}})
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:118 +0x8c
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0x400041ee60, {0x1c570e0, 0x40005975c0}, {0x16f7120?, 0x400079a320?})
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:314 +0x2f0
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0x400041ee60, {0x1c570e0, 0x40005975c0})
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:265 +0x1b0
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2()
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:226 +0x74
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2
/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:222 +0x294 |
Latest status update # Copyright (c) 2022, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
wso2:
subscription:
imagePullSecrets: "apk-registry-secret"
apk:
cp:
enabled: true
webhooks:
validatingwebhookconfigurations : true
mutatingwebhookconfigurations : true
auth:
enabled: true
enableServiceAccountCreation: true
enableClusterRoleCreation: true
serviceAccountName: wso2apk-platform
roleName: wso2apk-role
listener:
hostname: "api.am.wso2.com"
port: 9095
# secretName: "idp-tls"
idp:
issuer: "https://idp.am.wso2.com/token"
usernameClaim: "sub"
organizationClaim: "organization"
groupsClaim: "groups"
consumerKeyClaim: "clientId"
# organizationResolver: "controlPlane" # controlplane,none
tls: {}
# secretName: "wso2apk-idp-certificates"
# fileName: "idp.crt"
signing: {}
# jwksEndpoint: "https://idp.am.wso2.com:9095/oauth2/jwks"
# secretName: "wso2apk-idp-signing"
# fileName: "idp.crt"
dp:
enabled: true
environment: {}
gateway:
listener:
hostname: "gw.wso2.com"
# secretName: "idp-tls"
httpListener:
enabled: true
autoscaling:
enabled: false
partitionServer:
enabled: false
# host: "https://control-plane-wso2-apk-partition-server.control-plane.svc.cluster.local"
# serviceBasePath: "/api/publisher/v1"
# partitionName: "default"
# hostnameVerificationEnable: true
# tls:
# secretName: "partition-server-cert"
# fileName: "certificate.crt"
# headers:
# - name: "apiKey"
# value: "123-456-789"
configdeployer:
enabled: false
deployment:
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1024Mi"
cpu: "500m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
image: docker.wso2.com/config-deployer-service:1.0.0-arm64
configs:
tls: {}
# secretName: "my-secret"
# certKeyFilename: "tls.key"
# certFilename: "certchain.crt"
adapter:
deployment:
image: docker.wso2.com/adapter:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "200m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-adapter:1.1.0-m2
security:
sslHostname: "adapter"
# logging:
# level: "INFO" # LogLevels can be "DEBG", "FATL", "ERRO", "WARN", "INFO", "PANC"
# logFormat: "TEXT" # Values can be "JSON", "TEXT"
configs:
apiNamespaces:
- "apk"
tls: {}
# secretName: "adapter-cert"
# certKeyFilename: ""
# certFilename: ""
commonController:
deployment:
image: docker.wso2.com/common-controller:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "200m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-common-controller:1.1.0-m2
security:
sslHostname: "commoncontroller"
configs:
apiNamespaces:
- "apk"
ratelimiter:
enabled: true
deployment:
image: docker.wso2.com/ratelimiter:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-ratelimiter:1.1.0-m2
security:
sslHostname: "ratelimiter"
configs:
tls: {}
# secretName: "ratelimiter-cert"
# certKeyFilename: ""
# certFilename: ""
# certCAFilename: ""
gatewayRuntime:
tracing:
enabled: false
configProperties:
tls:
enabled: false
analytics:
enabled: false
service:
annotations: {}
deployment:
replicas: 1
router:
image: docker.wso2.com/router:1.0.0-arm64
resources:
requests:
memory: "128Mi"
cpu: "200m"
limits:
memory: "1028Mi"
cpu: "1000m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
imagePullPolicy: Always
# image: wso2/apk-router:1.1.0-m2
configs:
tls: {}
# secretName: "router-cert"
# certKeyFilename: ""
# certFilename: ""
logging:
wireLogs:
enable: true
accessLogs:
enable: true
# env:
# TRAILING_ARGS: "--log-level trace"
enforcer:
image: docker.wso2.com/enforcer:1.0.0-arm64
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1028Mi"
cpu: "1000m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
imagePullPolicy: Always
# image: wso2/apk-enforcer:1.1.0-m2
security:
sslHostname: "enforcer"
# logging:
# level: DEBUG
configs:
tls: {}
# secretName: "router-cert"
# certKeyFilename: ""
# certFilename: ""
redis:
enabled: true
type: ""
tls: {}
fullnameOverride: redis
primary:
service:
ports:
redis: 6379
master:
podSecurityContext:
enabled: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsUser: null
# auth:
# enabled: false
image:
debug: true
idp:
enabled: false
listener:
hostname: "idp.am.wso2.com"
# secretName: "idp-tls"
database:
driver: "org.postgresql.Driver"
url: "jdbc:postgresql://wso2apk-db-service:5432/WSO2AM_DB"
host: "wso2apk-db-service"
port: 5432
databaseName: "WSO2AM_DB"
username: "wso2carbon"
secretName: "apk-db-secret"
secretKey: "DB_PASSWORD"
validationQuery: "SELECT 1"
validationTimeout: 250
idpds:
configs:
issuer: "https://idp.am.wso2.com/token"
keyId: "gateway_certificate_alias"
hostname: "idp.am.wso2.com"
loginPageURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login"
loginErrorPageUrl: "https://idp.am.wso2.com:9095/authenticationEndpoint/error"
loginCallBackURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login-callback"
deployment:
image: docker.wso2.com/idp-domain-service:1.0.0-arm64
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1024Mi"
cpu: "500m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-idp-domain-service:1.1.0-m2
idpui:
deployment:
image: docker.wso2.com/idp-ui:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "100m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-idp-ui:1.1.0-m2
configs:
idpLoginUrl: "https://idp.am.wso2.com:9095/commonauth/login"
idpAuthCallBackUrl: "https://idp.am.wso2.com:9095/oauth2/auth-callback"
gatewaySystem:
enabled: true
enableServiceAccountCreation: true
enableClusterRoleCreation: true
serviceAccountName: gateway-api-admission
certmanager:
enabled: true
enableClusterIssuer: true
enableRootCa: true
rootCaSecretName: "apk-root-certificate"
postgresql:
enabled: true
fullnameOverride: "wso2apk-db-service"
auth:
database: WSO2AM_DB
postgresPassword: wso2carbon
username: wso2carbon
password: wso2carbon
primary:
extendedConfiguration: |
max_connections = 400
initdb:
scriptsConfigMap: postgres-initdb-scripts-configmap
user: wso2carbon
password: wso2carbon
service:
ports:
postgresql: 5432
podSecurityContext:
enabled: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsUser: null
image:
debug: true This is what I've done: $ helm install apk-test wso2apk/apk-helm -n apk -f values_local.yaml $ kubectl get pod -n apk
NAME READY STATUS RESTARTS AGE
apk-test-cert-manager-664699bdf-9shw2 1/1 Running 0 9m8s
apk-test-cert-manager-cainjector-7bb9f954c8-424x6 1/1 Running 0 9m8s
apk-test-cert-manager-webhook-7979cf7f58-jbnxq 1/1 Running 0 9m8s
apk-test-wso2-apk-adapter-deployment-8496d95f6-j68qp 1/1 Running 0 9m8s
apk-test-wso2-apk-common-controller-deployment-5f7f976855-n4vsh 1/1 Running 0 9m8s
apk-test-wso2-apk-gateway-runtime-deployment-bf7546568-ghmpg 2/2 Running 0 9m8s
apk-test-wso2-apk-ratelimiter-deployment-798db79745-fgck4 1/1 Running 2 (8m50s ago) 9m8s
gateway-api-admission-lznz9 0/1 Completed 0 9m8s
gateway-api-admission-patch-sjw47 0/1 Completed 0 9m8s
gateway-api-admission-server-7d6cb8df88-96sdl 1/1 Running 0 9m8s
redis-master-0 1/1 Running 0 9m8s
wso2apk-db-service-0 1/1 Running 0 9m8s However, I had to disable all components that are using API definitions, because they are missing the Here's an example of an error message from the Kube API server when you're trying to provision an API provided in the chart in the current state:
The fix would be to add the |
Follow up status update values.yaml used # Copyright (c) 2022, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
wso2:
subscription:
imagePullSecrets: "apk-registry-secret"
apk:
cp:
enabled: true
webhooks:
validatingwebhookconfigurations : true
mutatingwebhookconfigurations : true
auth:
enabled: true
enableServiceAccountCreation: true
enableClusterRoleCreation: true
serviceAccountName: wso2apk-platform
roleName: wso2apk-role
listener:
hostname: "api.am.wso2.com"
port: 9095
# secretName: "idp-tls"
idp:
issuer: "https://idp.am.wso2.com/token"
usernameClaim: "sub"
organizationClaim: "organization"
groupsClaim: "groups"
consumerKeyClaim: "clientId"
# organizationResolver: "controlPlane" # controlplane,none
tls: {}
# secretName: "wso2apk-idp-certificates"
# fileName: "idp.crt"
signing: {}
# jwksEndpoint: "https://idp.am.wso2.com:9095/oauth2/jwks"
# secretName: "wso2apk-idp-signing"
# fileName: "idp.crt"
dp:
enabled: true
environment: {}
gateway:
listener:
hostname: "gw.wso2.com"
# secretName: "idp-tls"
httpListener:
enabled: true
autoscaling:
enabled: false
partitionServer:
enabled: false
# host: "https://control-plane-wso2-apk-partition-server.control-plane.svc.cluster.local"
# serviceBasePath: "/api/publisher/v1"
# partitionName: "default"
# hostnameVerificationEnable: true
# tls:
# secretName: "partition-server-cert"
# fileName: "certificate.crt"
# headers:
# - name: "apiKey"
# value: "123-456-789"
configdeployer:
enabled: true
deployment:
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1024Mi"
cpu: "500m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
image: docker.wso2.com/config-deployer-service:1.0.0-arm64
configs:
tls: {}
# secretName: "my-secret"
# certKeyFilename: "tls.key"
# certFilename: "certchain.crt"
adapter:
deployment:
image: docker.wso2.com/adapter:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "200m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-adapter:1.1.0-m2
security:
sslHostname: "adapter"
# logging:
# level: "INFO" # LogLevels can be "DEBG", "FATL", "ERRO", "WARN", "INFO", "PANC"
# logFormat: "TEXT" # Values can be "JSON", "TEXT"
configs:
apiNamespaces:
- "apk"
tls: {}
# secretName: "adapter-cert"
# certKeyFilename: ""
# certFilename: ""
commonController:
deployment:
image: docker.wso2.com/common-controller:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "200m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-common-controller:1.1.0-m2
security:
sslHostname: "commoncontroller"
configs:
apiNamespaces:
- "apk"
ratelimiter:
enabled: true
deployment:
image: docker.wso2.com/ratelimiter:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-ratelimiter:1.1.0-m2
security:
sslHostname: "ratelimiter"
configs:
tls: {}
# secretName: "ratelimiter-cert"
# certKeyFilename: ""
# certFilename: ""
# certCAFilename: ""
gatewayRuntime:
tracing:
enabled: false
configProperties:
tls:
enabled: false
analytics:
enabled: false
service:
annotations: {}
deployment:
replicas: 1
router:
image: docker.wso2.com/router:1.0.0-arm64
resources:
requests:
memory: "128Mi"
cpu: "200m"
limits:
memory: "1028Mi"
cpu: "1000m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
imagePullPolicy: Always
# image: wso2/apk-router:1.1.0-m2
configs:
tls: {}
# secretName: "router-cert"
# certKeyFilename: ""
# certFilename: ""
logging:
wireLogs:
enable: true
accessLogs:
enable: true
# env:
# TRAILING_ARGS: "--log-level trace"
enforcer:
image: docker.wso2.com/enforcer:1.0.0-arm64
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1028Mi"
cpu: "1000m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
imagePullPolicy: Always
# image: wso2/apk-enforcer:1.1.0-m2
security:
sslHostname: "enforcer"
# logging:
# level: DEBUG
configs:
tls: {}
# secretName: "router-cert"
# certKeyFilename: ""
# certFilename: ""
redis:
enabled: true
type: ""
tls: {}
fullnameOverride: redis
primary:
service:
ports:
redis: 6379
master:
podSecurityContext:
enabled: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsUser: null
# auth:
# enabled: false
image:
debug: true
idp:
enabled: true
listener:
hostname: "idp.am.wso2.com"
# secretName: "idp-tls"
database:
driver: "org.postgresql.Driver"
url: "jdbc:postgresql://wso2apk-db-service:5432/WSO2AM_DB"
host: "wso2apk-db-service"
port: 5432
databaseName: "WSO2AM_DB"
username: "wso2carbon"
secretName: "apk-db-secret"
secretKey: "DB_PASSWORD"
validationQuery: "SELECT 1"
validationTimeout: 250
idpds:
configs:
issuer: "https://idp.am.wso2.com/token"
keyId: "gateway_certificate_alias"
hostname: "idp.am.wso2.com"
loginPageURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login"
loginErrorPageUrl: "https://idp.am.wso2.com:9095/authenticationEndpoint/error"
loginCallBackURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login-callback"
deployment:
image: docker.wso2.com/idp-domain-service:1.0.0-arm64
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1024Mi"
cpu: "500m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-idp-domain-service:1.1.0-m2
idpui:
deployment:
image: docker.wso2.com/idp-ui:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "100m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-idp-ui:1.1.0-m2
configs:
idpLoginUrl: "https://idp.am.wso2.com:9095/commonauth/login"
idpAuthCallBackUrl: "https://idp.am.wso2.com:9095/oauth2/auth-callback"
gatewaySystem:
enabled: true
enableServiceAccountCreation: true
enableClusterRoleCreation: true
serviceAccountName: gateway-api-admission
certmanager:
enabled: true
enableClusterIssuer: true
enableRootCa: true
rootCaSecretName: "apk-root-certificate"
postgresql:
enabled: true
fullnameOverride: "wso2apk-db-service"
auth:
database: WSO2AM_DB
postgresPassword: wso2carbon
username: wso2carbon
password: wso2carbon
primary:
extendedConfiguration: |
max_connections = 400
initdb:
scriptsConfigMap: postgres-initdb-scripts-configmap
user: wso2carbon
password: wso2carbon
service:
ports:
postgresql: 5432
podSecurityContext:
enabled: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsUser: null
image:
debug: true Helm install actions and technical runtime check $ helm install apk-test wso2apk/apk-helm -n apk -f values_local.yaml NAME: apk-test
LAST DEPLOYED: Tue Feb 6 11:22:09 2024
NAMESPACE: apk
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Welcome to the WSO2 API Platform for Kubernetes!
Congratulations. You've successfully deployed WSO2 APK using Helm, you'll need to monitor and manage the deployment to ensure everything is running smoothly.
- Monitor Pods:
Check the status of the pods to ensure they are up and running:
---
kubectl get pods
---
- Monitor Services:
Verify that the services are running and find their external IPs to access the APIs:
---
kubectl get services
---
For more detailed information, troubleshooting, and advanced configurations, we encourage you to explore the official WSO2 documentation.
- APK Documentation: [https://apk.docs.wso2.com/en/latest/get-started/quick-start-guide/]
This is just the beginning of your APK journey. Feel free to customize and tailor your deployment to match your organization's specific needs.
For any questions or assistance, don't hesitate to reach out to our discord channel.
Happy API management with WSO2 APK! $ kubectl get pod -n apk NAME READY STATUS RESTARTS AGE
apk-test-cert-manager-664699bdf-zcb6q 1/1 Running 0 98s
apk-test-cert-manager-cainjector-7bb9f954c8-l894r 1/1 Running 0 98s
apk-test-cert-manager-webhook-7979cf7f58-h56nc 1/1 Running 0 98s
apk-test-wso2-apk-adapter-deployment-8496d95f6-zxbjs 1/1 Running 0 98s
apk-test-wso2-apk-common-controller-deployment-5f7f976855-mxb45 1/1 Running 0 98s
apk-test-wso2-apk-config-ds-deployment-76bccc5b57-mlmhm 1/1 Running 0 98s
apk-test-wso2-apk-gateway-runtime-deployment-bf7546568-86929 1/2 Running 0 98s
apk-test-wso2-apk-idpds-deployment-79b5544b75-k8s6w 1/1 Running 0 98s
apk-test-wso2-apk-idpui-deployment-9f89c95c6-vd8lk 1/1 Running 0 98s
apk-test-wso2-apk-ratelimiter-deployment-798db79745-tq5w7 1/1 Running 1 (81s ago) 98s
gateway-api-admission-patch-f72nc 0/1 Completed 0 98s
gateway-api-admission-server-7d6cb8df88-m72n8 1/1 Running 0 98s
gateway-api-admission-tvw4n 0/1 Completed 0 98s
redis-master-0 1/1 Running 0 98s
wso2apk-db-service-0 1/1 Running 0 98s $ kubectl get api -n apk NAME API NAME VERSION BASEPATH ORGANIZATION AGE
apk-test-wso2-apk-authentication-endpoint-ds-api authenticationEndpoint-domain-service 1.0.0 /authenticationEndpoint/1.0.0 apk-system 108s
apk-test-wso2-apk-commonoauth-api commonoauth-api 1.0.0 /commonoauth/1.0.0 apk-system 108s
apk-test-wso2-apk-dcr-api dcr-api 1.0.0 /dcr/1.0.0 apk-system 108s
apk-test-wso2-apk-jwks-endpoint-ds-api jwks-domain-service 1.0.0 /.wellknown/jwks/1.0.0 apk-system 108s
apk-test-wso2-apk-oauth-api oauth-api 1.0.0 /oauth2/1.0.0 apk-system 108s
apk-test-wso2-apk-wso2-apk-config-deployer-api WSO2 APK Config Deployer API 1.0.0 /api/deployer/1.0.0 apk-system 108s
apk-test-wso2-apk-wso2-apk-config-generator-api WSO2 APK Config Generator API 1.0.0 /api/configurator/1.0.0 apk-system 108s The only issue left in this case is that it is not possible to do a Helm install without a properly formatted |
Latest update I've removed all resources, and did a Helm uninstall, removed all Helm repos and started from scratch again. Applying the Helm registry https://helm.wso2.com. Using no Applying my custom values yaml I receive again an API.spec error: $ helm install apk-test wso2apk/apk-helm -f values_local_arm64.yaml -n apk
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(API.spec): missing required field "**definitionPath**" in com.wso2.dp.v1alpha1.API.spec |
Latest Update To make the Helm install work I had to do the following. After first time installation failure I've edited the $ kubectl edit crd apis.dp.wso2.com By adding definitionPath:
default: /api-definition
description: DefinitionPath contains the path to expose the API definition.
minLength: 1
nullable: true
type: string and reinstalling with Helm: 09:51 $ helm install apk-test wso2/apk-helm -f values_local_arm64.yaml -n apk
NAME: apk-test
LAST DEPLOYED: Fri Feb 9 09:51:52 2024
NAMESPACE: apk
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Welcome to the WSO2 API Platform for Kubernetes!
Congratulations. You've successfully deployed WSO2 APK using Helm, you'll need to monitor and manage the deployment to ensure everything is running smoothly.
- Monitor Pods:
Check the status of the pods to ensure they are up and running:
---
kubectl get pods
---
- Monitor Services:
Verify that the services are running and find their external IPs to access the APIs:
---
kubectl get services
---
For more detailed information, troubleshooting, and advanced configurations, we encourage you to explore the official WSO2 documentation.
- APK Documentation: [https://apk.docs.wso2.com/en/latest/get-started/quick-start-guide/]
This is just the beginning of your APK journey. Feel free to customize and tailor your deployment to match your organization's specific needs.
For any questions or assistance, don't hesitate to reach out to our discord channel.
Happy API management with WSO2 APK!
✔ ~/Documents/dev/yenlo_projects/apk/helm-charts [main ↓·11|✚ 25…26]
09:52 $ kubectl get pod -n apk
NAME READY STATUS RESTARTS AGE
apk-test-cert-manager-664699bdf-zsb8s 1/1 Running 0 79s
apk-test-cert-manager-cainjector-7bb9f954c8-jl9bv 1/1 Running 0 79s
apk-test-cert-manager-webhook-7979cf7f58-m8w29 1/1 Running 0 79s
apk-test-wso2-apk-adapter-deployment-8496d95f6-d57jl 1/1 Running 0 79s
apk-test-wso2-apk-common-controller-deployment-5f7f976855-9nhfw 1/1 Running 0 79s
apk-test-wso2-apk-config-ds-deployment-76bccc5b57-wsm7g 1/1 Running 0 79s
apk-test-wso2-apk-gateway-runtime-deployment-bf7546568-7g5th 0/2 Running 0 79s
apk-test-wso2-apk-idpds-deployment-79b5544b75-h6rhz 1/1 Running 0 78s
apk-test-wso2-apk-idpui-deployment-9f89c95c6-5z6sm 1/1 Running 0 79s
apk-test-wso2-apk-ratelimiter-deployment-798db79745-7pkq6 1/1 Running 1 (58s ago) 78s
gateway-api-admission-g89n6 0/1 Completed 0 79s
gateway-api-admission-patch-5vsg8 0/1 Completed 0 79s
gateway-api-admission-server-7d6cb8df88-jkc8f 1/1 Running 0 79s
redis-master-0 1/1 Running 0 79s
wso2apk-db-service-0 1/1 Running 0 79s
✔ ~/Documents/dev/yenlo_projects/apk/helm-charts [main ↓·11|✚ 25…26]
09:53 $ kubectl get pod -n apk
NAME READY STATUS RESTARTS AGE
apk-test-cert-manager-664699bdf-zsb8s 1/1 Running 0 85s
apk-test-cert-manager-cainjector-7bb9f954c8-jl9bv 1/1 Running 0 85s
apk-test-cert-manager-webhook-7979cf7f58-m8w29 1/1 Running 0 85s
apk-test-wso2-apk-adapter-deployment-8496d95f6-d57jl 1/1 Running 0 85s
apk-test-wso2-apk-common-controller-deployment-5f7f976855-9nhfw 1/1 Running 0 85s
apk-test-wso2-apk-config-ds-deployment-76bccc5b57-wsm7g 1/1 Running 0 85s
apk-test-wso2-apk-gateway-runtime-deployment-bf7546568-7g5th 2/2 Running 0 85s
apk-test-wso2-apk-idpds-deployment-79b5544b75-h6rhz 1/1 Running 0 84s
apk-test-wso2-apk-idpui-deployment-9f89c95c6-5z6sm 1/1 Running 0 85s
apk-test-wso2-apk-ratelimiter-deployment-798db79745-7pkq6 1/1 Running 1 (64s ago) 84s
gateway-api-admission-g89n6 0/1 Completed 0 85s
gateway-api-admission-patch-5vsg8 0/1 Completed 0 85s
gateway-api-admission-server-7d6cb8df88-jkc8f 1/1 Running 0 85s
redis-master-0 1/1 Running 0 85s
wso2apk-db-service-0 1/1 Running 0 85s |
Hi, |
Fixed with PR #2006 |
Description:
Following the installation guideline to provision APK Helm chart. However Helm install fails due to missing values in default "values.yaml". Beginning of January it did work. So I'm assuming someone introduced a breaking change in the chart.
Affected Product Version:
NAME: wso2apk/apk-helm
CHART VERSION: 1.0.0
APP VERSION: 1.16.0
Steps to reproduce:
$ helm repo add wso2 https://helm.wso2.com
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "akhq" chart repository
...Successfully got an update from the "wso2apk" chart repository
...Successfully got an update from the "wso2" chart repository
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈
$ helm search repo apk
NAME CHART VERSION APP VERSION DESCRIPTION
wso2/apk-helm 1.0.0 1.16.0 A Helm chart for APK components
wso2apk/apk-helm 1.0.0 1.16.0 A Helm chart for APK components
wso2apk/cert-manager v1.10.1 v1.10.1 A Helm chart for cert-manager
wso2apk/postgresql 11.9.6 14.5.0 PostgreSQL (Postgres) is an open source object-...
wso2apk/redis 17.8.0 7.0.8 Redis(R) is an open source, advanced key-value ...
$ kubectl create ns wso2demo
$ kubectl get ns
NAME STATUS AGE
default Active 4h59m
kube-node-lease Active 4h59m
kube-public Active 4h59m
kube-system Active 4h59m
wso2demo Active 157m
$ helm install apkdemo wso2apk/apk-helm -n wso2demo
Error: INSTALLATION FAILED: template: apk-helm/templates/data-plane/gateway-components/gateway-runtime/idp-jwt-issuer.yaml:1:44: executing "apk-helm/templates/data-plane/gateway-components/gateway-runtime/idp-jwt-issuer.yaml" at <.Values.wso2.apk.cp.enabled>: nil pointer evaluating interface {}.enabled
The text was updated successfully, but these errors were encountered: