diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index fd15a136..00000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,20 +0,0 @@ -# Changelog - -All notable changes to Kubernetes and Helm resources for WSO2 API Management version `4.2.x` in each resource release, -will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - -## [v4.2.0.1] - 2023-03-16 - -### Added - -- Helm resources for API Manager Single Node Deployment. -- Helm resources for API Manager Advanced Deployment patterns. -- Helm resources for MySQL. -- Ingress resources to handle WebSocket traffic - -### Modified - -- Modified images to WSO2 private Docker images -- Modified APIM configurations. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index 75c45b00..00000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,49 +0,0 @@ -# Contributing to kubernetes-apim - -Kubernetes and Helm resources for WSO2 API Management are open source, and we encourage contributions from our community. - -## How you can Contribute - -### Mailing Lists - -The recommended way to discuss anything related to WSO2 products is via our mailing lists. First, go to https://wso2.com/mail/ and subscribe to any mailing lists. Here are the two most popular lists: - -* dev@wso2.org: To discuss all WSO2 products. -* architecture@wso2.org: To discuss the architecture of WSO2 products. - -### Posting Issues - -We encourage you to report any problems in the WSO2 Kubernetes and Helm resources or their documentation by creating GitHub issues in the respective repositories. -The issues page on GitHub is for tracking bugs and feature requests. When posing a new issue, follow the guidelines below. - -* Check whether the issue has already been reported. -* Create a separate issue for each bug you are reporting or feature you are requesting. - -### Code Contributions - -If you like to contribute with a bug fix or a new feature, start by posting an issue and discussing the best way to implement it. - -Unlike most projects, development for this repository is carried out on the `3.2.x` branch. This is because the master branch contains -the latest stable release of the project. The code in `3.2.x` is merged to the master branch after a final review and a round of testing. - -Please follow these guidelines when contributing to the code: - -1. Fork the current repository. -2. Create a topic branch from the `3.2.x` branch. -3. Make commits in logical units. -4. Before you send out the pull request, sync your forked repository with a remote repository. This makes your pull request simple and clear. - -```bash -git clone https://github.com//kubernetes-apim.git -git remote add upstream https://github.com/wso2/kubernetes-apim.git -git fetch upstream -git checkout -b upstream/3.2.x - -# add some work - -git push origin - -# submit pull request -``` - -**Thanks for contributing!** diff --git a/README.md b/README.md index 02224c79..334c8c59 100644 --- a/README.md +++ b/README.md @@ -1,49 +1,11 @@ -## ⚠️ DISCLAIMER - -Use these artifacts as a reference to build your deployment artifacts. Existing artifacts are only developed to demonstrate a reference deployment and **should not be used as is in production**. - ---- - # Kubernetes and Helm Resources for WSO2 API Management *This repository contains Kubernetes and Helm Resources for container-based deployments of WSO2 API Management.* ## Kubernetes resources for API Management deployment patterns -### Simple - -* [Single Node](simple/am-single/README.md) - ### Advanced #### Helm resources for API Management deployment patterns -* [Deployment Pattern 1](advanced/am-pattern-1/README.md) -* [Deployment Pattern 2](advanced/am-pattern-2/README.md) -* [Deployment Pattern 3](advanced/am-pattern-3/README.md) -* [Deployment Pattern 4](advanced/am-pattern-4/README.md) - -### Update the JWKS Endpoint - -The JWKS endpoint of the API Manager has the external facing hostname by default. This is not routable. To resolve this, you can alter the JWKS endpoint in the API Manager to use the API Manager's internal service name in Kubernetes. - -1. Log into Admin portal - https://am.wso2.com/admin/ -2. Navigate to Key Managers section and select the Resident Key Manager. -3. Change the JWKS URL in the Certificates section to `https://:9443/oauth2/jwks` - - -### Update certificate domain names - -To verify connecting peers API Manager use wso2carbon certificate. By default this only allows peers from localhost domain to connect. To allow connections from different domains you need to create a certificate with the allowed domain name list and add it to API Manager keystores. This can be done by mounting a volume with the modified keystores. You can find the APIM Manager keystores inside the *~/wso2am-4.2.0/repository/resources/security/* directory. - -## Reporting issues - -We encourage you to report any issues and documentation faults regarding Kubernetes and Helm resources -for WSO2 API Management. Please report your issues [here](https://github.com/wso2/kubernetes-apim/issues). - -## Contact us - -WSO2 developers can be contacted via the following mailing lists: - -* WSO2 Developers Mailing List : [dev@wso2.org](mailto:dev@wso2.org) -* WSO2 Architecture Mailing List : [architecture@wso2.org](mailto:architecture@wso2.org) +* [Deployment Pattern 4](advanced/am-pattern-4/README.md) \ No newline at end of file diff --git a/advanced/am-pattern-1/Chart.yaml b/advanced/am-pattern-1/Chart.yaml deleted file mode 100644 index 29f90fac..00000000 --- a/advanced/am-pattern-1/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -appVersion: "4.2.0" -description: A Helm chart for the deployment of WSO2 API Manager Pattern 1 (HA All-In-One Deployment) -name: am-pattern-1 -version: 4.2.0-2 -icon: https://wso2.cachefly.net/wso2/sites/all/images/wso2logo.svg diff --git a/advanced/am-pattern-1/README.md b/advanced/am-pattern-1/README.md deleted file mode 100644 index fe978118..00000000 --- a/advanced/am-pattern-1/README.md +++ /dev/null @@ -1,372 +0,0 @@ -# Pattern 1: Helm Chart for Standard HA Deployment of WSO2 API Manager with WSO2 Micro Integrator - -This deployment consists of an API-M cluster with two nodes of the API-M runtime and two nodes each of the integration runtimes (Micro Integrator/Streaming Integrator). You can use this pattern if you expect to receive low traffic to your deployment. - -![WSO2 API Manager pattern 1 deployment](https://apim.docs.wso2.com/en/4.2.0/assets/img/setup-and-install/basic-ha-deployment.png) - -For advanced details on the deployment pattern, please refer to the official -[documentation](https://apim.docs.wso2.com/en/4.2.0/install-and-setup/setup/deployment-overview/#standard-ha-deployment). - -## Contents - -* [Prerequisites](#prerequisites) -* [Quick Start Guide](#quick-start-guide) -* [Configuration](#configuration) -* [Runtime Artifact Persistence and Sharing](#runtime-artifact-persistence-and-sharing) -* [Managing Java Keystores and Truststores](#managing-java-keystores-and-truststores) -* [Configuring SSL in Service Exposure](#configuring-ssl-in-service-exposure) - -## Prerequisites - -* WSO2 product Docker images used for the Kubernetes deployment. - - WSO2 product Docker images available at [DockerHub](https://hub.docker.com/u/wso2/) package General Availability (GA) - versions of WSO2 products with no [WSO2 Updates](https://wso2.com/updates). - - For a production grade deployment of the desired WSO2 product-version, it is highly recommended to use the relevant - Docker image which packages WSO2 Updates, available at [WSO2 Private Docker Registry](https://docker.wso2.com/). In order - to use these images, you need an active [WSO2 Subscription](https://wso2.com/subscription). -

- -* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Helm](https://helm.sh/docs/intro/install/) - and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) in order to run the steps provided in the - following quick start guide.

- -* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup).

- -* Install [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/).

- -* Add the WSO2 Helm chart repository. - - ``` - helm repo add wso2 https://helm.wso2.com && helm repo update - ``` - -## Quick Start Guide - -### 1. Install the Helm Chart - -You can install the relevant Helm chart either from [WSO2 Helm Chart Repository](https://hub.helm.sh/charts/wso2) or by source. - -**Note:** - -* `NAMESPACE` should be the Kubernetes Namespace in which the resources are deployed. - -#### Install Chart From [WSO2 Helm Chart Repository](https://hub.helm.sh/charts/wso2) - -Deploy the Kubernetes resources using the Helm Chart - -- Helm version 2 - - ``` - helm install --name wso2/am-pattern-1 --version 4.2.0-1 --namespace - ``` - -- Helm version 3 - - ``` - helm install wso2/am-pattern-1 --version 4.2.0-1 --namespace --create-namespace - ``` - -The above steps will deploy the deployment pattern using WSO2 product Docker images available in WSO2 Private Docker Registry. Please provide your WSO2 Subscription credentials via input values (using `--set` argument). - -Please see the following example. - -``` - helm install --name wso2/am-pattern-1 --version 4.2.0-1 --namespace --set wso2.subscription.username= --set wso2.subscription.password= -``` - -If you are using a custom WSO2 Docker images you will need to provide those information via the input values. Please refer [API Manager Server Configurations](#api-manager-server-configurations) and [Micro Integrator Server Configurations](#micro-integrator-server-configurations) - - -#### Install Chart From Source - ->In the context of this document,
->* `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-apim`](https://github.com/wso2/kubernetes-apim/) -Git repository.
->* `HELM_HOME` will refer to `/advanced`.
- -##### Clone the Helm Resources for WSO2 API Manager Git repository. - -``` -git clone https://github.com/wso2/kubernetes-apim.git -``` - -##### Deploy Helm chart for WSO2 API Manager Pattern 1 deployment. - -Deploy the Kubernetes resources using the Helm Chart - -- Helm version 2 - - ``` - helm install --dep-up --name /am-pattern-1 --version 4.2.0-1 --namespace - ``` - -- Helm version 3 - - ``` - helm install /am-pattern-1 --version 4.2.0-1 --namespace --dependency-update --create-namespace - ``` - -The above steps will deploy the deployment pattern using WSO2 product Docker images available in WSO2 Private Docker Registry. Please provide your WSO2 Subscription credentials via input values (using `--set` argument). - -Please see the following example. - -``` - helm install --name /am-pattern-1 --version 4.2.0-1 --namespace --set wso2.subscription.username= --set wso2.subscription.password= -``` - -If you are using a custom WSO2 Docker images you will need to provide those information via the input values. Please refer [API Manager Server Configurations](#api-manager-server-configurations) and [Micro Integrator Server Configurations](#micro-integrator-server-configurations) - - -Or else, you can configure the default configurations inside the am-pattern-1 helm chart [values.yaml](https://github.com/wso2/kubernetes-apim/blob/master/advanced/am-pattern-1/values.yaml) file. Refer [this](https://helm.sh/docs/chart_template_guide/values_files/) for to learn more details about the `values.yaml` file. - - -> **Note:**
-From the above Helm commands, base image of a Micro Integrator is deployed (without any integration solution). To deploy your integration solution with the Helm charts follow the below steps.

->1. [Create an integration service using WSO2 Integration Studio and expose it as a Managed API](https://apim.docs.wso2.com/en/latest/tutorials/integration-tutorials/service-catalog-tutorial/#exposing-an-integration-service-as-a-managed-api). Then [create a Docker image](https://apim.docs.wso2.com/en/latest/integrate/develop/create-docker-project/#creating-docker-exporter) and push it to your private or public Docker registry.

- - `INTEGRATION_IMAGE_REGISTRY` will refer to the Docker registry that created Docker image has been pushed
- - `INTEGRATION_IMAGE_NAME` will refer to the name of the created Docker image
- - `INTEGRATION_IMAGE_TAG` will refer to the tag of the created Docker image

->2. If your Docker registry is a private registry, [create an imagePullSecret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).

- - `IMAGE_PULL_SECRET` will refer to the created image pull secret

->3. Deploy the helm resource using following command.

-> ``` -> helm install wso2/am-pattern-1 --version 4.2.0-1 --namespace --set wso2.deployment.mi.dockerRegistry= --set wso2.deployment.mi.imageName= --set wso2.deployment.mi.imageTag= --set wso2.deployment.mi.imagePullSecrets= -> ``` - -> **Note:** -> If you are using Rancher Desktop for the Kubernetes cluster, add the following changes. -> 1. Change `storageClass` to `local-path` in [`values.yaml`](https://github.com/wso2/kubernetes-apim/blob/master/advanced/am-pattern-1/values.yaml#L43). -> 2. Change `accessModes` in [`Persistent Volume Claims`](https://github.com/wso2/kubernetes-apim/blob/master/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-volume-claims.yaml) to `ReadWriteOnce`. - -### Choreo Analytics - -If you need to enable Choreo Analytics with WSO2 API Manager, please follow the documentation on [Register for Analytics](https://apim.docs.wso2.com/en/latest/observe/api-manager-analytics/configure-analytics/register-for-analytics/) to obtain the on-prem key for Analytics. - -The following example shows how to enable Analytics with the helm charts. - -Helm v2 - -``` -helm install --name wso2/am-pattern-1 --version 4.2.0-1 --namespace --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint= --set wso2.choreoAnalytics.onpremKey= -``` - -Helm v3 - -``` -helm install wso2/am-pattern-1 --version 4.2.0-1 --namespace --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint= --set wso2.choreoAnalytics.onpremKey= --create-namespace -``` - -You will be able to see the Analytics data when you log into Choreo Analytics Portal. - -### 2. Obtain the external IP - -Obtain the external IP (`EXTERNAL-IP`) of the API Manager Ingress resources, by listing down the Kubernetes Ingresses. - -``` -kubectl get ing -n -``` - -The output under the relevant column stands for the following. - -API Manager Publisher-DevPortal - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-1-am-ingress`) -- HOSTS: Hostname of the WSO2 API Manager service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager service - -API Manager Gateway - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-1-am-gateway-ingress`) -- HOSTS: Hostname of the WSO2 API Manager's Gateway service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Gateway service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager' Gateway service - -API Manager Websub - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-1-am-websub-ingress`) -- HOSTS: Hostname of the WSO2 API Manager's Websub service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Websub service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager' Websub service - -Micro Integrator Management APIs - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-1-mi-1-management-ingress`) -- HOSTS: Hostname of the WSO2 Micro Integrator service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the Micro Integrator service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the Micro Integrator service - -### 3. Add a DNS record mapping the hostnames and the external IP - -If the defined hostnames (in the previous step) are backed by a DNS service, add a DNS record mapping the hostnames and -the external IP (`EXTERNAL-IP`) in the relevant DNS service. - -If the defined hostnames are not backed by a DNS service, for the purpose of evaluation you may add an entry mapping the -hostnames and the external IP in the `/etc/hosts` file at the client-side. - -``` - -``` - -### 4. Access Management Consoles - -- API Manager Publisher: `https:///publisher` - -- API Manager DevPortal: `https:///devportal` - -- API Manager Carbon Console: `https:///carbon` - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -###### WSO2 Subscription Configurations - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.subscription.username` | Your WSO2 Subscription username | - | -| `wso2.subscription.password` | Your WSO2 Subscription password | - | -| `wso2.choreoAnalytics.enabled` | Chorero Analytics enabled or not | false | -| `wso2.choreoAnalytics.endpoint` | Choreo Analytics endpoint | https://analytics-event-auth.choreo.dev/auth/v1 | -| `wso2.choreoAnalytics.onpremKey` | On-prem key for Choreo Analytics | - | -If you do not have an active WSO2 subscription, **do not change** the parameters `wso2.subscription.username` and `wso2.subscription.password`. - -###### Chart Dependencies - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.dependencies.mysql` | Enable the deployment and usage of WSO2 API Management MySQL based Helm Chart | true | -| `wso2.deployment.dependencies.nfsProvisioner` | Enable the deployment and usage of NFS Server Provisioner (https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner) | true | - -###### Persistent Runtime Artifact Configurations - -| Parameter | Description | Default Value | -|---------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.persistentRuntimeArtifacts.storageClass` | Appropriate Kubernetes Storage Class | `nfs` | -| `wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled` | Indicates if persistence of the runtime artifacts for Apache Solr-based indexing is enabled | false | -| `wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.carbonDatabase` | Capacity for persisting the H2 based local Carbon database file | 50M | -| `wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.solrIndexedData` | Capacity for persisting the Apache Solr indexed data | 50M | - -###### API Manager Server Configurations - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.am.dockerRegistry` | Registry location of the Docker image to be used to create API Manager instances | - | -| `wso2.deployment.am.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2am` | -| `wso2.deployment.am.imageTag` | Tag of the image used to create API Manager instances | 4.2.0 | -| `wso2.deployment.am.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` | -| `wso2.deployment.am.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for API Manager node | 180 | -| `wso2.deployment.am.livenessProbe.periodSeconds` | Period of the live-ness probe for API Manager node | 10 | -| `wso2.deployment.am.readinessProbe.initialDelaySeconds` | Initial delay for the readiness probe for API Manager node | 180 | -| `wso2.deployment.am.readinessProbe.periodSeconds` | Period of the readiness probe for API Manager node | 10 | -| `wso2.deployment.am.resources.requests.memory` | The minimum amount of memory that should be allocated for a Pod | 2Gi | -| `wso2.deployment.am.resources.requests.cpu` | The minimum amount of CPU that should be allocated for a Pod | 2000m | -| `wso2.deployment.am.resources.limits.memory` | The maximum amount of memory that should be allocated for a Pod | 3Gi | -| `wso2.deployment.am.resources.limits.cpu` | The maximum amount of CPU that should be allocated for a Pod | 3000m | -| `wso2.deployment.am.config` | Custom deployment configuration file (`/repository/conf/deployment.toml`) | - | -| `wso2.deployment.am.ingress.management.enabled` | If enabled, create ingress resource for API Manager management consoles | true | -| `wso2.deployment.am.ingress.management.hostname` | Hostname for API Manager Admin Portal, Publisher, DevPortal and Carbon Management Console | `am.wso2.com` | -| `wso2.deployment.am.ingress.management.annotations` | Ingress resource annotations for API Manager management consoles | Community NGINX Ingress controller annotations | -| `wso2.deployment.am.ingress.gateway.enabled` | If enabled, create ingress resource for API Manager Gateway | true | -| `wso2.deployment.am.ingress.gateway.hostname` | Hostname for API Manager Gateway | `gateway.am.wso2.com` | -| `wso2.deployment.am.ingress.gateway.annotations` | Ingress resource annotations for API Manager Gateway | Community NGINX Ingress controller annotations | -| `wso2.deployment.am.ingress.websub.enabled` | If enabled, create ingress resource for WebSub service | true | -| `wso2.deployment.am.ingress.websub.hostname` | Hostname for API Manager Websub services | `websub.am.wso2.com` | -| `wso2.deployment.am.ingress.websub.annotations` | Ingress resource annotations for API Manager Websub | Community NGINX Ingress controller annotations | - -###### Micro Integrator Server Configurations - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.mi.dockerRegistry` | Registry location of the Docker image to be used to create Micro Integrator instances | - | -| `wso2.deployment.mi.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2mi` | -| `wso2.deployment.mi.imageTag` | Tag of the image used to create API Manager instances | 4.2.0 | -| `wso2.deployment.mi.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` | -| `wso2.deployment.mi.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for Micro Integrator node | 35 | -| `wso2.deployment.mi.livenessProbe.periodSeconds` | Period of the live-ness probe for Micro Integrator node | 10 | -| `wso2.deployment.mi.readinessProbe.initialDelaySeconds` | Initial delay for the readiness probe for Micro Integrator node | 35 | -| `wso2.deployment.mi.readinessProbe.periodSeconds` | Period of the readiness probe for Micro Integrator node | 10 | -| `wso2.deployment.mi.resources.requests.memory` | The minimum amount of memory that should be allocated for a Pod | 512Mi | -| `wso2.deployment.mi.resources.requests.cpu` | The minimum amount of CPU that should be allocated for a Pod | 500m | -| `wso2.deployment.mi.resources.limits.memory` | The maximum amount of memory that should be allocated for a Pod | 1Gi | -| `wso2.deployment.mi.resources.limits.cpu` | The maximum amount of CPU that should be allocated for a Pod | 1000m | -| `wso2.deployment.mi.config` | Custom deployment configuration file (`/conf/deployment.toml`) | - | -| `wso2.deployment.mi.ingress.management.hostname` | Hostname for Micro Integrator management apis | `management.mi.wso2.com` | -| `wso2.deployment.mi.ingress.management.annotations` | Ingress resource annotations for API Manager Gateway | Community NGINX Ingress controller annotations | - -**Note**: The above mentioned default, minimum resource amounts for running WSO2 API Manager server profiles are based on its [official documentation](https://apim.docs.wso2.com/en/latest/install-and-setup/install/installation-prerequisites/). - -###### Kubernetes Specific Configurations - -| Parameter | Description | Default Value | -|---------------------------------------------------------------|-------------------------------------------------------------------------------------------|---------------------------------| -| `kubernetes.serviceAccount` | Name of the Kubernetes Service Account to which the Pods are to be bound | `wso2am-pattern-1-svc-account` | - - -###### Using RDBMS instead of the default MySQL pod - -Follow the below instructions to use a custom RDBMS instead of the default am-mysql deployment. - -1. First deploy the DB with the correct set of users and tables as required for an APIM deployment. You can find the relevant SQL scripts with the APIM product distribution. Please follow https://apim.docs.wso2.com/en/latest/install-and-setup/setup/setting-up-databases/overview for more information on how to set-up the databases. - -2. Modify the values.yaml file with the DB configuration parameters used above. Refer the following table - -| Parameter | Description | Default Value | -|---------------------------------------------------------------|-------------------------------------------------------------------------------------------|---------------------------------| -| `wso2.deployment.am.db.hostname` | Database hostname | `wso2am-mysql-db-service` | -| `wso2.deployment.am.db.port` | Database port | `3306` | -| `wso2.deployment.am.db.type` | Database vendor | `mysql` | -| `wso2.deployment.am.db.driver` | Database driver | `com.mysql.cj.jdbc.Driver` | -| `wso2.deployment.am.db.driver_url` | URL path to the jar file of the database driver | `https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.29/mysql-connector-java-8.0.29.jar` | -| `wso2.deployment.am.db.apim.username` | Username to connect to the AM database | `wso2carbon` | -| `wso2.deployment.am.db.apim.password` | Password to connect to the AM database. | `wso2carbon` | -| `wso2.deployment.am.db.apim.url` | JDBC connection URL for the AM database | `jdbc:mysql://wso2am-mysql-db-service:3306/WSO2AM_DB? useSSL=false&autoReconnect=true&requireSSL=false&verifyServerCertificate=false` | -| `wso2.deployment.am.db.apim_shared.username` | Username to connect to the AM Shared database | `wso2carbon` | -| `wso2.deployment.am.db.apim_shared.password` | Password to connect to the AM Shared database | `wso2carbon` | -| `wso2.deployment.am.db.apim_shared.url` | JDBC connection URL for the AM Shared database | `jdbc:mysql://wso2am-mysql-db-service:3306/WSO2AM_SHARED_DB?useSSL=false&autoReconnect=true&requireSSL=false&verifyServerCertificate=false` | - -## Runtime Artifact Persistence and Sharing - -* It is **mandatory** to set an appropriate Kubernetes StorageClass in this deployment, for persistence and sharing. - -* By default, this deployment uses the `nfs` Kubernetes StorageClass created using the official, stable [NFS Server Provisioner](https://hub.helm.sh/charts/stable/nfs-server-provisioner). - -* Only persistent storage solutions supporting `ReadWriteMany` [access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) - are applicable for `wso2.deployment.persistentRuntimeArtifacts.storageClass`. - -* Please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/store/Persisting_And_Sharing.md#recommended-storage-options-for-wso2-products) - for advanced details with regards to WSO2 recommended, storage options. - -## Managing Java Keystores and Truststores - -* By default, this deployment uses the default keystores and truststores provided by the relevant WSO2 product. - -* For advanced details with regards to managing custom Java keystores and truststores in a container based WSO2 product deployment - please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/deploy/Managing_Keystores_And_Truststores.md). - -## Configuring SSL in Service Exposure - -* For WSO2 recommended best practices in configuring SSL when exposing the internal product services to outside of the Kubernetes cluster, - please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/route/Routing.md#configuring-ssl). - -## Setting up API Manager without Micro Integrator - -If you want to setup API Manager only without Micro Integrator, you have to install the charts from source after removing MI templates. - -* Clone the repository - - ``` - git clone https://github.com/wso2/kubernetes-apim.git - ``` - -* Remove the MI templates by removing the `mi` folder in `/advanced/am-pattern-1/templates/`. - -* Deploy Helm charts - - ```helm - helm install /am-pattern-1 --version 4.2.0-1 --namespace --dependency-update --create-namespace - ``` - - diff --git a/advanced/am-pattern-1/auth.json b/advanced/am-pattern-1/auth.json deleted file mode 100644 index 453e366c..00000000 --- a/advanced/am-pattern-1/auth.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "auths": { - "reg.id": { - "username": "docker.wso2.com.username", - "password": "docker.wso2.com.password", - "email": "docker.wso2.com.email", - "auth": "docker.wso2.com.auth" - } - } -} \ No newline at end of file diff --git a/advanced/am-pattern-1/requirements.yaml b/advanced/am-pattern-1/requirements.yaml deleted file mode 100644 index 2416c64d..00000000 --- a/advanced/am-pattern-1/requirements.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: mysql-am - version: "4.2.0-1" - repository: "https://helm.wso2.com" - condition: wso2.deployment.dependencies.cluster_mysql - - name: nfs-server-provisioner - version: "1.1.0" - repository: "https://helm.wso2.com" - condition: wso2.deployment.dependencies.nfsServerProvisioner diff --git a/advanced/am-pattern-1/templates/NOTES.txt b/advanced/am-pattern-1/templates/NOTES.txt deleted file mode 100644 index 940feff1..00000000 --- a/advanced/am-pattern-1/templates/NOTES.txt +++ /dev/null @@ -1,57 +0,0 @@ -Thank you for installing WSO2 API Manager. - -Please follow these steps to access API Manager Publisher and DevPortal consoles. - -1. Obtain the external IP (`EXTERNAL-IP`) of the API Manager Ingress resources, by listing down the Kubernetes Ingresses. - - kubectl get ing -n {{ .Release.Namespace }} - - The output under the relevant column stands for the following. - - API Manager Publisher-DevPortal - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-1.resource.prefix" . }}-am-ingress) - - HOSTS: Hostname of the WSO2 API Manager service ({{ .Values.wso2.deployment.am.ingress.management.hostname }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the API Manager service - - API Manager Gateway - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-1.resource.prefix" . }}-am-gateway-ingress) - - HOSTS: Hostname of the WSO2 API Manager's Gateway service ({{ .Values.wso2.deployment.am.ingress.gateway.hostname }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Gateway service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the API Manager' Gateway service - -2. Add a DNS record mapping the hostnames (in step 1) and the external IP. - - If the defined hostnames (in step 1) are backed by a DNS service, add a DNS record mapping the hostnames and - the external IP (`EXTERNAL-IP`) in the relevant DNS service. - - If the defined hostnames are not backed by a DNS service, for the purpose of evaluation you may add an entry mapping the - hostnames and the external IP in the `/etc/hosts` file at the client-side. - - {{ .Values.wso2.deployment.am.ingress.management.hostname }} {{ .Values.wso2.deployment.am.ingress.gateway.hostname }} - -3. Navigate to the consoles in your browser of choice. - - API Manager Publisher: https://{{ .Values.wso2.deployment.am.ingress.management.hostname }}/publisher - API Manager DevPortal: https://{{ .Values.wso2.deployment.am.ingress.management.hostname }}/devportal - -Please follow these steps to assess Micro Integrator. - -1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. - - kubectl get ing -n {{ .Release.Namespace }} - - Micro Integrator Management APIs - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-1.resource.prefix" . }}-mi-1-management-ingress) - - HOSTS: Hostname of the WSO2 Micro Integrator service ({{ .Values.wso2.deployment.mi.ingress.management.hostname }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the Micro Integrator service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the Micro Integrator service - -2. Add the above host as an entry in /etc/hosts file as follows: - - {{ .Values.wso2.deployment.mi.ingress.management.hostname }} - -Please refer the official documentation at https://apim.docs.wso2.com/en/latest/ for additional information on WSO2 API Manager. diff --git a/advanced/am-pattern-1/templates/_helpers.tpl b/advanced/am-pattern-1/templates/_helpers.tpl deleted file mode 100644 index f26bdc34..00000000 --- a/advanced/am-pattern-1/templates/_helpers.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{/* -Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at -http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "am-pattern-1.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "am-pattern-1.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "am-pattern-1.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "am-pattern-1.labels" -}} -app.kubernetes.io/name: {{ include "am-pattern-1.name" . }} -helm.sh/chart: {{ include "am-pattern-1.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Common prefix prepended to Kubernetes resources of this chart -*/}} -{{- define "am-pattern-1.resource.prefix" -}} -{{- "wso2am-pattern-1" }} -{{- end -}} - -{{- define "image" }} -{{- $imageName := .deployment.imageName }} -{{- $imageTag := .deployment.imageTag | default "" }} -{{- if or (eq .Values.wso2.subscription.username "") (eq .Values.wso2.subscription.password "") -}} -{{- $dockerRegistry := .deployment.dockerRegistry | default "wso2" }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}{{- printf ":%s" $imageTag -}}{{- end }} -{{- else }} -{{- $dockerRegistry := .deployment.dockerRegistry | default "docker.wso2.com" }} -{{- $parts := len (split "." $imageTag) }} -{{- if and (eq $parts 3) (eq $dockerRegistry "docker.wso2.com") }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}:{{ $imageTag }}.0{{- end }} -{{- else }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}:{{ $imageTag }}{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/advanced/am-pattern-1/templates/am/instance-1/wso2am-pattern-1-am-conf.yaml b/advanced/am-pattern-1/templates/am/instance-1/wso2am-pattern-1-am-conf.yaml deleted file mode 100644 index 5730c116..00000000 --- a/advanced/am-pattern-1/templates/am/instance-1/wso2am-pattern-1-am-conf.yaml +++ /dev/null @@ -1,315 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-1-conf - namespace : {{ .Release.Namespace }} - {{ if .Values.wso2.deployment.am.config }} -data: - {{- range $index, $content := .Values.wso2.deployment.am.config }} - {{ $index }}: |- -{{ tpl $content $ | indent 4 }} - {{- end }} - - {{ else }} -data: - deployment.toml: |- - [server] - hostname = "{{ .Values.wso2.deployment.am.ingress.management.hostname }}" - #offset=0 - base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}" - #discard_empty_caches = false - server_role = "default" - - [super_admin] - username = "admin" - password = "admin" - create_admin_account = true - - [user_store] - type = "database_unique_id" - - [database.apim_db] - type = "{{ .Values.wso2.deployment.am.db.type }}" - url = "{{ .Values.wso2.deployment.am.db.apim.url }}" - username = "{{ .Values.wso2.deployment.am.db.apim.username }}" - password = "{{ .Values.wso2.deployment.am.db.apim.password }}" - driver = "{{ .Values.wso2.deployment.am.db.driver }}" - - [database.shared_db] - type = "{{ .Values.wso2.deployment.am.db.type }}" - url = "{{ .Values.wso2.deployment.am.db.apim_shared.url }}" - username = "{{ .Values.wso2.deployment.am.db.apim_shared.username }}" - password = "{{ .Values.wso2.deployment.am.db.apim_shared.password }}" - driver = "{{ .Values.wso2.deployment.am.db.driver }}" - - [keystore.tls] - file_name = "wso2carbon.jks" - type = "JKS" - password = "wso2carbon" - alias = "wso2carbon" - key_password = "wso2carbon" - - #[keystore.listener_profile] - #bind_address = "0.0.0.0" - - #[keystore.primary] - #file_name = "wso2carbon.jks" - #type = "JKS" - #password = "wso2carbon" - #alias = "wso2carbon" - #key_password = "wso2carbon" - - #[keystore.internal] - #file_name = "wso2carbon.jks" - #type = "JKS" - #password = "wso2carbon" - #alias = "wso2carbon" - #key_password = "wso2carbon" - - [[apim.gateway.environment]] - name = "Default" - type = "hybrid" - provider = "wso2" - display_in_api_console = true - description = "This is a hybrid gateway that handles both production and sandbox token traffic." - show_as_token_endpoint_url = true - service_url = "https://localhost:${mgt.transport.https.port}/services/" - username= "${admin.username}" - password= "${admin.password}" - ws_endpoint = "ws://{{ .Values.wso2.deployment.am.ingress.websocket.hostname }}" - wss_endpoint = "wss://{{ .Values.wso2.deployment.am.ingress.websocket.hostname }}" - http_endpoint = "http://{{ .Values.wso2.deployment.am.ingress.gateway.hostname }}" - https_endpoint = "https://{{ .Values.wso2.deployment.am.ingress.gateway.hostname }}" - websub_event_receiver_http_endpoint = "http://{{ .Values.wso2.deployment.am.ingress.websub.hostname }}" - websub_event_receiver_https_endpoint = "https://{{ .Values.wso2.deployment.am.ingress.websub.hostname }}" - - [apim.sync_runtime_artifacts.gateway] - gateway_labels =["Default"] - - #[apim.cache.gateway_token] - #enable = true - #expiry_time = "900s" - - #[apim.cache.resource] - #enable = true - #expiry_time = "900s" - - #[apim.cache.km_token] - #enable = false - #expiry_time = "15m" - - #[apim.cache.recent_apis] - #enable = false - - #[apim.cache.scopes] - #enable = true - - #[apim.cache.publisher_roles] - #enable = true - - #[apim.cache.jwt_claim] - #enable = true - #expiry_time = "15m" - - #[apim.cache.tags] - #expiry_time = "2m" - - {{ if .Values.wso2.choreoAnalytics.enabled }} - [apim.analytics] - enable = true - config_endpoint = "{{ .Values.wso2.choreoAnalytics.endpoint }}" - auth_token = "{{ .Values.wso2.choreoAnalytics.onpremKey }}" - {{ else }} - [apim.analytics] - enable = false - config_endpoint = "https://analytics-event-auth.choreo.dev/auth/v1" - auth_token = "" - {{ end }} - - #[apim.key_manager] - #service_url = "https://localhost:${mgt.transport.https.port}/services/" - #username = "$ref{super_admin.username}" - #password = "$ref{super_admin.password}" - #pool.init_idle_capacity = 50 - #pool.max_idle = 100 - #key_validation_handler_type = "default" - #key_validation_handler_type = "custom" - #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" - - #[apim.idp] - #server_url = "https://localhost:${mgt.transport.https.port}" - #authorize_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/authorize" - #oidc_logout_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/logout" - #oidc_check_session_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/checksession" - - #[apim.jwt] - #enable = true - #encoding = "base64" # base64,base64url - #generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" - #claim_dialect = "http://wso2.org/claims" - #convert_dialect = false - #header = "X-JWT-Assertion" - #signing_algorithm = "SHA256withRSA" - #enable_user_claims = true - #claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever" - - #[apim.oauth_config] - #enable_outbound_auth_header = false - #auth_header = "Authorization" - #revoke_endpoint = "https://localhost:${https.nio.port}/revoke" - #enable_token_encryption = false - #enable_token_hashing = false - - [apim.devportal] - url = "https://{{ .Values.wso2.deployment.am.ingress.management.hostname }}/devportal" - #enable_application_sharing = false - #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl - #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api - #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" - #display_multiple_versions = false - #display_deprecated_apis = false - #enable_comments = true - #enable_ratings = true - #enable_forum = true - #enable_anonymous_mode=true - #enable_cross_tenant_subscriptions = true - #default_reserved_username = "apim_reserved_user" - - [apim.cors] - allow_origins = "*" - allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] - allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] - allow_credentials = false - - [apim.throttling] - event_duplicate_url = ["tcp://{{ template "am-pattern-1.resource.prefix" . }}-am-2-service:5672"] - #enable_data_publishing = true - #enable_policy_deploy = true - #enable_blacklist_condition = true - #enable_persistence = true - #throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"] - - #[apim.throttling.blacklist_condition] - #start_delay = "5m" - #period = "1h" - - #[apim.throttling.jms] - #start_delay = "5m" - - #[apim.throttling.event_sync] - #hostName = "0.0.0.0" - #port = 11224 - - #[apim.throttling.event_management] - #hostName = "0.0.0.0" - #port = 10005 - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-1.resource.prefix" . }}-am-1-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-1.resource.prefix" . }}-am-1-service:9711"] - type = "loadbalance" - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-1.resource.prefix" . }}-am-2-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-1.resource.prefix" . }}-am-2-service:9711"] - type = "loadbalance" - - #[apim.workflow] - #enable = false - #service_url = "https://localhost:9445/bpmn" - #username = "$ref{super_admin.username}" - #password = "$ref{super_admin.password}" - #callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status" - #token_endpoint = "https://localhost:${https.nio.port}/token" - #client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register" - #client_registration_username = "$ref{super_admin.username}" - #client_registration_password = "$ref{super_admin.password}" - - #data bridge config - #[transport.receiver] - #type = "binary" - #worker_threads = 10 - #session_timeout = "30m" - #keystore.file_name = "$ref{keystore.tls.file_name}" - #keystore.password = "$ref{keystore.tls.password}" - #tcp_port = 9611 - #ssl_port = 9711 - #ssl_receiver_thread_pool_size = 100 - #tcp_receiver_thread_pool_size = 100 - #ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"] - #ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"] - - #[apim.notification] - #from_address = "APIM.com" - #username = "APIM" - #password = "APIM+123" - #hostname = "localhost" - #port = 3025 - #enable_start_tls = false - #enable_authentication = true - - #[apim.token.revocation] - #notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl" - #enable_realtime_notifier = true - #realtime_notifier.ttl = 5000 - #enable_persistent_notifier = true - #persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/" - #persistent_notifier.ttl = 5000 - #persistent_notifier.username = "root" - #persistent_notifier.password = "root" - - [[event_handler]] - name="userPostSelfRegistration" - subscriptions=["POST_ADD_USER"] - - [service_provider] - sp_name_regex = "^[\\sa-zA-Z0-9._-]*$" - - [[event_listener]] - id = "token_revocation" - type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" - name = "org.wso2.is.notification.ApimOauthEventInterceptor" - order = 1 - [event_listener.properties] - notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" - username = "${admin.username}" - password = "${admin.password}" - 'header.X-WSO2-KEY-MANAGER' = "default" - - [transport.https.properties] - proxyPort = 443 - - [oauth.grant_type.token_exchange] - enable = true - allow_refresh_tokens = true - iat_validity_period = "1h" - - [transport.passthru_https.sender.parameters] - HostnameVerifier = "AllowAll" - - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - [database.local] - url = "jdbc:h2:/home/wso2carbon/solr/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" - - [indexing] - location = "/home/wso2carbon/solr/indexed-data" - {{ else }} - [database.local] - url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" - {{ end }} - - {{ end }} diff --git a/advanced/am-pattern-1/templates/am/instance-1/wso2am-pattern-1-am-deployment.yaml b/advanced/am-pattern-1/templates/am/instance-1/wso2am-pattern-1-am-deployment.yaml deleted file mode 100644 index c3c10b59..00000000 --- a/advanced/am-pattern-1/templates/am/instance-1/wso2am-pattern-1-am-deployment.yaml +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-1-deployment - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-am - node: {{ template "am-pattern-1.resource.prefix" . }}-am-1 - template: - metadata: - annotations: - checksum.am.conf: {{ include (print $.Template.BasePath "/am/instance-1/wso2am-pattern-1-am-conf.yaml") . | sha256sum }} - labels: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-am - node: {{ template "am-pattern-1.resource.prefix" . }}-am-1 - product: apim - spec: - initContainers: - - name: init-db - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of DB Server deployment"; while ! nc -z "{{ .Values.wso2.deployment.am.db.hostname }}" {{ .Values.wso2.deployment.am.db.port }}; do sleep 1; printf "-"; done; echo -e " >> DB Server has started";'] - - name: init-db-connector-download - image: busybox:1.32 - command: - - /bin/sh - - "-c" - - | - set -e - connector_version=8.0.17 - wget "{{ .Values.wso2.deployment.am.db.driver_url }}" -P /db-connector-jar/ - volumeMounts: - - name: db-connector-jar - mountPath: /db-connector-jar - containers: - - name: wso2am -{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.am) | indent 10 }} - imagePullPolicy: {{ .Values.wso2.deployment.am.imagePullPolicy }} - livenessProbe: - httpGet: - path: /services/Version - port: 9763 - initialDelaySeconds: {{ .Values.wso2.deployment.am.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.livenessProbe.periodSeconds }} - readinessProbe: - httpGet: - path: /services/Version - port: 9763 - initialDelaySeconds: {{ .Values.wso2.deployment.am.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.readinessProbe.periodSeconds }} - lifecycle: - preStop: - exec: - command: ['sh', '-c', '${WSO2_SERVER_HOME}/bin/api-manager.sh stop'] - resources: - requests: - memory: {{ .Values.wso2.deployment.am.resources.requests.memory }} - cpu: {{ .Values.wso2.deployment.am.resources.requests.cpu }} - limits: - memory: {{ .Values.wso2.deployment.am.resources.limits.memory }} - cpu: {{ .Values.wso2.deployment.am.resources.limits.cpu }} - securityContext: - runAsUser: 802 - ports: - - containerPort: 8280 - protocol: "TCP" - - containerPort: 8243 - protocol: "TCP" - - containerPort: 9763 - protocol: "TCP" - - containerPort: 9443 - protocol: "TCP" - - containerPort: 9711 - protocol: "TCP" - - containerPort: 9611 - protocol: "TCP" - - containerPort: 5672 - protocol: "TCP" - env: - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: JVM_MEM_OPTS - value: "-Xms{{ .Values.wso2.deployment.am.resources.jvm.heap.memory.xms }} -Xmx{{ .Values.wso2.deployment.am.resources.jvm.heap.memory.xmx }}" - volumeMounts: - - name: wso2am-conf - mountPath: /home/wso2carbon/wso2-config-volume/repository/conf - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - - name: wso2am-local-carbon-database-storage - mountPath: /home/wso2carbon/solr/database - - name: wso2am-solr-indexed-data-storage - mountPath: /home/wso2carbon/solr/indexed-data - - name: wso2am-conf-entrypoint - mountPath: /home/wso2carbon/docker-entrypoint.sh - subPath: docker-entrypoint.sh - {{ end }} - - name: db-connector-jar - mountPath: /home/wso2carbon/wso2-artifact-volume/repository/components/lib - serviceAccountName: {{ .Values.kubernetes.serviceAccount }} - {{- if .Values.wso2.deployment.am.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.wso2.deployment.am.imagePullSecrets }} - {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} - imagePullSecrets: - - name: {{ template "am-pattern-1.resource.prefix" . }}-am-wso2-private-registry-creds - {{ end }} - volumes: - - name: wso2am-conf - configMap: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-1-conf - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - - name: wso2am-local-carbon-database-storage - persistentVolumeClaim: - claimName: {{ template "am-pattern-1.resource.prefix" . }}-am-1-local-carbon-database-volume-claim - - name: wso2am-solr-indexed-data-storage - persistentVolumeClaim: - claimName: {{ template "am-pattern-1.resource.prefix" . }}-am-1-solr-indexed-data-volume-claim - - name: wso2am-conf-entrypoint - configMap: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-conf-entrypoint - defaultMode: 0407 - {{ end }} - - name: db-connector-jar - emptyDir: {} diff --git a/advanced/am-pattern-1/templates/am/instance-1/wso2am-pattern-1-am-service.yaml b/advanced/am-pattern-1/templates/am/instance-1/wso2am-pattern-1-am-service.yaml deleted file mode 100644 index 7e27a88c..00000000 --- a/advanced/am-pattern-1/templates/am/instance-1/wso2am-pattern-1-am-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-1-service - namespace : {{ .Release.Namespace }} -spec: - # label keys and values that must match in order to receive traffic for this service - selector: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-am - node: {{ template "am-pattern-1.resource.prefix" . }}-am-1 - ports: - # ports that this service should serve on - - name: binary - protocol: TCP - port: 9611 - - name: binary-secure - protocol: TCP - port: 9711 - - name: jms-tcp - protocol: TCP - port: 5672 - - name: servlet-https - protocol: TCP - port: 9443 diff --git a/advanced/am-pattern-1/templates/am/instance-2/wso2am-pattern-1-am-conf.yaml b/advanced/am-pattern-1/templates/am/instance-2/wso2am-pattern-1-am-conf.yaml deleted file mode 100644 index b5e1005c..00000000 --- a/advanced/am-pattern-1/templates/am/instance-2/wso2am-pattern-1-am-conf.yaml +++ /dev/null @@ -1,315 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-2-conf - namespace : {{ .Release.Namespace }} - {{ if .Values.wso2.deployment.am.config }} -data: - {{- range $index, $content := .Values.wso2.deployment.am.config }} - {{ $index }}: |- -{{ tpl $content $ | indent 4 }} - {{- end }} - - {{ else }} -data: - deployment.toml: |- - [server] - hostname = "{{ .Values.wso2.deployment.am.ingress.management.hostname }}" - #offset=0 - base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}" - #discard_empty_caches = false - server_role = "default" - - [super_admin] - username = "admin" - password = "admin" - create_admin_account = true - - [user_store] - type = "database_unique_id" - - [database.apim_db] - type = "{{ .Values.wso2.deployment.am.db.type }}" - url = "{{ .Values.wso2.deployment.am.db.apim.url }}" - username = "{{ .Values.wso2.deployment.am.db.apim.username }}" - password = "{{ .Values.wso2.deployment.am.db.apim.password }}" - driver = "{{ .Values.wso2.deployment.am.db.driver }}" - - [database.shared_db] - type = "{{ .Values.wso2.deployment.am.db.type }}" - url = "{{ .Values.wso2.deployment.am.db.apim_shared.url }}" - username = "{{ .Values.wso2.deployment.am.db.apim_shared.username }}" - password = "{{ .Values.wso2.deployment.am.db.apim_shared.password }}" - driver = "{{ .Values.wso2.deployment.am.db.driver }}" - - [keystore.tls] - file_name = "wso2carbon.jks" - type = "JKS" - password = "wso2carbon" - alias = "wso2carbon" - key_password = "wso2carbon" - - #[keystore.listener_profile] - #bind_address = "0.0.0.0" - - #[keystore.primary] - #file_name = "wso2carbon.jks" - #type = "JKS" - #password = "wso2carbon" - #alias = "wso2carbon" - #key_password = "wso2carbon" - - #[keystore.internal] - #file_name = "wso2carbon.jks" - #type = "JKS" - #password = "wso2carbon" - #alias = "wso2carbon" - #key_password = "wso2carbon" - - [[apim.gateway.environment]] - name = "Default" - type = "hybrid" - provider = "wso2" - display_in_api_console = true - description = "This is a hybrid gateway that handles both production and sandbox token traffic." - show_as_token_endpoint_url = true - service_url = "https://localhost:${mgt.transport.https.port}/services/" - username= "${admin.username}" - password= "${admin.password}" - ws_endpoint = "ws://{{ .Values.wso2.deployment.am.ingress.websocket.hostname }}" - wss_endpoint = "wss://{{ .Values.wso2.deployment.am.ingress.websocket.hostname }}" - http_endpoint = "http://{{ .Values.wso2.deployment.am.ingress.gateway.hostname }}" - https_endpoint = "https://{{ .Values.wso2.deployment.am.ingress.gateway.hostname }}" - websub_event_receiver_http_endpoint = "http://{{ .Values.wso2.deployment.am.ingress.websub.hostname }}" - websub_event_receiver_https_endpoint = "https://{{ .Values.wso2.deployment.am.ingress.websub.hostname }}" - - [apim.sync_runtime_artifacts.gateway] - gateway_labels =["Default"] - - #[apim.cache.gateway_token] - #enable = true - #expiry_time = "900s" - - #[apim.cache.resource] - #enable = true - #expiry_time = "900s" - - #[apim.cache.km_token] - #enable = false - #expiry_time = "15m" - - #[apim.cache.recent_apis] - #enable = false - - #[apim.cache.scopes] - #enable = true - - #[apim.cache.publisher_roles] - #enable = true - - #[apim.cache.jwt_claim] - #enable = true - #expiry_time = "15m" - - #[apim.cache.tags] - #expiry_time = "2m" - - {{ if .Values.wso2.choreoAnalytics.enabled }} - [apim.analytics] - enable = true - config_endpoint = "{{ .Values.wso2.choreoAnalytics.endpoint }}" - auth_token = "{{ .Values.wso2.choreoAnalytics.onpremKey }}" - {{ else }} - [apim.analytics] - enable = false - config_endpoint = "https://analytics-event-auth.choreo.dev/auth/v1" - auth_token = "" - {{ end }} - - #[apim.key_manager] - #service_url = "https://localhost:${mgt.transport.https.port}/services/" - #username = "$ref{super_admin.username}" - #password = "$ref{super_admin.password}" - #pool.init_idle_capacity = 50 - #pool.max_idle = 100 - #key_validation_handler_type = "default" - #key_validation_handler_type = "custom" - #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" - - #[apim.idp] - #server_url = "https://localhost:${mgt.transport.https.port}" - #authorize_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/authorize" - #oidc_logout_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/logout" - #oidc_check_session_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/checksession" - - #[apim.jwt] - #enable = true - #encoding = "base64" # base64,base64url - #generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" - #claim_dialect = "http://wso2.org/claims" - #convert_dialect = false - #header = "X-JWT-Assertion" - #signing_algorithm = "SHA256withRSA" - #enable_user_claims = true - #claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever" - - #[apim.oauth_config] - #enable_outbound_auth_header = false - #auth_header = "Authorization" - #revoke_endpoint = "https://localhost:${https.nio.port}/revoke" - #enable_token_encryption = false - #enable_token_hashing = false - - [apim.devportal] - url = "https://{{ .Values.wso2.deployment.am.ingress.management.hostname }}/devportal" - #enable_application_sharing = false - #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl - #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api - #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" - #display_multiple_versions = false - #display_deprecated_apis = false - #enable_comments = true - #enable_ratings = true - #enable_forum = true - #enable_anonymous_mode=true - #enable_cross_tenant_subscriptions = true - #default_reserved_username = "apim_reserved_user" - - [apim.cors] - allow_origins = "*" - allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] - allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] - allow_credentials = false - - [apim.throttling] - event_duplicate_url = ["tcp://{{ template "am-pattern-1.resource.prefix" . }}-am-1-service:5672"] - #enable_data_publishing = true - #enable_policy_deploy = true - #enable_blacklist_condition = true - #enable_persistence = true - #throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"] - - #[apim.throttling.blacklist_condition] - #start_delay = "5m" - #period = "1h" - - #[apim.throttling.jms] - #start_delay = "5m" - - #[apim.throttling.event_sync] - #hostName = "0.0.0.0" - #port = 11224 - - #[apim.throttling.event_management] - #hostName = "0.0.0.0" - #port = 10005 - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-1.resource.prefix" . }}-am-2-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-1.resource.prefix" . }}-am-2-service:9711"] - type = "loadbalance" - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-1.resource.prefix" . }}-am-1-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-1.resource.prefix" . }}-am-1-service:9711"] - type = "loadbalance" - - #[apim.workflow] - #enable = false - #service_url = "https://localhost:9445/bpmn" - #username = "$ref{super_admin.username}" - #password = "$ref{super_admin.password}" - #callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status" - #token_endpoint = "https://localhost:${https.nio.port}/token" - #client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register" - #client_registration_username = "$ref{super_admin.username}" - #client_registration_password = "$ref{super_admin.password}" - - #data bridge config - #[transport.receiver] - #type = "binary" - #worker_threads = 10 - #session_timeout = "30m" - #keystore.file_name = "$ref{keystore.tls.file_name}" - #keystore.password = "$ref{keystore.tls.password}" - #tcp_port = 9611 - #ssl_port = 9711 - #ssl_receiver_thread_pool_size = 100 - #tcp_receiver_thread_pool_size = 100 - #ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"] - #ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"] - - #[apim.notification] - #from_address = "APIM.com" - #username = "APIM" - #password = "APIM+123" - #hostname = "localhost" - #port = 3025 - #enable_start_tls = false - #enable_authentication = true - - #[apim.token.revocation] - #notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl" - #enable_realtime_notifier = true - #realtime_notifier.ttl = 5000 - #enable_persistent_notifier = true - #persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/" - #persistent_notifier.ttl = 5000 - #persistent_notifier.username = "root" - #persistent_notifier.password = "root" - - [[event_handler]] - name="userPostSelfRegistration" - subscriptions=["POST_ADD_USER"] - - [service_provider] - sp_name_regex = "^[\\sa-zA-Z0-9._-]*$" - - [[event_listener]] - id = "token_revocation" - type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" - name = "org.wso2.is.notification.ApimOauthEventInterceptor" - order = 1 - [event_listener.properties] - notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" - username = "${admin.username}" - password = "${admin.password}" - 'header.X-WSO2-KEY-MANAGER' = "default" - - [transport.https.properties] - proxyPort = 443 - - [oauth.grant_type.token_exchange] - enable = true - allow_refresh_tokens = true - iat_validity_period = "1h" - - [transport.passthru_https.sender.parameters] - HostnameVerifier = "AllowAll" - - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - [database.local] - url = "jdbc:h2:/home/wso2carbon/solr/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" - - [indexing] - location = "/home/wso2carbon/solr/indexed-data" - {{ else }} - [database.local] - url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" - {{ end }} - - {{ end }} diff --git a/advanced/am-pattern-1/templates/am/instance-2/wso2am-pattern-1-am-deployment.yaml b/advanced/am-pattern-1/templates/am/instance-2/wso2am-pattern-1-am-deployment.yaml deleted file mode 100644 index 3dba6f24..00000000 --- a/advanced/am-pattern-1/templates/am/instance-2/wso2am-pattern-1-am-deployment.yaml +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-2-deployment - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-am - node: {{ template "am-pattern-1.resource.prefix" . }}-am-2 - template: - metadata: - annotations: - checksum.am.conf: {{ include (print $.Template.BasePath "/am/instance-2/wso2am-pattern-1-am-conf.yaml") . | sha256sum }} - labels: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-am - node: {{ template "am-pattern-1.resource.prefix" . }}-am-2 - product: apim - spec: - initContainers: - - name: init-db - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of DB Server deployment"; while ! nc -z "{{ .Values.wso2.deployment.am.db.hostname }}" {{ .Values.wso2.deployment.am.db.port }}; do sleep 1; printf "-"; done; echo -e " >> DB Server has started";'] - - name: init-db-connector-download - image: busybox:1.32 - command: - - /bin/sh - - "-c" - - | - set -e - connector_version=8.0.17 - wget "{{ .Values.wso2.deployment.am.db.driver_url }}" -P /db-connector-jar/ - volumeMounts: - - name: db-connector-jar - mountPath: /db-connector-jar - containers: - - name: wso2am -{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.am) | indent 10 }} - imagePullPolicy: {{ .Values.wso2.deployment.am.imagePullPolicy }} - livenessProbe: - httpGet: - path: /services/Version - port: 9763 - initialDelaySeconds: {{ .Values.wso2.deployment.am.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.livenessProbe.periodSeconds }} - readinessProbe: - httpGet: - path: /services/Version - port: 9763 - initialDelaySeconds: {{ .Values.wso2.deployment.am.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.readinessProbe.periodSeconds }} - lifecycle: - preStop: - exec: - command: ['sh', '-c', '${WSO2_SERVER_HOME}/bin/api-manager.sh stop'] - resources: - requests: - memory: {{ .Values.wso2.deployment.am.resources.requests.memory }} - cpu: {{ .Values.wso2.deployment.am.resources.requests.cpu }} - limits: - memory: {{ .Values.wso2.deployment.am.resources.limits.memory }} - cpu: {{ .Values.wso2.deployment.am.resources.limits.cpu }} - securityContext: - runAsUser: 802 - ports: - - containerPort: 8280 - protocol: "TCP" - - containerPort: 8243 - protocol: "TCP" - - containerPort: 9763 - protocol: "TCP" - - containerPort: 9443 - protocol: "TCP" - - containerPort: 9711 - protocol: "TCP" - - containerPort: 9611 - protocol: "TCP" - - containerPort: 5672 - protocol: "TCP" - env: - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: JVM_MEM_OPTS - value: "-Xms{{ .Values.wso2.deployment.am.resources.jvm.heap.memory.xms }} -Xmx{{ .Values.wso2.deployment.am.resources.jvm.heap.memory.xmx }}" - volumeMounts: - - name: wso2am-conf - mountPath: /home/wso2carbon/wso2-config-volume/repository/conf - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - - name: wso2am-local-carbon-database-storage - mountPath: /home/wso2carbon/solr/database - - name: wso2am-solr-indexed-data-storage - mountPath: /home/wso2carbon/solr/indexed-data - - name: wso2am-conf-entrypoint - mountPath: /home/wso2carbon/docker-entrypoint.sh - subPath: docker-entrypoint.sh - {{ end }} - - name: db-connector-jar - mountPath: /home/wso2carbon/wso2-artifact-volume/repository/components/lib - serviceAccountName: {{ .Values.kubernetes.serviceAccount }} - {{- if .Values.wso2.deployment.am.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.wso2.deployment.am.imagePullSecrets }} - {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} - imagePullSecrets: - - name: {{ template "am-pattern-1.resource.prefix" . }}-am-wso2-private-registry-creds - {{ end }} - volumes: - - name: wso2am-conf - configMap: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-2-conf - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - - name: wso2am-local-carbon-database-storage - persistentVolumeClaim: - claimName: {{ template "am-pattern-1.resource.prefix" . }}-am-2-local-carbon-database-volume-claim - - name: wso2am-solr-indexed-data-storage - persistentVolumeClaim: - claimName: {{ template "am-pattern-1.resource.prefix" . }}-am-2-solr-indexed-data-volume-claim - - name: wso2am-conf-entrypoint - configMap: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-conf-entrypoint - defaultMode: 0407 - {{ end }} - - name: db-connector-jar - emptyDir: {} diff --git a/advanced/am-pattern-1/templates/am/instance-2/wso2am-pattern-1-am-service.yaml b/advanced/am-pattern-1/templates/am/instance-2/wso2am-pattern-1-am-service.yaml deleted file mode 100644 index ebc557f2..00000000 --- a/advanced/am-pattern-1/templates/am/instance-2/wso2am-pattern-1-am-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-2-service - namespace : {{ .Release.Namespace }} -spec: - # label keys and values that must match in order to receive traffic for this service - selector: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-am - node: {{ template "am-pattern-1.resource.prefix" . }}-am-2 - ports: - # ports that this service should serve on - - name: binary - protocol: TCP - port: 9611 - - name: binary-secure - protocol: TCP - port: 9711 - - name: jms-tcp - protocol: TCP - port: 5672 - - name: servlet-https - protocol: TCP - port: 9443 diff --git a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-conf-entrypoint.yaml b/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-conf-entrypoint.yaml deleted file mode 100644 index 4a41d979..00000000 --- a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-conf-entrypoint.yaml +++ /dev/null @@ -1,67 +0,0 @@ - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-conf-entrypoint - namespace: {{ .Release.Namespace }} -data: - docker-entrypoint.sh: | - #!/bin/bash - set -e - - # volume mounts - config_volume=${WORKING_DIRECTORY}/wso2-config-volume - artifact_volume=${WORKING_DIRECTORY}/wso2-artifact-volume - - # check if the WSO2 non-root user home exists - test ! -d ${WORKING_DIRECTORY} && echo "WSO2 Docker non-root user home does not exist" && exit 1 - - # check if the WSO2 product home exists - test ! -d ${WSO2_SERVER_HOME} && echo "WSO2 Docker product home does not exist" && exit 1 - - # Copying carbon_db - if ! test -f /home/wso2carbon/solr/database/WSO2CARBON_DB.mv.db - then - echo "Copying WSO2CARBON_DB.mv.db" >&2 - cp ${WSO2_SERVER_HOME}/repository/database/WSO2CARBON_DB.mv.db /home/wso2carbon/solr/database/ - fi - - # optimize WSO2 Carbon Server, if the profile name is defined as an environment variable - if [[ ! -z "${PROFILE_NAME}" ]] - then - echo "Optimizing WSO2 Carbon Server" >&2 - sh ${WSO2_SERVER_HOME}/bin/profileSetup.sh -Dprofile=${PROFILE_NAME} - fi - - # copy any configuration changes mounted to config_volume - test -d ${config_volume} && [[ "$(ls -A ${config_volume})" ]] && cp -RL ${config_volume}/* ${WSO2_SERVER_HOME}/ - # copy any artifact changes mounted to artifact_volume - test -d ${artifact_volume} && [[ "$(ls -A ${artifact_volume})" ]] && cp -RL ${artifact_volume}/* ${WSO2_SERVER_HOME}/ - - # start WSO2 Carbon server - echo "Start WSO2 Carbon server" >&2 - if [[ -z "${PROFILE_NAME}" ]] - then - # start the server with the provided startup arguments - sh ${WSO2_SERVER_HOME}/bin/api-manager.sh "$@" - else - # start the server with the specified profile and provided startup arguments - sh ${WSO2_SERVER_HOME}/bin/api-manager.sh -Dprofile=${PROFILE_NAME} "$@" - fi - - {{ end }} diff --git a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-gateway-ingress.yaml b/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-gateway-ingress.yaml deleted file mode 100644 index b169bd27..00000000 --- a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-gateway-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.ingress.gateway.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-gateway-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.ingress.gateway.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.ingress.gateway.annotations | indent 4 }} -{{- end }} -spec: - tls: - - hosts: - - {{ .Values.wso2.deployment.am.ingress.gateway.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.ingress.gateway.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-service - port: - number: 8243 -{{- end -}} diff --git a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-ingress.yaml b/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-ingress.yaml deleted file mode 100644 index 3e39880f..00000000 --- a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.ingress.management.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.ingress.management.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.ingress.management.annotations | indent 4 }} -{{- end }} -spec: - tls: - - hosts: - - {{ .Values.wso2.deployment.am.ingress.management.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.ingress.management.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-service - port: - number: 9443 -{{- end -}} diff --git a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-service.yaml b/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-service.yaml deleted file mode 100644 index 166c2252..00000000 --- a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-service - namespace : {{ .Release.Namespace }} -spec: - # label keys and values that must match in order to receive traffic for this service - selector: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-am - ports: - # ports that this service should serve on - - name: pass-through-http - protocol: TCP - port: 8280 - - name: pass-through-https - protocol: TCP - port: 8243 - - name: servlet-http - protocol: TCP - port: 9763 - - name: servlet-https - protocol: TCP - port: 9443 - - name: websub-http - protocol: TCP - port: 9021 - - name: websub-https - protocol: TCP - port: 8021 - - name: websocket-http - protocol: TCP - port: 9099 - - name: websocket-https - protocol: TCP - port: 8099 diff --git a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-volume-claims.yaml b/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-volume-claims.yaml deleted file mode 100644 index ec4b240a..00000000 --- a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-volume-claims.yaml +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-1-local-carbon-database-volume-claim - namespace : {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.carbonDatabase }} - storageClassName: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.storageClass }} - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-1-solr-indexed-data-volume-claim - namespace : {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.solrIndexedData }} - storageClassName: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.storageClass }} - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-2-local-carbon-database-volume-claim - namespace : {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.carbonDatabase }} - storageClassName: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.storageClass }} - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-2-solr-indexed-data-volume-claim - namespace : {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.solrIndexedData }} - storageClassName: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.storageClass }} - {{ end }} diff --git a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-websocket-ingress.yaml b/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-websocket-ingress.yaml deleted file mode 100644 index cbb1dd2e..00000000 --- a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-websocket-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.ingress.websocket.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-websocket-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.ingress.websocket.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.ingress.websocket.annotations | indent 4 }} -{{- end }} -spec: - tls: - - hosts: - - {{ .Values.wso2.deployment.am.ingress.websocket.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.ingress.websocket.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-service - port: - number: 8099 -{{- end -}} diff --git a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-websub-ingress.yaml b/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-websub-ingress.yaml deleted file mode 100644 index 16c54a0a..00000000 --- a/advanced/am-pattern-1/templates/am/wso2am-pattern-1-am-websub-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.ingress.websub.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-websub-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.ingress.websub.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.ingress.websub.annotations | indent 4 }} -{{- end }} -spec: - tls: - - hosts: - - {{ .Values.wso2.deployment.am.ingress.websub.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.ingress.websub.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-service - port: - number: 8021 -{{- end -}} diff --git a/advanced/am-pattern-1/templates/mi/instance-1/wso2am-pattern-1-mi-conf.yaml b/advanced/am-pattern-1/templates/mi/instance-1/wso2am-pattern-1-mi-conf.yaml deleted file mode 100644 index b9cc70a6..00000000 --- a/advanced/am-pattern-1/templates/mi/instance-1/wso2am-pattern-1-mi-conf.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.wso2.deployment.mi.config }} -# Copyright (c) 2023, WSO2 LLC (https://www.wso2.com) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-mi-1-conf - namespace: {{ .Release.Namespace }} -data: - {{- range $index, $content := .Values.wso2.deployment.mi.config }} - {{ $index }}: |- -{{ tpl $content $ | indent 4 }} - {{- end }} -{{- end }} diff --git a/advanced/am-pattern-1/templates/mi/instance-1/wso2am-pattern-1-mi-deployment.yaml b/advanced/am-pattern-1/templates/mi/instance-1/wso2am-pattern-1-mi-deployment.yaml deleted file mode 100644 index d20b2454..00000000 --- a/advanced/am-pattern-1/templates/mi/instance-1/wso2am-pattern-1-mi-deployment.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-mi-1-deployment - namespace: {{ .Release.Namespace }} - labels: -{{ include "am-pattern-1.labels" . | indent 4 }} -spec: - replicas: {{ .Values.wso2.deployment.mi.replicas }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.wso2.deployment.mi.strategy.rollingUpdate.maxSurge }} - maxUnavailable: {{ .Values.wso2.deployment.mi.strategy.rollingUpdate.maxUnavailable }} - type: RollingUpdate - selector: - matchLabels: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-mi - node: {{ template "am-pattern-1.resource.prefix" . }}-mi-1 - template: - metadata: - {{- if .Values.wso2.deployment.mi.config }} - annotations: - checksum.mi.conf: {{ include (print $.Template.BasePath "/mi/instance-1/wso2am-pattern-1-mi-conf.yaml") . | sha256sum }} - {{- end }} - labels: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-mi - node: {{ template "am-pattern-1.resource.prefix" . }}-mi-1 - product: apim - spec: - initContainers: - - name: init-am - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of API Manager deployment"; while ! nc -z {{ template "am-pattern-1.resource.prefix" . }}-am-service 9443; do sleep 1; printf "-"; done; echo -e " >> API Manager has started";'] - containers: - - name: wso2micro-integrator -{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.mi) | indent 10 }} - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - args: - - "-DsynapseTest=true" - {{- end }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - - nc -z localhost 8290 - initialDelaySeconds: {{ .Values.wso2.deployment.mi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.mi.livenessProbe.periodSeconds }} - readinessProbe: - httpGet: - path: /healthz - port: 9201 - initialDelaySeconds: {{ .Values.wso2.deployment.mi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.mi.readinessProbe.periodSeconds }} - resources: - requests: - memory: {{ .Values.wso2.deployment.mi.resources.requests.memory }} - cpu: {{ .Values.wso2.deployment.mi.resources.requests.cpu }} - limits: - memory: {{ .Values.wso2.deployment.mi.resources.limits.memory }} - cpu: {{ .Values.wso2.deployment.mi.resources.limits.cpu }} - imagePullPolicy: Always - securityContext: - runAsUser: 802 - ports: - - containerPort: 8290 - protocol: TCP - - containerPort: 9201 - protocol: TCP - - containerPort: 9164 - protocol: TCP - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - - containerPort: 9008 - protocol: TCP - {{- end }} - {{- if .Values.wso2.deployment.mi.envs }} - env: - {{- range $key, $val := .Values.wso2.deployment.mi.envs }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.wso2.deployment.mi.config }} - volumeMounts: - - name: wso2mi-conf - mountPath: /home/wso2carbon/wso2-config-volume/conf/deployment.toml - subPath: deployment.toml - {{- end }} - serviceAccountName: {{ .Values.kubernetes.serviceAccount }} - {{- if .Values.wso2.deployment.mi.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.wso2.deployment.mi.imagePullSecrets }} - {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} - imagePullSecrets: - - name: {{ template "am-pattern-1.resource.prefix" . }}-mi-1-wso2-private-registry-creds - {{ end }} - {{- if .Values.wso2.deployment.mi.config }} - volumes: - - name: wso2mi-conf - configMap: - name: {{ template "am-pattern-1.resource.prefix" . }}-mi-1-conf - {{ end }} diff --git a/advanced/am-pattern-1/templates/mi/instance-1/wso2am-pattern-1-mi-service.yaml b/advanced/am-pattern-1/templates/mi/instance-1/wso2am-pattern-1-mi-service.yaml deleted file mode 100644 index 4c1e4ca1..00000000 --- a/advanced/am-pattern-1/templates/mi/instance-1/wso2am-pattern-1-mi-service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-mi-1-service - namespace : {{ .Release.Namespace }} - labels: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-mi - node: {{ template "am-pattern-1.resource.prefix" . }}-mi-1 -{{ include "am-pattern-1.labels" . | indent 4 }} -spec: - type: ClusterIP - ports: - - port: 8290 - targetPort: 8290 - protocol: TCP - name: pass-through-http - - port: 8253 - targetPort: 8253 - protocol: TCP - name: pass-through-https - - port: 9201 - targetPort: 9201 - protocol: TCP - name: metrics - - port: 9164 - targetPort: 9164 - protocol: TCP - name: management - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - - port: 9008 - targetPort: 9008 - protocol: TCP - name: synapse-test - {{- end}} - selector: - deployment: {{ template "am-pattern-1.resource.prefix" . }}-mi - node: {{ template "am-pattern-1.resource.prefix" . }}-mi-1 diff --git a/advanced/am-pattern-1/templates/mi/wso2am-pattern-1-mi-management-ingress.yaml b/advanced/am-pattern-1/templates/mi/wso2am-pattern-1-mi-management-ingress.yaml deleted file mode 100644 index 99c23e93..00000000 --- a/advanced/am-pattern-1/templates/mi/wso2am-pattern-1-mi-management-ingress.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-mi-1-management-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.mi.ingress.management.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.mi.ingress.management.annotations | indent 4 }} -{{- end }} -spec: - tls: - - hosts: - - {{ .Values.wso2.deployment.mi.ingress.management.hostname | quote }} - rules: - - host: {{ .Values.wso2.deployment.mi.ingress.management.hostname | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-1.resource.prefix" . }}-mi-1-service - port: - number: 9164 diff --git a/advanced/am-pattern-1/templates/wso2am-pattern-1-am-secrets.yaml b/advanced/am-pattern-1/templates/wso2am-pattern-1-am-secrets.yaml deleted file mode 100644 index 390f651c..00000000 --- a/advanced/am-pattern-1/templates/wso2am-pattern-1-am-secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} -# Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $username := .Values.wso2.subscription.username }} -{{- $password := .Values.wso2.subscription.password }} -{{- $email := .Values.wso2.subscription.username }} -{{- $regId := default "docker.wso2.com" .Values.wso2.deployment.am.dockerRegistry }} -{{- $auth := printf "%s:%s" $username $password | b64enc }} -{{- $files := .Files }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-am-wso2-private-registry-creds - namespace: {{ .Release.Namespace }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ $files.Get "auth.json" | replace "reg.id" $regId | replace "docker.wso2.com.username" $username | replace "docker.wso2.com.password" $password | replace "docker.wso2.com.email" $email | replace "docker.wso2.com.auth" $auth | b64enc }} -{{ end }} diff --git a/advanced/am-pattern-1/templates/wso2am-pattern-1-mi-secrets.yaml b/advanced/am-pattern-1/templates/wso2am-pattern-1-mi-secrets.yaml deleted file mode 100644 index d844e209..00000000 --- a/advanced/am-pattern-1/templates/wso2am-pattern-1-mi-secrets.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) (eq (default "docker.wso2.com" .Values.wso2.deployment.mi.dockerRegistry) "docker.wso2.com") }} -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $username := .Values.wso2.subscription.username }} -{{- $password := .Values.wso2.subscription.password }} -{{- $email := .Values.wso2.subscription.username }} -{{- $regId := default "docker.wso2.com" .Values.wso2.deployment.mi.dockerRegistry }} -{{- $auth := printf "%s:%s" $username $password | b64enc }} -{{- $files := .Files }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "am-pattern-1.resource.prefix" . }}-mi-1-wso2-private-registry-creds - namespace: {{ .Release.Namespace }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ $files.Get "auth.json" | replace "reg.id" $regId | replace "docker.wso2.com.username" $username | replace "docker.wso2.com.password" $password | replace "docker.wso2.com.email" $email | replace "docker.wso2.com.auth" $auth | b64enc }} -{{ end }} diff --git a/advanced/am-pattern-1/templates/wso2am-pattern-1-service-account.yaml b/advanced/am-pattern-1/templates/wso2am-pattern-1-service-account.yaml deleted file mode 100644 index ddcfede5..00000000 --- a/advanced/am-pattern-1/templates/wso2am-pattern-1-service-account.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.kubernetes.serviceAccount }} - namespace : {{ .Release.Namespace }} diff --git a/advanced/am-pattern-1/values.yaml b/advanced/am-pattern-1/values.yaml deleted file mode 100644 index a9e2fa2e..00000000 --- a/advanced/am-pattern-1/values.yaml +++ /dev/null @@ -1,225 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -wso2: - # WSO2 Subscription parameters (https://wso2.com/subscription/) - # If provided, these parameters will be used to obtain official WSO2 product Docker images available at WSO2 Private Docker Registry (https://docker.wso2.com/) - # for this deployment - subscription: - username: "" - password: "" - - # WSO2 Choreo Analytics Parameters - # If provided, these parameters will be used publish analytics data to Choreo Analytics environment (https://apim.docs.wso2.com/en/latest/observe/api-manager-analytics/configure-analytics/register-for-analytics/). - choreoAnalytics: - enabled: false - endpoint: "" - onpremKey: "" - - deployment: - dependencies: - # The configuration should be set to be 'true' if a MySQL database should be spawned as a pod within the cluster - cluster_mysql: true - # Enable NFS dynamic provisioner for Kubernetes - nfsServerProvisioner: true - - # Persisted and shared runtime artifacts for API Manager - # See official documentation (from https://apim.docs.wso2.com/en/latest/install-and-setup/setup/reference/common-runtime-and-configuration-artifacts/#persistent-runtime-artifacts) - persistentRuntimeArtifacts: - # Kubernetes Storage Class to be used to dynamically provision the relevant Persistent Volumes - # Only persistent storage solutions supporting ReadWriteMany access mode are applicable (https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) - # Defaults to Kubernetes Storage Class generated using the NFS Server Provisioner (https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner) - storageClass: &storage_class "nfs" - - # Persistent runtime artifacts for Apache Solr-based indexing - apacheSolrIndexing: - # Indicates if persistence of the runtime artifacts for Apache Solr-based indexing is enabled - # By default, this is disabled - enabled: false - # Define capacities for persistent runtime artifact directories - capacity: - # For persisting the H2 based local Carbon database file - carbonDatabase: 50M - # For persisting the indexed data - solrIndexedData: 50M - - am: - # Container image configurations - # If a custom image must be used, uncomment 'dockerRegistry' and provide its value - dockerRegistry: "docker.wso2.com" - imageName: "wso2am" - imageTag: "4.2.0.0" - # Refer to the Kubernetes documentation on updating images (https://kubernetes.io/docs/concepts/containers/images/#updating-images) - imagePullPolicy: Always - - # Indicates whether the container is running - livenessProbe: - # Number of seconds after the container has started before liveness probes are initiated - initialDelaySeconds: 180 - # How often (in seconds) to perform the probe - periodSeconds: 10 - # Indicates whether the container is ready to service requests - readinessProbe: - # Number of seconds after the container has started before readiness probes are initiated - initialDelaySeconds: 180 - # How often (in seconds) to perform the probe - periodSeconds: 10 - - resources: - # These are the minimum resource recommendations for running WSO2 API Management product profiles - # as per official documentation (https://apim.docs.wso2.com/en/latest/install-and-setup/install/installation-prerequisites/) - requests: - memory: "2Gi" - cpu: "2000m" - limits: - memory: "3Gi" - cpu: "3000m" - # JVM settings - # These are the resource allocation configurations associated with the JVM - # Refer to the official documentation for advanced details (https://apim.docs.wso2.com/en/latest/install-and-setup/install/installation-prerequisites/) - jvm: - # Resource allocation for the Java Heap - heap: - memory: - # Initial and minimum Heap size - xms: "1024m" - # Maximum Heap size - xmx: "1024m" - - # If the deployment configurations for the WSO2 API Manager v4.0.0 (/repository/conf/deployment.toml), - # add the customized configuration file under (wso2 -> deployment -> am -> config -> deployment.toml) - # config: - # deployment.toml: |- - # # deployment configurations for the WSO2 API Manager v4.0.0 (/repository/conf/deployment.toml) - - # Configure Ingresses - ingress: - management: - enabled: true - # Hostname for API Manager Carbon Management Console, Publisher, DevPortal and Admin Portal - hostname: "am.wso2.com" - # Annotations for the API Manager Publisher-DevPortal services Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/session-cookie-name: "route" - nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" - gateway: - enabled: true - # Hostname for Gateway profile - hostname: "gateway.am.wso2.com" - # Annotations for the API Manager Gateway service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - websub: - enabled: true - hostname: "websub.am.wso2.com" - # Annotations for the API Manager WebSub service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - websocket: - enabled: true - hostname: "websocket.am.wso2.com" - # Annotations for the API Manager WebSocket service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - db: - hostname: wso2am-mysql-db-service - port: 3306 - type: mysql - driver: com.mysql.cj.jdbc.Driver - driver_url: https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.29/mysql-connector-java-8.0.29.jar - apim: - username: wso2carbon - password: wso2carbon - url: jdbc:mysql://wso2am-mysql-db-service:3306/WSO2AM_DB?useSSL=false&autoReconnect=true&requireSSL=false&verifyServerCertificate=false - apim_shared: - username: wso2carbon - password: wso2carbon - url: jdbc:mysql://wso2am-mysql-db-service:3306/WSO2AM_SHARED_DB?useSSL=false&autoReconnect=true&requireSSL=false&verifyServerCertificate=false - - mi: - # If a custom image must be used, uncomment 'dockerRegistry' and provide its value. - dockerRegistry: "docker.wso2.com" - imageName: "wso2mi" - imageTag: "4.2.0.0" - # Number of MI replicas - replicas: 2 - strategy: - rollingUpdate: - # The maximum number of pods that can be scheduled above the desired number of pods. - maxSurge: 1 - # The maximum number of pods that can be unavailable during the update. - maxUnavailable: 0 - # Indicates whether the container is running. - livenessProbe: - # Number of seconds after the container has started before liveness probes are initiated. - initialDelaySeconds: 35 - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # Indicates whether the container is ready to service requests. - readinessProbe: - # Number of seconds after the container has started before readiness probes are initiated. - initialDelaySeconds: 35 - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # These are the minimum resource recommendations for running WSO2 Micro Integrator - resources: - requests: - # The minimum amount of memory that should be allocated for a Pod - memory: "512Mi" - # The minimum amount of CPU that should be allocated for a Pod - cpu: "500m" - limits: - # The maximum amount of memory that should be allocated for a Pod - memory: "1Gi" - # The maximum amount of CPU that should be allocated for a Pod - cpu: "1000m" - # Environment variables for the Micro integrator deployment. - envs: - # ENV_NAME: ENV_VALUE - - # Add the customized deployment configurations for the WSO2 MI v4.2.0 (/conf/deployment.toml) - # config: - # deployment.toml: |- - # # toml configurations for the WSO2 MI v4.2.0 - - # Configure synapse testing. - synapseTest: - enabled: false - - # Configure Ingresses - ingress: - # Configure management ingress - management: - # Hostname for the Micro Integrator management endpoint. - hostname: "management.mi.wso2.com" - # Annotations for the Micro Integrator management Ingress. - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - -kubernetes: - # Name of Kubernetes service account - serviceAccount: "wso2am-pattern-1-svc-account" - -# Override sub chart parameters -mysql-am: - mysql: - persistence: - storageClass: *storage_class diff --git a/advanced/am-pattern-2/Chart.yaml b/advanced/am-pattern-2/Chart.yaml deleted file mode 100644 index d833ba75..00000000 --- a/advanced/am-pattern-2/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -appVersion: "4.2.0" -description: A Helm chart for the deployment of WSO2 API Management deployment pattern 2 -name: am-pattern-2 -version: 4.2.0-2 -icon: https://wso2.cachefly.net/wso2/sites/all/images/wso2logo.svg diff --git a/advanced/am-pattern-2/README.md b/advanced/am-pattern-2/README.md deleted file mode 100644 index a0f30090..00000000 --- a/advanced/am-pattern-2/README.md +++ /dev/null @@ -1,398 +0,0 @@ -# Pattern 2: Helm Chart for Standard HA Deployment of WSO2 API Manager with Multitenancy along with WSO2 Micro Integrator - -This deployment consists of two API-M nodes and two nodes each of the integration runtimes (Micro Integrator/Streaming Integrator) per tenant. You can use this pattern when traffic from different tenants in the API-M cluster needs to be handled in isolation. This deployment also allows you to direct the traffic of each tenant to a separate integration cluster. - -![WSO2 API Manager pattern 2 deployment](https://apim.docs.wso2.com/en/4.2.0/assets/img/setup-and-install/basic-ha-with-multitenancy.png) - -For advanced details on the deployment pattern, please refer to the official -[documentation](https://apim.docs.wso2.com/en/4.2.0/install-and-setup/setup/deployment-overview/#standard-ha-deployment-with-multitenancy). - -## Contents - -* [Prerequisites](#prerequisites) -* [Quick Start Guide](#quick-start-guide) -* [Configuration](#configuration) -* [Runtime Artifact Persistence and Sharing](#runtime-artifact-persistence-and-sharing) -* [Managing Java Keystores and Truststores](#managing-java-keystores-and-truststores) -* [Configuring SSL in Service Exposure](#configuring-ssl-in-service-exposure) - -## Prerequisites - -* WSO2 product Docker images used for the Kubernetes deployment. - - WSO2 product Docker images available at [DockerHub](https://hub.docker.com/u/wso2/) package General Availability (GA) - versions of WSO2 products with no [WSO2 Updates](https://wso2.com/updates). - - For a production grade deployment of the desired WSO2 product-version, it is highly recommended to use the relevant - Docker image which packages WSO2 Updates, available at [WSO2 Private Docker Registry](https://docker.wso2.com/). In order - to use these images, you need an active [WSO2 Subscription](https://wso2.com/subscription). -

- -* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Helm](https://helm.sh/docs/intro/install/) - and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) in order to run the steps provided in the - following quick start guide.

- -* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup).

- -* Install [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/).

- -* Add the WSO2 Helm chart repository. - - ``` - helm repo add wso2 https://helm.wso2.com && helm repo update - ``` - -## Quick Start Guide - -### 1. Install the Helm Chart - -You can install the relevant Helm chart either from [WSO2 Helm Chart Repository](https://hub.helm.sh/charts/wso2) or by source. - -**Note:** -* This Helm chart has been implemented by extending the `advance/am-pattern-1` Helm resource. -* `NAMESPACE` should be the Kubernetes Namespace in which the resources are deployed. - -#### Install Chart From [WSO2 Helm Chart Repository](https://hub.helm.sh/charts/wso2) - -Deploy the Kubernetes resources using the Helm Chart - -- Helm version 2 - - ``` - helm install --name wso2/am-pattern-2 --version 4.2.0-1 --namespace - ``` - -- Helm version 3 - - ``` - helm install wso2/am-pattern-2 --version 4.2.0-1 --namespace --create-namespace - ``` - -The above steps will deploy the deployment pattern using WSO2 product Docker images available in WSO2 Private Docker Registry. Please provide your WSO2 Subscription credentials via input values (using `--set` argument). - -Please see the following example. - -- To provide WSO2 Subscription credentials for WSO2 API Manager and WSO2 Micro Integrator as in pattern 1 - ``` - --set am-pattern-1.wso2.subscription.username=$SUBSCRIPTION_USERNAME --set am-pattern-1.wso2.subscription.password=$SUBSCRIPTION_PASSWORD - ``` - -- To provide WSO2 Subscription credentials for additional WSO2 Micro Integrator deployment for the new tenant - ``` - --set wso2.subscription.username=$SUBSCRIPTION_USERNAME --set wso2.subscription.password=$SUBSCRIPTION_PASSWORD - ``` - -Below example is to provide WSO2 Subscription credentials for all WSO2 API Manager and WSO2 Micro Integrator tenant 1 and tenant 2 deployments - -``` -export SUBSCRIPTION_USERNAME= -export SUBSCRIPTION_PASSWORD= - -helm install --name wso2/am-pattern-2 --version 4.2.0-1 --namespace --set wso2.subscription.username=$SUBSCRIPTION_USERNAME --set wso2.subscription.password=$SUBSCRIPTION_PASSWORD --set am-pattern-1.wso2.subscription.username=$SUBSCRIPTION_USERNAME --set am-pattern-1.wso2.subscription.password=$SUBSCRIPTION_PASSWORD -``` - -If you are using a custom WSO2 Docker images you will need to provide those information via the input values. Please refer [API Manager Server Configurations](#api-manager-server-configurations), [Micro Integrator Server Configurations for Tenant 1](#micro-integrator-server-configurations-for-tenant-1) and [Micro Integrator Server Configurations for Tenant 2](#micro-integrator-server-configurations-for-tenant-2) - - -#### Install Chart From Source - ->In the context of this document,
->* `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-apim`](https://github.com/wso2/kubernetes-apim/) -Git repository.
->* `HELM_HOME` will refer to `/advanced`.
- -##### Clone the Helm Resources for WSO2 API Manager Git repository. - -``` -git clone https://github.com/wso2/kubernetes-apim.git -``` - -##### Deploy Helm chart for WSO2 API Manager Pattern 2 deployment. - -Deploy the Kubernetes resources using the Helm Chart - -- Helm version 2 - - ``` - helm install --dep-up --name /am-pattern-2 --version 4.2.0-1 --namespace - ``` - -- Helm version 3 - - ``` - helm install /am-pattern-2 --version 4.2.0-1 --namespace --dependency-update --create-namespace - ``` - -The above steps will deploy the deployment pattern using WSO2 product Docker images available in WSO2 Private Docker Registry. Please provide your WSO2 Subscription credentials via input values (using `--set` argument). - -Please see the following example. - -``` - helm install --name /am-pattern-2 --version 4.2.0-1 --namespace --set wso2.subscription.username= --set wso2.subscription.password= -``` - -If you are using a custom WSO2 Docker images you will need to provide those information via the input values. Please refer [API Manager Server Configurations](#api-manager-server-configurations), [Micro Integrator Server Configurations for Tenant 1](#micro-integrator-server-configurations-for-tenant-1) and [Micro Integrator Server Configurations for Tenant 2](#micro-integrator-server-configurations-for-tenant-2) - - -Or else, you can configure the default configurations inside the am-pattern-1 helm chart [values.yaml](https://github.com/wso2/kubernetes-apim/blob/master/advanced/am-pattern-1/values.yaml) file. Refer [this](https://helm.sh/docs/chart_template_guide/values_files/) for to learn more details about the `values.yaml` file. - - -> **Note:**
-From the above Helm commands, base image of a Micro Integrator is deployed (without any integration solution). To deploy your integration solution with the Helm charts follow the below steps.

->1. [Create an integration service using WSO2 Integration Studio and expose it as a Managed API](https://apim.docs.wso2.com/en/4.2.0/tutorials/integration-tutorials/service-catalog-tutorial/#exposing-an-integration-service-as-a-managed-api). Then [create a Docker image](https://apim.docs.wso2.com/en/4.2.0/integrate/develop/create-docker-project/#creating-docker-exporter) and push it to your private or public Docker registry.

- - `INTEGRATION_IMAGE_REGISTRY` will refer to the Docker registry that created Docker image has been pushed
- - `INTEGRATION_IMAGE_NAME` will refer to the name of the created Docker image
- - `INTEGRATION_IMAGE_TAG` will refer to the tag of the created Docker image

->2. If your Docker registry is a private registry, [create an imagePullSecret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).

- - `IMAGE_PULL_SECRET` will refer to the created image pull secret

->3. Deploy the helm resource using following command.

-> ``` -> helm install wso2/am-pattern-2 --version 4.2.0-1 --namespace --set wso2.deployment.mi.dockerRegistry= --set wso2.deployment.mi.imageName= --set wso2.deployment.mi.imageTag= --set wso2.deployment.mi.imagePullSecrets= -> ``` - -> **Note:** -> If you are using Rancher Desktop for the Kubernetes cluster, add the following changes. -> 1. Change `storageClass` to `local-path` in [`values.yaml`](https://github.com/wso2/kubernetes-apim/blob/master/advanced/am-pattern-2/values.yaml#L112). - -### Choreo Analytics - -If you need to enable Choreo Analytics with WSO2 API Manager, please follow the documentation on [Register for Analytics](https://apim.docs.wso2.com/en/4.2.0/observe/api-manager-analytics/configure-analytics/register-for-analytics/) to obtain the on-prem key for Analytics. - -The following example shows how to enable Analytics with the helm charts. - -Helm v2 - -``` -helm install --name wso2/am-pattern-2 --version 4.2.0-1 --namespace --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint= --set wso2.choreoAnalytics.onpremKey= -``` - -Helm v3 - -``` -helm install wso2/am-pattern-2 --version 4.2.0-1 --namespace --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint= --set wso2.choreoAnalytics.onpremKey= --create-namespace -``` - -You will be able to see the Analytics data when you log into Choreo Analytics Portal. - -### 2. Obtain the external IP - -Obtain the external IP (`EXTERNAL-IP`) of the API Manager Ingress resources, by listing down the Kubernetes Ingresses. - -``` -kubectl get ing -n -``` - -The output under the relevant column stands for the following. - -API Manager Publisher-DevPortal - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-1-am-ingress`) -- HOSTS: Hostname of the WSO2 API Manager service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager service - -API Manager Gateway - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-1-am-gateway-ingress`) -- HOSTS: Hostname of the WSO2 API Manager's Gateway service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Gateway service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager' Gateway service - -API Manager Websub - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-1-am-websub-ingress`) -- HOSTS: Hostname of the WSO2 API Manager's Websub service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Websub service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager' Websub service - -Micro Integrator Management APIs of Tenant 1 - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-1-mi-1-management-ingress`) -- HOSTS: Hostname of the WSO2 Micro Integrator service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the Micro Integrator service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the Micro Integrator service - -Micro Integrator Management APIs of Tenant 2 - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-2-mi-2-management-ingress`) -- HOSTS: Hostname of the WSO2 Micro Integrator service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the Micro Integrator service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the Micro Integrator service - -### 3. Add a DNS record mapping the hostnames and the external IP - -If the defined hostnames (in the previous step) are backed by a DNS service, add a DNS record mapping the hostnames and -the external IP (`EXTERNAL-IP`) in the relevant DNS service. - -If the defined hostnames are not backed by a DNS service, for the purpose of evaluation you may add an entry mapping the -hostnames and the external IP in the `/etc/hosts` file at the client-side. - -``` - -``` - -### 4. Access Management Consoles - -- API Manager Publisher: `https:///publisher` - -- API Manager DevPortal: `https:///devportal` - -- API Manager Carbon Console: `https:///carbon` - - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -### WSO2 Subscription Configurations for WSO2 API Manager and Micro Integrator Tenant 1 Deployment - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `am-pattern-1.wso2.subscription.username` | Your WSO2 Subscription username | - | -| `am-pattern-1.wso2.subscription.password` | Your WSO2 Subscription password | - | -| `am-pattern-1.wso2.choreoAnalytics.enabled` | Chorero Analytics enabled or not | false | -| `am-pattern-1.wso2.choreoAnalytics.endpoint` | Choreo Analytics endpoint | https://analytics-event-auth.choreo.dev/auth/v1 | -| `am-pattern-1.wso2.choreoAnalytics.onpremKey` | On-prem key for Choreo Analytics | - | - - -### WSO2 Subscription Configurations for Micro Integrator Tenant 2 Deployment - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.subscription.username` | Your WSO2 Subscription username | - | -| `wso2.subscription.password` | Your WSO2 Subscription password | - | - -If you do not have an active WSO2 subscription, **do not change** the parameters `am-pattern-1.wso2.subscription.username` and `am-pattern-1.wso2.subscription.password`. - -#### Chart Dependencies - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `am-pattern-1.wso2.deployment.dependencies.mysql` | Enable the deployment and usage of WSO2 API Management MySQL based Helm Chart | true | -| `am-pattern-1.wso2.deployment.dependencies.nfsProvisioner` | Enable the deployment and usage of NFS Server Provisioner (https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner) | true | - -#### Persistent Runtime Artifact Configurations - -| Parameter | Description | Default Value | -|---------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `am-pattern-1.wso2.deployment.persistentRuntimeArtifacts.storageClass` | Appropriate Kubernetes Storage Class | `nfs` | -| `am-pattern-1.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled` | Indicates if persistence of the runtime artifacts for Apache Solr-based indexing is enabled | false | -| `am-pattern-1.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.carbonDatabase` | Capacity for persisting the H2 based local Carbon database file | 50M | -| `am-pattern-1.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.solrIndexedData` | Capacity for persisting the Apache Solr indexed data | 50M | - -#### API Manager Server Configurations - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `am-pattern-1.wso2.deployment.am.dockerRegistry` | Registry location of the Docker image to be used to create API Manager instances | - | -| `am-pattern-1.wso2.deployment.am.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2am` | -| `am-pattern-1.wso2.deployment.am.imageTag` | Tag of the image used to create API Manager instances | 4.2.0 | -| `am-pattern-1.wso2.deployment.am.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` | -| `am-pattern-1.wso2.deployment.am.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for API Manager node | 180 | -| `am-pattern-1.wso2.deployment.am.livenessProbe.periodSeconds` | Period of the live-ness probe for API Manager node | 10 | -| `am-pattern-1.wso2.deployment.am.readinessProbe.initialDelaySeconds` | Initial delay for the readiness probe for API Manager node | 180 | -| `am-pattern-1.wso2.deployment.am.readinessProbe.periodSeconds` | Period of the readiness probe for API Manager node | 10 | -| `am-pattern-1.wso2.deployment.am.resources.requests.memory` | The minimum amount of memory that should be allocated for a Pod | 2Gi | -| `am-pattern-1.wso2.deployment.am.resources.requests.cpu` | The minimum amount of CPU that should be allocated for a Pod | 2000m | -| `am-pattern-1.wso2.deployment.am.resources.limits.memory` | The maximum amount of memory that should be allocated for a Pod | 3Gi | -| `am-pattern-1.wso2.deployment.am.resources.limits.cpu` | The maximum amount of CPU that should be allocated for a Pod | 3000m | -| `am-pattern-1.wso2.deployment.am.config` | Custom deployment configuration file (`/repository/conf/deployment.toml`) | - | -| `am-pattern-1.wso2.deployment.am.ingress.management.enabled` | If enabled, create ingress resource for API Manager management consoles | true | -| `am-pattern-1.wso2.deployment.am.ingress.management.hostname` | Hostname for API Manager Admin Portal, Publisher, DevPortal and Carbon Management Console | `am.wso2.com` | -| `am-pattern-1.wso2.deployment.am.ingress.management.annotations` | Ingress resource annotations for API Manager management consoles | Community NGINX Ingress controller annotations | -| `am-pattern-1.wso2.deployment.am.ingress.gateway.enabled` | If enabled, create ingress resource for API Manager Gateway | true | -| `am-pattern-1.wso2.deployment.am.ingress.gateway.hostname` | Hostname for API Manager Gateway | `gateway.am.wso2.com` | -| `am-pattern-1.wso2.deployment.am.ingress.gateway.annotations` | Ingress resource annotations for API Manager Gateway | Community NGINX Ingress controller annotations | -| `am-pattern-1.wso2.deployment.am.ingress.websub.enabled` | If enabled, create ingress resource for WebSub service | true | -| `am-pattern-1.wso2.deployment.am.ingress.websub.hostname` | Hostname for API Manager Websub services | `websub.am.wso2.com` | -| `am-pattern-1.wso2.deployment.am.ingress.websub.annotations` | Ingress resource annotations for API Manager Websub | Community NGINX Ingress controller annotations | - -#### Micro Integrator Server Configurations for Tenant 1 - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `am-pattern-1.wso2.deployment.mi.dockerRegistry` | Registry location of the Docker image to be used to create Micro Integrator instances | - | -| `am-pattern-1.wso2.deployment.mi.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2mi` | -| `am-pattern-1.wso2.deployment.mi.imageTag` | Tag of the image used to create API Manager instances | 4.2.0 | -| `am-pattern-1.wso2.deployment.mi.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` | -| `am-pattern-1.wso2.deployment.mi.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for Micro Integrator node | 35 | -| `am-pattern-1.wso2.deployment.mi.livenessProbe.periodSeconds` | Period of the live-ness probe for Micro Integrator node | 10 | -| `am-pattern-1.wso2.deployment.mi.readinessProbe.initialDelaySeconds` | Initial delay for the readiness probe for Micro Integrator node | 35 | -| `am-pattern-1.wso2.deployment.mi.readinessProbe.periodSeconds` | Period of the readiness probe for Micro Integrator node | 10 | -| `am-pattern-1.wso2.deployment.mi.resources.requests.memory` | The minimum amount of memory that should be allocated for a Pod | 512Mi | -| `am-pattern-1.wso2.deployment.mi.resources.requests.cpu` | The minimum amount of CPU that should be allocated for a Pod | 500m | -| `am-pattern-1.wso2.deployment.mi.resources.limits.memory` | The maximum amount of memory that should be allocated for a Pod | 1Gi | -| `am-pattern-1.wso2.deployment.mi.resources.limits.cpu` | The maximum amount of CPU that should be allocated for a Pod | 1000m | -| `am-pattern-1.wso2.deployment.mi.ingress.management.hostname` | Hostname for Micro Integrator management apis | `management.mi.wso2.com` | -| `am-pattern-1.wso2.deployment.mi.ingress.management.annotations` | Ingress resource annotations for API Manager Gateway | Community NGINX Ingress controller annotations | - -#### Micro Integrator Server Configurations for Tenant 2 - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.mi.dockerRegistry` | Registry location of the Docker image to be used to create Micro Integrator instances | - | -| `wso2.deployment.mi.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2mi` | -| `wso2.deployment.mi.imageTag` | Tag of the image used to create API Manager instances | 4.2.0 | -| `wso2.deployment.mi.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` | -| `wso2.deployment.mi.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for Micro Integrator node | 35 | -| `wso2.deployment.mi.livenessProbe.periodSeconds` | Period of the live-ness probe for Micro Integrator node | 10 | -| `wso2.deployment.mi.readinessProbe.initialDelaySeconds` | Initial delay for the readiness probe for Micro Integrator node | 35 | -| `wso2.deployment.mi.readinessProbe.periodSeconds` | Period of the readiness probe for Micro Integrator node | 10 | -| `wso2.deployment.mi.resources.requests.memory` | The minimum amount of memory that should be allocated for a Pod | 512Mi | -| `wso2.deployment.mi.resources.requests.cpu` | The minimum amount of CPU that should be allocated for a Pod | 500m | -| `wso2.deployment.mi.resources.limits.memory` | The maximum amount of memory that should be allocated for a Pod | 1Gi | -| `wso2.deployment.mi.resources.limits.cpu` | The maximum amount of CPU that should be allocated for a Pod | 1000m | -| `wso2.deployment.mi.config` | Custom deployment configuration file (`/conf/deployment.toml`) | - | -| `wso2.deployment.mi.ingress.management.hostname` | Hostname for Micro Integrator management apis | `management.mi.wso2.com` | -| `wso2.deployment.mi.ingress.management.annotations` | Ingress resource annotations for API Manager Gateway | Community NGINX Ingress controller annotations | - - -**Note**: The above mentioned default, minimum resource amounts for running WSO2 API Manager server profiles are based on its [official documentation](https://apim.docs.wso2.com/en/4.2.0/install-and-setup/install/installation-prerequisites/). - -#### Kubernetes Specific Configurations - -| Parameter | Description | Default Value | -|---------------------------------------------------------------|-------------------------------------------------------------------------------------------|---------------------------------| -| `kubernetes.serviceAccount` | Name of the Kubernetes Service Account to which the Pods are to be bound | `wso2am-pattern-1-svc-account` | - -## Runtime Artifact Persistence and Sharing - -* It is **mandatory** to set an appropriate Kubernetes StorageClass in this deployment, for persistence and sharing. - -* By default, this deployment uses the `nfs` Kubernetes StorageClass created using the official, stable [NFS Server Provisioner](https://hub.helm.sh/charts/stable/nfs-server-provisioner). - -* Only persistent storage solutions supporting `ReadWriteMany` [access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) - are applicable for `am-pattern-1.wso2.deployment.persistentRuntimeArtifacts.storageClass`. - -* Please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/store/Persisting_And_Sharing.md#recommended-storage-options-for-wso2-products) - for advanced details with regards to WSO2 recommended, storage options. - -## Managing Java Keystores and Truststores - -* By default, this deployment uses the default keystores and truststores provided by the relevant WSO2 product. - -* For advanced details with regards to managing custom Java keystores and truststores in a container based WSO2 product deployment - please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/deploy/Managing_Keystores_And_Truststores.md). - -## Configuring SSL in Service Exposure - -* For WSO2 recommended best practices in configuring SSL when exposing the internal product services to outside of the Kubernetes cluster, - please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/route/Routing.md#configuring-ssl). - -## Setting up API Manager without Micro Integrator - -If you want to setup API Manager only without Micro Integrator, you have to install the charts from source after removing MI templates. - -* Clone the repository - - ``` - git clone https://github.com/wso2/kubernetes-apim.git - ``` - -* Remove the MI templates by removing the `mi` folder in `/advanced/am-pattern-2/templates/`. - -* Deploy Helm charts - - ```helm - helm install /am-pattern-2 --version 4.2.0-1 --namespace --dependency-update --create-namespace - ``` \ No newline at end of file diff --git a/advanced/am-pattern-2/auth.json b/advanced/am-pattern-2/auth.json deleted file mode 100644 index 97387c87..00000000 --- a/advanced/am-pattern-2/auth.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "auths": { - "reg.id": { - "username": "docker.wso2.com.username", - "password": "docker.wso2.com.password", - "email": "docker.wso2.com.email", - "auth": "docker.wso2.com.auth" - } - } -} diff --git a/advanced/am-pattern-2/requirements.yaml b/advanced/am-pattern-2/requirements.yaml deleted file mode 100644 index beeae1b4..00000000 --- a/advanced/am-pattern-2/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: am-pattern-1 - version: "4.2.0-1" - repository: "https://helm.wso2.com" diff --git a/advanced/am-pattern-2/templates/NOTES.txt b/advanced/am-pattern-2/templates/NOTES.txt deleted file mode 100644 index 3ed9cd07..00000000 --- a/advanced/am-pattern-2/templates/NOTES.txt +++ /dev/null @@ -1,64 +0,0 @@ -Thank you for installing WSO2 API Manager. - -Please follow these steps to access API Manager Publisher and DevPortal consoles. - -1. Obtain the external IP (`EXTERNAL-IP`) of the API Manager Ingress resources, by listing down the Kubernetes Ingresses. - - kubectl get ing -n {{ .Release.Namespace }} - - The output under the relevant column stands for the following. - - API Manager Publisher-DevPortal - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-1.resource.prefix" . }}-am-ingress) - - HOSTS: Hostname of the WSO2 API Manager service ({{ index .Values "am-pattern-1" "wso2" "deployment" "am" "ingress" "management" "hostname" }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the API Manager service - - API Manager Gateway - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-1.resource.prefix" . }}-am-gateway-ingress) - - HOSTS: Hostname of the WSO2 API Manager's Gateway service ({{ index .Values "am-pattern-1" "wso2" "deployment" "am" "ingress" "gateway" "hostname" }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Gateway service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the API Manager' Gateway service - -2. Add a DNS record mapping the hostnames (in step 1) and the external IP. - - If the defined hostnames (in step 1) are backed by a DNS service, add a DNS record mapping the hostnames and - the external IP (`EXTERNAL-IP`) in the relevant DNS service. - - If the defined hostnames are not backed by a DNS service, for the purpose of evaluation you may add an entry mapping the - hostnames and the external IP in the `/etc/hosts` file at the client-side. - - {{ index .Values "am-pattern-1" "wso2" "deployment" "am" "ingress" "management" "hostname" }} {{ index .Values "am-pattern-1" "wso2" "deployment" "am" "ingress" "gateway" "hostname" }} - -3. Navigate to the consoles in your browser of choice. - - API Manager Publisher: https://{{ index .Values "am-pattern-1" "wso2" "deployment" "am" "ingress" "management" "hostname" }}/publisher - API Manager DevPortal: https://{{ index .Values "am-pattern-1" "wso2" "deployment" "am" "ingress" "management" "hostname" }}/devportal - -Please follow these steps to assess Micro Integrator. - -1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. - - kubectl get ing -n {{ .Release.Namespace }} - - Micro Integrator Instance 1 Management APIs - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-1.resource.prefix" . }}-mi-1-management-ingress) - - HOSTS: Hostname of the WSO2 Micro Integrator service ({{ index .Values "am-pattern-1" "wso2" "deployment" "mi" "ingress" "management" "hostname" }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the Micro Integrator service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the Micro Integrator service - - Micro Integrator Instance 2 Management APIs - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-2.resource.prefix" . }}-mi-2-management-ingress) - - HOSTS: Hostname of the WSO2 Micro Integrator service ({{ .Values.wso2.deployment.mi.ingress.management.hostname }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the Micro Integrator service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the Micro Integrator service - -2. Add the above host as an entry in /etc/hosts file as follows: - - {{ index .Values "am-pattern-1" "wso2" "deployment" "mi" "ingress" "management" "hostname" }} {{ .Values.wso2.deployment.mi.ingress.management.hostname }} - -Please refer the official documentation at https://apim.docs.wso2.com/en/latest/ for additional information on WSO2 API Manager. diff --git a/advanced/am-pattern-2/templates/_helpers.tpl b/advanced/am-pattern-2/templates/_helpers.tpl deleted file mode 100644 index 962fe5eb..00000000 --- a/advanced/am-pattern-2/templates/_helpers.tpl +++ /dev/null @@ -1,89 +0,0 @@ -{{/* -Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at -http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "am-pattern-2.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "am-pattern-2.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "am-pattern-2.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "am-pattern-2.labels" -}} -app.kubernetes.io/name: {{ include "am-pattern-2.name" . }} -helm.sh/chart: {{ include "am-pattern-2.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Common prefix prepended to Kubernetes resources of this chart -*/}} -{{- define "am-pattern-2.resource.prefix" -}} -{{- "wso2am-pattern-2" }} -{{- end -}} - -{{/* -Common prefix prepended to Kubernetes resources of this chart -*/}} -{{- define "am-pattern-1.resource.prefix" -}} -{{- "wso2am-pattern-2" }} -{{- end -}} - -{{- define "image" }} -{{- $imageName := .deployment.imageName }} -{{- $imageTag := .deployment.imageTag | default "" }} -{{- if or (eq .Values.wso2.subscription.username "") (eq .Values.wso2.subscription.password "") -}} -{{- $dockerRegistry := .deployment.dockerRegistry | default "wso2" }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}{{- printf ":%s" $imageTag -}}{{- end }} -{{- else }} -{{- $dockerRegistry := .deployment.dockerRegistry | default "docker.wso2.com" }} -{{- $parts := len (split "." $imageTag) }} -{{- if and (eq $parts 3) (eq $dockerRegistry "docker.wso2.com") }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}:{{ $imageTag }}.0{{- end }} -{{- else }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}:{{ $imageTag }}{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/advanced/am-pattern-2/templates/mi/instance-2/wso2am-pattern-2-mi-conf.yaml b/advanced/am-pattern-2/templates/mi/instance-2/wso2am-pattern-2-mi-conf.yaml deleted file mode 100644 index a4c33957..00000000 --- a/advanced/am-pattern-2/templates/mi/instance-2/wso2am-pattern-2-mi-conf.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.wso2.deployment.mi.config }} -# Copyright (c) 2023, WSO2 LLC (https://www.wso2.com) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-pattern-2.resource.prefix" . }}-mi-2-conf - namespace: {{ .Release.Namespace }} -data: - {{- range $index, $content := .Values.wso2.deployment.mi.config }} - {{ $index }}: |- -{{ tpl $content $ | indent 4 }} - {{- end }} -{{- end }} diff --git a/advanced/am-pattern-2/templates/mi/instance-2/wso2am-pattern-2-mi-deployment.yaml b/advanced/am-pattern-2/templates/mi/instance-2/wso2am-pattern-2-mi-deployment.yaml deleted file mode 100644 index 69422ee4..00000000 --- a/advanced/am-pattern-2/templates/mi/instance-2/wso2am-pattern-2-mi-deployment.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "am-pattern-2.resource.prefix" . }}-mi-2-deployment - namespace: {{ .Release.Namespace }} - labels: -{{ include "am-pattern-2.labels" . | indent 4 }} -spec: - replicas: {{ .Values.wso2.deployment.mi.replicas }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.wso2.deployment.mi.strategy.rollingUpdate.maxSurge }} - maxUnavailable: {{ .Values.wso2.deployment.mi.strategy.rollingUpdate.maxUnavailable }} - type: RollingUpdate - selector: - matchLabels: - deployment: {{ template "am-pattern-2.resource.prefix" . }}-mi - node: {{ template "am-pattern-2.resource.prefix" . }}-mi-2 - template: - metadata: - {{- if .Values.wso2.deployment.mi.config }} - annotations: - checksum.mi.conf: {{ include (print $.Template.BasePath "/mi/instance-2/wso2am-pattern-2-mi-conf.yaml") . | sha256sum }} - {{- end }} - labels: - deployment: {{ template "am-pattern-2.resource.prefix" . }}-mi - node: {{ template "am-pattern-2.resource.prefix" . }}-mi-2 - product: apim - spec: - initContainers: - - name: init-am - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of API Manager deployment"; while ! nc -z {{ template "am-pattern-1.resource.prefix" . }}-am-service 9443; do sleep 1; printf "-"; done; echo -e " >> API Manager has started";'] - containers: - - name: wso2micro-integrator -{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.mi) | indent 10 }} - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - args: - - "-DsynapseTest=true" - {{- end }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - - nc -z localhost 8290 - initialDelaySeconds: {{ .Values.wso2.deployment.mi.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.mi.livenessProbe.periodSeconds }} - readinessProbe: - httpGet: - path: /healthz - port: 9201 - initialDelaySeconds: {{ .Values.wso2.deployment.mi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.mi.readinessProbe.periodSeconds }} - resources: - requests: - memory: {{ .Values.wso2.deployment.mi.resources.requests.memory }} - cpu: {{ .Values.wso2.deployment.mi.resources.requests.cpu }} - limits: - memory: {{ .Values.wso2.deployment.mi.resources.limits.memory }} - cpu: {{ .Values.wso2.deployment.mi.resources.limits.cpu }} - imagePullPolicy: Always - securityContext: - runAsUser: 802 - ports: - - containerPort: 8290 - protocol: TCP - - containerPort: 9201 - protocol: TCP - - containerPort: 9164 - protocol: TCP - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - - containerPort: 9008 - protocol: TCP - {{- end }} - {{- if .Values.wso2.deployment.mi.envs }} - env: - {{- range $key, $val := .Values.wso2.deployment.mi.envs }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.wso2.deployment.mi.config }} - volumeMounts: - - name: wso2mi-conf - mountPath: /home/wso2carbon/wso2-config-volume/conf/deployment.toml - subPath: deployment.toml - {{- end }} - serviceAccountName: {{ .Values.kubernetes.serviceAccount }} - {{- if .Values.wso2.deployment.mi.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.wso2.deployment.mi.imagePullSecrets }} - {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} - imagePullSecrets: - - name: {{ template "am-pattern-2.resource.prefix" . }}-mi-2-wso2-private-registry-creds - {{ end }} - {{- if .Values.wso2.deployment.mi.config }} - volumes: - - name: wso2mi-conf - configMap: - name: {{ template "am-pattern-2.resource.prefix" . }}-mi-2-conf - {{ end }} diff --git a/advanced/am-pattern-2/templates/mi/instance-2/wso2am-pattern-2-mi-service.yaml b/advanced/am-pattern-2/templates/mi/instance-2/wso2am-pattern-2-mi-service.yaml deleted file mode 100644 index cad50efd..00000000 --- a/advanced/am-pattern-2/templates/mi/instance-2/wso2am-pattern-2-mi-service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-2.resource.prefix" . }}-mi-2-service - namespace : {{ .Release.Namespace }} - labels: - deployment: {{ template "am-pattern-2.resource.prefix" . }}-mi - node: {{ template "am-pattern-2.resource.prefix" . }}-mi-2 -{{ include "am-pattern-2.labels" . | indent 4 }} -spec: - type: ClusterIP - ports: - - port: 8290 - targetPort: 8290 - protocol: TCP - name: pass-through-http - - port: 8253 - targetPort: 8253 - protocol: TCP - name: pass-through-https - - port: 9201 - targetPort: 9201 - protocol: TCP - name: metrics - - port: 9164 - targetPort: 9164 - protocol: TCP - name: management - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - - port: 9008 - targetPort: 9008 - protocol: TCP - name: synapse-test - {{- end}} - selector: - deployment: {{ template "am-pattern-2.resource.prefix" . }}-mi - node: {{ template "am-pattern-2.resource.prefix" . }}-mi-2 diff --git a/advanced/am-pattern-2/templates/mi/wso2am-pattern-2-mi-management-ingress.yaml b/advanced/am-pattern-2/templates/mi/wso2am-pattern-2-mi-management-ingress.yaml deleted file mode 100644 index a35f5dae..00000000 --- a/advanced/am-pattern-2/templates/mi/wso2am-pattern-2-mi-management-ingress.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-2.resource.prefix" . }}-mi-2-management-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.mi.ingress.management.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.mi.ingress.management.annotations | indent 4 }} -{{- end }} -spec: - tls: - - hosts: - - {{ .Values.wso2.deployment.mi.ingress.management.hostname | quote }} - rules: - - host: {{ .Values.wso2.deployment.mi.ingress.management.hostname | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-2.resource.prefix" . }}-mi-2-service - port: - number: 9164 diff --git a/advanced/am-pattern-2/templates/wso2am-pattern-2-secrets.yaml b/advanced/am-pattern-2/templates/wso2am-pattern-2-secrets.yaml deleted file mode 100644 index 0041fb41..00000000 --- a/advanced/am-pattern-2/templates/wso2am-pattern-2-secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) (eq (default "docker.wso2.com" .Values.wso2.deployment.mi.dockerRegistry) "docker.wso2.com") }} -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $username := .Values.wso2.subscription.username }} -{{- $password := .Values.wso2.subscription.password }} -{{- $email := .Values.wso2.subscription.username }} -{{- $regId := default "docker.wso2.com" .Values.wso2.deployment.mi.dockerRegistry }} -{{- $auth := printf "%s:%s" $username $password | b64enc }} -{{- $files := .Files }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "am-pattern-2.resource.prefix" . }}-mi-2-wso2-private-registry-creds - namespace: {{ .Release.Namespace }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ $files.Get "auth.json" | replace "reg.id" $regId | replace "docker.wso2.com.username" $username | replace "docker.wso2.com.password" $password | replace "docker.wso2.com.email" $email | replace "docker.wso2.com.auth" $auth | b64enc }} -{{ end }} diff --git a/advanced/am-pattern-2/values.yaml b/advanced/am-pattern-2/values.yaml deleted file mode 100644 index db61e076..00000000 --- a/advanced/am-pattern-2/values.yaml +++ /dev/null @@ -1,294 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -wso2: - # WSO2 Subscription parameters (https://wso2.com/subscription/) - # If provided, these parameters will be used to obtain official WSO2 product Docker images available at WSO2 Private Docker Registry (https://docker.wso2.com/) - # for this deployment - subscription: - username: "" - password: "" - - deployment: - mi: - # If a custom image must be used, uncomment 'dockerRegistry' and provide its value. - dockerRegistry: "docker.wso2.com" - imageName: "wso2mi" - imageTag: "4.2.0.0" - # Number of MI replicas - replicas: 2 - strategy: - rollingUpdate: - # The maximum number of pods that can be scheduled above the desired number of pods. - maxSurge: 1 - # The maximum number of pods that can be unavailable during the update. - maxUnavailable: 0 - # Indicates whether the container is running. - livenessProbe: - # Number of seconds after the container has started before liveness probes are initiated. - initialDelaySeconds: 35 - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # Indicates whether the container is ready to service requests. - readinessProbe: - # Number of seconds after the container has started before readiness probes are initiated. - initialDelaySeconds: 35 - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # These are the minimum resource recommendations for running WSO2 Micro Integrator - resources: - requests: - # The minimum amount of memory that should be allocated for a Pod - memory: "512Mi" - # The minimum amount of CPU that should be allocated for a Pod - cpu: "500m" - limits: - # The maximum amount of memory that should be allocated for a Pod - memory: "1Gi" - # The maximum amount of CPU that should be allocated for a Pod - cpu: "1000m" - # Environment variables for the Micro integrator deployment. - envs: - # ENV_NAME: ENV_VALUE - - # Add the customized deployment configurations for the WSO2 MI v4.2.0 (/conf/deployment.toml) - # config: - # deployment.toml: |- - # # toml configurations for the WSO2 MI v4.2.0 - - # Configure synapse testing. - synapseTest: - enabled: false - - # Configure Ingresses - ingress: - # Configure management ingress - management: - # Hostname for the Micro Integrator management endpoint. - hostname: "tenant2.management.mi.wso2.com" - # Annotations for the Micro Integrator management Ingress. - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - -kubernetes: - # Name of Kubernetes service account - serviceAccount: &service_account "wso2am-pattern-2-svc-account" - -am-pattern-1: - wso2: - # WSO2 Subscription parameters (https://wso2.com/subscription/) - # If provided, these parameters will be used to obtain official WSO2 product Docker images available at WSO2 Private Docker Registry (https://docker.wso2.com/) - # for this deployment - subscription: - username: "" - password: "" - - # WSO2 Choreo Analytics Parameters - # If provided, these parameters will be used publish analytics data to Choreo Analytics environment (https://apim.docs.wso2.com/en/latest/observe/api-manager-analytics/configure-analytics/register-for-analytics/). - choreoAnalytics: - enabled: false - endpoint: "" - onpremKey: "" - - deployment: - dependencies: - # The configuration should be set to be 'true' if a MySQL database should be spawned as a pod within the cluster - cluster_mysql: true - # Enable NFS dynamic provisioner for Kubernetes - nfsServerProvisioner: true - - # Persisted and shared runtime artifacts for API Manager - # See official documentation (from https://apim.docs.wso2.com/en/latest/install-and-setup/setup/reference/common-runtime-and-configuration-artifacts/#persistent-runtime-artifacts) - persistentRuntimeArtifacts: - # Kubernetes Storage Class to be used to dynamically provision the relevant Persistent Volumes - # Only persistent storage solutions supporting ReadWriteMany access mode are applicable (https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) - # Defaults to Kubernetes Storage Class generated using the NFS Server Provisioner (https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner) - storageClass: &storage_class "nfs" - - # Persistent runtime artifacts for Apache Solr-based indexing - apacheSolrIndexing: - # Indicates if persistence of the runtime artifacts for Apache Solr-based indexing is enabled - # By default, this is disabled - enabled: false - # Define capacities for persistent runtime artifact directories - capacity: - # For persisting the H2 based local Carbon database file - carbonDatabase: 50M - # For persisting the indexed data - solrIndexedData: 50M - - am: - # Container image configurations - # If a custom image must be used, uncomment 'dockerRegistry' and provide its value - dockerRegistry: "docker.wso2.com" - imageName: "wso2am" - imageTag: "4.2.0.0" - # Refer to the Kubernetes documentation on updating images (https://kubernetes.io/docs/concepts/containers/images/#updating-images) - imagePullPolicy: Always - - # Indicates whether the container is running - livenessProbe: - # Number of seconds after the container has started before liveness probes are initiated - initialDelaySeconds: 180 - # How often (in seconds) to perform the probe - periodSeconds: 10 - # Indicates whether the container is ready to service requests - readinessProbe: - # Number of seconds after the container has started before readiness probes are initiated - initialDelaySeconds: 180 - # How often (in seconds) to perform the probe - periodSeconds: 10 - - resources: - # These are the minimum resource recommendations for running WSO2 API Management product profiles - # as per official documentation (https://apim.docs.wso2.com/en/latest/install-and-setup/install/installation-prerequisites/) - requests: - memory: "2Gi" - cpu: "2000m" - limits: - memory: "3Gi" - cpu: "3000m" - # JVM settings - # These are the resource allocation configurations associated with the JVM - # Refer to the official documentation for advanced details (https://apim.docs.wso2.com/en/latest/install-and-setup/install/installation-prerequisites/) - jvm: - # Resource allocation for the Java Heap - heap: - memory: - # Initial and minimum Heap size - xms: "1024m" - # Maximum Heap size - xmx: "1024m" - - # If the deployment configurations for the WSO2 API Manager v4.0.0 (/repository/conf/deployment.toml), - # add the customized configuration file under (wso2 -> deployment -> am -> config -> deployment.toml) - # config: "" - # deployment.toml: |- - # # deployment configurations for the WSO2 API Manager v4.0.0 (/repository/conf/deployment.toml) - - # Configure Ingresses - ingress: - management: - enabled: true - # Hostname for API Manager Carbon Management Console, Publisher, DevPortal and Admin Portal - hostname: "am.wso2.com" - # Annotations for the API Manager Publisher-DevPortal services Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/session-cookie-name: "route" - nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" - gateway: - enabled: true - # Hostname for Gateway profile - hostname: "gateway.am.wso2.com" - # Annotations for the API Manager Gateway service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - websub: - enabled: true - hostname: "websub.am.wso2.com" - # Annotations for the API Manager WebSub service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - websocket: - enabled: true - hostname: "websocket.am.wso2.com" - # Annotations for the API Manager WebSocket service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - db: - hostname: wso2am-mysql-db-service - port: 3306 - type: mysql - driver: com.mysql.cj.jdbc.Driver - driver_url: https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.29/mysql-connector-java-8.0.29.jar - apim: - username: wso2carbon - password: wso2carbon - url: jdbc:mysql://wso2am-mysql-db-service:3306/WSO2AM_DB?useSSL=false&autoReconnect=true&requireSSL=false&verifyServerCertificate=false - apim_shared: - username: wso2carbon - password: wso2carbon - url: jdbc:mysql://wso2am-mysql-db-service:3306/WSO2AM_SHARED_DB?useSSL=false&autoReconnect=true&requireSSL=false&verifyServerCertificate=false - - mi: - # If a custom image must be used, uncomment 'dockerRegistry' and provide its value. - dockerRegistry: "docker.wso2.com" - imageName: "wso2mi" - imageTag: "4.2.0.0" - # Number of MI replicas - replicas: 2 - strategy: - rollingUpdate: - # The maximum number of pods that can be scheduled above the desired number of pods. - maxSurge: 1 - # The maximum number of pods that can be unavailable during the update. - maxUnavailable: 0 - # Indicates whether the container is running. - livenessProbe: - # Number of seconds after the container has started before liveness probes are initiated. - initialDelaySeconds: 35 - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # Indicates whether the container is ready to service requests. - readinessProbe: - # Number of seconds after the container has started before readiness probes are initiated. - initialDelaySeconds: 35 - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # These are the minimum resource recommendations for running WSO2 Micro Integrator - resources: - requests: - # The minimum amount of memory that should be allocated for a Pod - memory: "512Mi" - # The minimum amount of CPU that should be allocated for a Pod - cpu: "500m" - limits: - # The maximum amount of memory that should be allocated for a Pod - memory: "1Gi" - # The maximum amount of CPU that should be allocated for a Pod - cpu: "1000m" - # Environment variables for the Micro integrator deployment. - envs: - # ENV_NAME: ENV_VALUE - # Configure synapse testing. - synapseTest: - enabled: false - - # Configure Ingresses - ingress: - # Configure management ingress - management: - # Hostname for the Micro Integrator management endpoint. - hostname: "tenant1.management.mi.wso2.com" - # Annotations for the Micro Integrator management Ingress. - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - - kubernetes: - # Name of Kubernetes service account - serviceAccount: *service_account - - # Override sub chart parameters - mysql-am: - mysql: - persistence: - storageClass: *storage_class diff --git a/advanced/am-pattern-3/Chart.yaml b/advanced/am-pattern-3/Chart.yaml deleted file mode 100644 index e17d56cd..00000000 --- a/advanced/am-pattern-3/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -appVersion: "4.2.0" -description: A Helm chart for the deployment of WSO2 API Management deployment pattern 3 -name: am-pattern-3 -version: 4.2.0-2 -icon: https://wso2.cachefly.net/wso2/sites/all/images/wso2logo.svg diff --git a/advanced/am-pattern-3/README.md b/advanced/am-pattern-3/README.md deleted file mode 100644 index 8853c4ee..00000000 --- a/advanced/am-pattern-3/README.md +++ /dev/null @@ -1,354 +0,0 @@ -# Pattern 3: Helm Chart for deployment of a Simple Scalable Deployment of WSO2 API Manager - -Resources for building a Helm chart for deployment of a [simple scalable deployment of WSO2 API Manager](https://apim.docs.wso2.com/en/4.2.0/install-and-setup/setup/deployment-overview/#simple-scalable-deployment). - -![WSO2 API Manager pattern 3 deployment](https://apim.docs.wso2.com/en/4.2.0/assets/img/setup-and-install/basic-scalable-deployment.png) - -For advanced details on the deployment pattern, please refer to the official -[documentation](https://apim.docs.wso2.com/en/4.2.0/install-and-setup/setup/distributed-deployment/deploying-wso2-api-m-in-a-distributed-setup/). - -## Contents - -* [Prerequisites](#prerequisites) -* [Quick Start Guide](#quick-start-guide) -* [Configuration](#configuration) -* [Runtime Artifact Persistence and Sharing](#runtime-artifact-persistence-and-sharing) -* [Managing Java Keystores and Truststores](#managing-java-keystores-and-truststores) -* [Configuring SSL in Service Exposure](#configuring-ssl-in-service-exposure) - -## Prerequisites - -* WSO2 product Docker images used for the Kubernetes deployment. - - WSO2 product Docker images available at [DockerHub](https://hub.docker.com/u/wso2/) package General Availability (GA) - versions of WSO2 products with no [WSO2 Updates](https://wso2.com/updates). - - For a production grade deployment of the desired WSO2 product-version, it is highly recommended to use the relevant - Docker image which packages WSO2 Updates, available at [WSO2 Private Docker Registry](https://docker.wso2.com/). In order - to use these images, you need an active [WSO2 Subscription](https://wso2.com/subscription). -

- -* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Helm](https://helm.sh/docs/intro/install/) - and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) in order to run the steps provided in the - following quick start guide.

- -* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup).

- -* Install [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/).

- -* Add the WSO2 Helm chart repository. - - ``` - helm repo add wso2 https://helm.wso2.com && helm repo update - ``` - -## Quick Start Guide - -### 1. Install the Helm Chart - -You can install the relevant Helm chart either from [WSO2 Helm Chart Repository](https://hub.helm.sh/charts/wso2) or by source. - -**Note:** - -* `NAMESPACE` should be the Kubernetes Namespace in which the resources are deployed. - -#### Install Chart From [WSO2 Helm Chart Repository](https://hub.helm.sh/charts/wso2) - - Helm version 2 - - ``` - helm install --name wso2/am-pattern-3 --version 4.2.0-1 --namespace - ``` - - Helm version 3 - - - Deploy the Kubernetes resources using the Helm Chart - - ``` - helm install wso2/am-pattern-3 --version 4.2.0-1 --namespace --create-namespace - ``` - -The above steps will deploy the deployment pattern using WSO2 product Docker images available in WSO2 Private Docker Registry. Please provide your WSO2 Subscription credentials via input values (using `--set` argument). - -Please see the following example. - -``` - helm install --name wso2/am-pattern-3 --version 4.2.0-1 --namespace --set wso2.subscription.username= --set wso2.subscription.password= -``` - -If you are using a custom WSO2 Docker images you will need to provide those information via the input values. Please refer [API Manager Server Configurations](#api-manager-server-configurations) and [Micro Integrator Server Configurations](#micro-integrator-server-configurations) - - -#### Install Chart From Source - ->In the context of this document,
->* `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-apim`](https://github.com/wso2/kubernetes-apim/) -Git repository.
->* `HELM_HOME` will refer to `/advanced`.
- -##### Clone the Helm Resources for WSO2 API Manager Git repository. - -``` -git clone https://github.com/wso2/kubernetes-apim.git -``` - -##### Deploy Helm chart for WSO2 API Manager Pattern 3 deployment. - - Helm version 2 - - ``` - helm install --dep-up --name /am-pattern-3 --version 4.2.0-1 --namespace - ``` - - Helm version 3 - - - Deploy the Kubernetes resources using the Helm Chart - - ``` - helm install /am-pattern-3 --version 4.2.0-1 --namespace --dependency-update --create-namespace - ``` - -The above steps will deploy the deployment pattern using WSO2 product Docker images available in WSO2 Private Docker Registry. Please provide your WSO2 Subscription credentials via input values (using `--set` argument). - -Please see the following example. - -``` - helm install --name /am-pattern-3 --version 4.2.0-1 --namespace --set wso2.subscription.username= --set wso2.subscription.password= -``` - -If you are using a custom WSO2 Docker images you will need to provide those information via the input values. Please refer [API Manager Server Configurations](#api-manager-server-configurations) and [Micro Integrator Server Configurations](#micro-integrator-server-configurations) - - -Or else, you can configure the default configurations inside the am-pattern-3 helm chart [values.yaml](https://github.com/wso2/kubernetes-apim/blob/master/advanced/am-pattern-3/values.yaml) file. Refer [this](https://helm.sh/docs/chart_template_guide/values_files/) for to learn more details about the `values.yaml` file. - - -> **Note:**
-From the above Helm commands, base image of a Micro Integrator is deployed (without any integration solution). To deploy your integration solution with the Helm charts follow the below steps.

->1. [Create an integration service using WSO2 Integration Studio and expose it as a Managed API](https://apim.docs.wso2.com/en/4.2.0/tutorials/integration-tutorials/service-catalog-tutorial/#exposing-an-integration-service-as-a-managed-api). Then [create a Docker image](https://apim.docs.wso2.com/en/4.2.0/integrate/develop/create-docker-project/#creating-docker-exporter) and push it to your private or public Docker registry.

- - `INTEGRATION_IMAGE_REGISTRY` will refer to the Docker registry that created Docker image has been pushed
- - `INTEGRATION_IMAGE_NAME` will refer to the name of the created Docker image
- - `INTEGRATION_IMAGE_TAG` will refer to the tag of the created Docker image

->2. If your Docker registry is a private registry, [create an imagePullSecret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).

- - `IMAGE_PULL_SECRET` will refer to the created image pull secret

->3. Deploy the helm resource using following command.

-> ``` -> helm install wso2/am-pattern-3 --version 4.2.0-1 --namespace --set wso2.deployment.mi.dockerRegistry= --set wso2.deployment.mi.imageName= --set wso2.deployment.mi.imageTag= --set wso2.deployment.mi.imagePullSecrets= -> ``` - -> **Note:** -> If you are using Rancher Desktop for the Kubernetes cluster, add the following changes. -> 1. Change `storageClass` to `local-path` in [`values.yaml`](https://github.com/wso2/kubernetes-apim/blob/master/advanced/am-pattern-3/values.yaml#L43). -> 2. Change `accessModes` in [`Persistent Volume Claims`](https://github.com/wso2/kubernetes-apim/blob/master/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-volume-claims.yaml) to `ReadWriteOnce`. - -### Choreo Analytics - -If you need to enable Choreo Analytics with WSO2 API Manager, please follow the documentation on [Register for Analytics](https://apim.docs.wso2.com/en/4.2.0/observe/api-manager-analytics/configure-analytics/register-for-analytics/) to obtain the on-prem key for Analytics. - -The following example shows how to enable Analytics with the helm charts. - -Helm v2 - -``` -helm install --name wso2/am-pattern-3 --version 4.2.0-1 --namespace --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint= --set wso2.choreoAnalytics.onpremKey= -``` - -Helm v3 - -``` -helm install wso2/am-pattern-3 --version 4.2.0-1 --namespace --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint= --set wso2.choreoAnalytics.onpremKey= --create-namespace -``` - -You will be able to see the Analytics data when you log into Choreo Analytics Portal. - -### 2. Obtain the external IP - -Obtain the external IP (`EXTERNAL-IP`) of the API Manager Ingress resources, by listing down the Kubernetes Ingresses. - -``` -kubectl get ing -n -``` - -The output under the relevant column stands for the following. - -API Manager Control Plane - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-3-am-cp-ingress`) -- HOSTS: Hostname of the WSO2 API Manager's Control Plane service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Control Plane service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager's Control Plane service - -API Manager Gateway - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-pattern-3-am-gateway-ingress`) -- HOSTS: Hostname of the WSO2 API Manager's Gateway service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Gateway service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager's Gateway service - -API Manager Websub - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to wso2am-pattern-3-am-websub-ingress) -- HOSTS: Hostname of the WSO2 API Manager's Websub service (``) -- ADDRESS: External IP (EXTERNAL-IP) exposing the API Manager's Websub service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager's Websub service - -Micro Integrator Management APIs - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to wso2am-pattern-3-mi-1-management-ingress) -- HOSTS: Hostname of the WSO2 Micro Integrator service (``) -- ADDRESS: External IP (EXTERNAL-IP) exposing the Micro Integrator service to outside of the Kubernetes environment -PORTS: Externally exposed service ports of the Micro Integrator service - -### 3. Add a DNS record mapping the hostnames and the external IP - -If the defined hostnames (in the previous step) are backed by a DNS service, add a DNS record mapping the hostnames and -the external IP (`EXTERNAL-IP`) in the relevant DNS service. - -If the defined hostnames are not backed by a DNS service, for the purpose of evaluation you may add an entry mapping the -hostnames and the external IP in the `/etc/hosts` file at the client-side. - -### 4. Access Management Consoles - -- API Manager Publisher: `https:///publisher` - -- API Manager DevPortal: `https:///devportal` - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -###### WSO2 Subscription Configurations - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.subscription.username` | Your WSO2 Subscription username | - | -| `wso2.subscription.password` | Your WSO2 Subscription password | - | -| `wso2.choreoAnalytics.enabled` | Chorero Analytics enabled or not | false | -| `wso2.choreoAnalytics.endpoint` | Choreo Analytics endpoint | https://analytics-event-auth.choreo.dev/auth/v1 | -| `wso2.choreoAnalytics.onpremKey` | On-prem key for Choreo Analytics | - | - -If you do not have an active WSO2 subscription, **do not change** the parameters `wso2.subscription.username` and `wso2.subscription.password`. - -###### Chart Dependencies - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.dependencies.mysql` | Enable the deployment and usage of WSO2 API Management MySQL based Helm Chart | true | -| `wso2.deployment.dependencies.nfsProvisioner` | Enable the deployment and usage of NFS Server Provisioner (https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner) | true | - -###### Persistent Runtime Artifact Configurations - -| Parameter | Description | Default Value | -|---------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.persistentRuntimeArtifacts.storageClass` | Appropriate Kubernetes Storage Class | `nfs` | -| `wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled` | Indicates if persistence of the runtime artifacts for Apache Solr-based indexing is enabled | false | -| `wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.carbonDatabase` | Capacity for persisting the H2 based local Carbon database file | 50M | -| `wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.solrIndexedData` | Capacity for persisting the Apache Solr indexed data | 50M | - -###### API Manager Server Configurations - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.am.dockerRegistry` | Registry location of the Docker image to be used to create API Manager instances | - | -| `wso2.deployment.am.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2am` | -| `wso2.deployment.am.imageTag` | Tag of the image used to create API Manager instances | 4.2.0 | -| `wso2.deployment.am.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` | -| `wso2.deployment.am.resources.requests.memory` | The minimum amount of memory that should be allocated for running API Manager product profiles with profile optimization | 1Gi | -| `wso2.deployment.am.resources.requests.cpu` | The minimum amount of CPU that should be allocated for running API Manager product profiles with profile optimization | 1000m | -| `wso2.deployment.am.resources.limits.memory` | The maximum amount of memory that should be allocated for running API Manager product profiles with profile optimization | 2Gi | -| `wso2.deployment.am.resources.limits.cpu` | The maximum amount of CPU that should be allocated for running API Manager product profiles with profile optimization | 2000m | -| `wso2.deployment.am.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for API Manager optimized profile | 60 | -| `wso2.deployment.am.livenessProbe.periodSeconds` | Period of the live-ness probe for API Manager optimized profile | 10 | -| `wso2.deployment.am.readinessProbe.initialDelaySeconds` | Initial delay for the readiness probe for API Manager optimized profile | 60 | -| `wso2.deployment.am.readinessProbe.periodSeconds` | Period of the readiness probe for API Manager optimized profile | 10 | -| `wso2.deployment.am.websub.ingress.enabled` | If enabled, create ingress resource for WebSub service | true | -| `wso2.deployment.am.websub.ingress.hostname` | Hostname for API Manager WebSub service | `websub.am.wso2.com` | -| `wso2.deployment.am.websub.ingress.annotations` | Ingress resource annotations for API Manager WebSub | Community NGINX Ingress controller annotations | -| `wso2.deployment.am.gateway.ingress.enabled` | If enabled, create ingress resource for API Manager Gateway | true | -| `wso2.deployment.am.gateway.ingress.hostname` | Hostname for API Manager Gateway | `gateway.am.wso2.com` | -| `wso2.deployment.am.gateway.ingress.annotations` | Ingress resource annotations for API Manager Gateway | Community NGINX Ingress controller annotations | -| `wso2.deployment.am.gateway.replicas` | Number of replicas of API Manager Gateway to be started | 2 | -| `wso2.deployment.am.gateway.strategy.rollingUpdate.maxSurge` | Refer to [doc](https://v1-14.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#deploymentstrategy-v1-apps) | 2 | -| `wso2.deployment.am.gateway.strategy.rollingUpdate.maxUnavailable` | Refer to [doc](https://v1-14.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#deploymentstrategy-v1-apps) | 0 | -| `wso2.deployment.am.gateway.config` | Custom deployment configuration file for Gateway profile (`/repository/conf/deployment.toml`) | - | -| `wso2.deployment.am.cp.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for API Manager Control Plane profile | 60 | -| `wso2.deployment.am.cp.livenessProbe.periodSeconds` | Period of the live-ness probe for API Manager Control Plane profile | 10 | -| `wso2.deployment.am.cp.readinessProbe.initialDelaySeconds` | Initial delay for the readiness probe for API Manager Control Plane profile | 60 | -| `wso2.deployment.am.cp.readinessProbe.periodSeconds` | Period of the readiness probe for API Manager Control Plane profile | 10 | -| `wso2.deployment.am.cp.ingress.enabled` | If enabled, create ingress resource for API Manager management consoles | true | -| `wso2.deployment.am.cp.ingress.hostname` | Hostname for API Manager Control Plane | `am.wso2.com` | -| `wso2.deployment.am.cp.ingress.annotations` | Ingress resource annotations for API Manager Control Plane | Community NGINX Ingress controller annotations | -| `wso2.deployment.am.cp.resources.requests.memory` | The minimum amount of memory that should be allocated for running API Manager API Manager Control Plane | 1Gi | -| `wso2.deployment.am.cp.resources.requests.cpu` | The minimum amount of CPU that should be allocated for running API ManagerAPI Manager Control Plane | 1000m | -| `wso2.deployment.am.cp.resources.limits.memory` | The maximum amount of memory that should be allocated for running API Manager API Manager Control Plane | 2Gi | -| `wso2.deployment.am.cp.resources.limits.cpu` | The maximum amount of CPU that should be allocated for running API Manager API Manager Control Plane | 2000m | -| `wso2.deployment.am.cp.config` | Custom deployment configuration file for Control Plane profile (`/repository/conf/deployment.toml`) | - | - -###### Micro Integrator Server Configurations - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.mi.dockerRegistry` | Registry location of the Docker image to be used to create Micro Integrator instances | - | -| `wso2.deployment.mi.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2mi` | -| `wso2.deployment.mi.imageTag` | Tag of the image used to create API Manager instances | 4.2.0 | -| `wso2.deployment.mi.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` | -| `wso2.deployment.mi.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for Micro Integrator node | 35 | -| `wso2.deployment.mi.livenessProbe.periodSeconds` | Period of the live-ness probe for Micro Integrator node | 10 | -| `wso2.deployment.mi.readinessProbe.initialDelaySeconds` | Initial delay for the readiness probe for Micro Integrator node | 35 | -| `wso2.deployment.mi.readinessProbe.periodSeconds` | Period of the readiness probe for Micro Integrator node | 10 | -| `wso2.deployment.mi.resources.requests.memory` | The minimum amount of memory that should be allocated for a Pod | 512Mi | -| `wso2.deployment.mi.resources.requests.cpu` | The minimum amount of CPU that should be allocated for a Pod | 500m | -| `wso2.deployment.mi.resources.limits.memory` | The maximum amount of memory that should be allocated for a Pod | 1Gi | -| `wso2.deployment.mi.resources.limits.cpu` | The maximum amount of CPU that should be allocated for a Pod | 1000m | -| `wso2.deployment.mi.config` | Custom deployment configuration file (`/conf/deployment.toml`) | - | -| `wso2.deployment.mi.ingress.management.hostname` | Hostname for Micro Integrator management apis | `management.mi.wso2.com` | -| `wso2.deployment.mi.ingress.management.annotations` | Ingress resource annotations for API Manager Gateway | Community NGINX Ingress controller annotations | - -**Note**: The above mentioned default, minimum resource amounts for running WSO2 API Manager server profiles are based on its [official documentation](https://apim.docs.wso2.com/en/4.2.0/install-and-setup/install/installation-prerequisites/). - -## Kubernetes Specific Configurations - -| Parameter | Description | Default Value | -|---------------------------------------------------------------|-------------------------------------------------------------------------------------------|---------------------------------| -| `kubernetes.serviceAccount` | Name of the Kubernetes Service Account to which the Pods are to be bound | `wso2am-pattern-3-svc-account` | - -## Runtime Artifact Persistence and Sharing - -* It is **mandatory** to set an appropriate Kubernetes StorageClass in this deployment, for persistence and sharing. - -* By default, this deployment uses the `nfs` Kubernetes StorageClass created using the official, stable [NFS Server Provisioner](https://hub.helm.sh/charts/stable/nfs-server-provisioner). - -* Only persistent storage solutions supporting `ReadWriteMany` [access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) - are applicable for `wso2.deployment.persistentRuntimeArtifacts.storageClass`. - -* Please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/store/Persisting_And_Sharing.md#recommended-storage-options-for-wso2-products) - for advanced details with regards to WSO2 recommended, storage options. - -## Managing Java Keystores and Truststores - -* By default, this deployment uses the default keystores and truststores provided by the relevant WSO2 product. - -* For advanced details with regards to managing custom Java keystores and truststores in a container based WSO2 product deployment - please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/deploy/Managing_Keystores_And_Truststores.md). - -## Configuring SSL in Service Exposure - -* For WSO2 recommended best practices in configuring SSL when exposing the internal product services to outside of the Kubernetes cluster, - please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/route/Routing.md#configuring-ssl). - -## Setting up API Manager without Micro Integrator - -If you want to setup API Manager only without Micro Integrator, you have to install the charts from source after removing MI templates. - -* Clone the repository - - ``` - git clone https://github.com/wso2/kubernetes-apim.git - ``` - -* Remove the MI templates by removing the `mi` folder in `/advanced/am-pattern-3/templates/`. - -* Deploy Helm charts - - ```helm - helm install /am-pattern-3 --version 4.2.0-1 --namespace --dependency-update --create-namespace - ``` diff --git a/advanced/am-pattern-3/auth.json b/advanced/am-pattern-3/auth.json deleted file mode 100644 index 97387c87..00000000 --- a/advanced/am-pattern-3/auth.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "auths": { - "reg.id": { - "username": "docker.wso2.com.username", - "password": "docker.wso2.com.password", - "email": "docker.wso2.com.email", - "auth": "docker.wso2.com.auth" - } - } -} diff --git a/advanced/am-pattern-3/requirements.yaml b/advanced/am-pattern-3/requirements.yaml deleted file mode 100644 index 738ff301..00000000 --- a/advanced/am-pattern-3/requirements.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: mysql-am - version: "4.2.0-1" - repository: "https://helm.wso2.com" - condition: wso2.deployment.dependencies.cluster_mysql - - name: nfs-server-provisioner - version: "1.1.0" - repository: "https://helm.wso2.com" - condition: wso2.deployment.dependencies.nfsServerProvisioner diff --git a/advanced/am-pattern-3/templates/NOTES.txt b/advanced/am-pattern-3/templates/NOTES.txt deleted file mode 100644 index dd124a5f..00000000 --- a/advanced/am-pattern-3/templates/NOTES.txt +++ /dev/null @@ -1,57 +0,0 @@ -Thank you for installing WSO2 API Manager. - -Please follow these steps to access API Manager Publisher, DevPortal consoles. - -1. Obtain the external IP (`EXTERNAL-IP`) of the API Manager Ingress resources, by listing down the Kubernetes Ingresses. - - kubectl get ing -n {{ .Release.Namespace }} - - The output under the relevant column stands for the following. - - API Manager Control Plane - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-3.resource.prefix" . }}-am-cp-ingress) - - HOSTS: Hostname of the WSO2 API Manager's Control Plane service ({{ .Values.wso2.deployment.am.cp.ingress.hostname }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Control PLane service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the API Manager's Control Plane service - - API Manager Gateway - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-ingress) - - HOSTS: Hostname of the WSO2 API Manager's Gateway service ({{ .Values.wso2.deployment.am.gateway.ingress.hostname }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Gateway service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the API Manager's DevPortal service - -2. Add a DNS record mapping the hostnames (in step 1) and the external IP. - - If the defined hostnames (in step 1) are backed by a DNS service, add a DNS record mapping the hostnames and - the external IP (`EXTERNAL-IP`) in the relevant DNS service. - - If the defined hostnames are not backed by a DNS service, for the purpose of evaluation you may add an entry mapping the - hostnames and the external IP in the `/etc/hosts` file at the client-side. - - {{ .Values.wso2.deployment.am.cp.ingress.hostname }} {{ .Values.wso2.deployment.am.gateway.ingress.hostname }} - -3. Navigate to the consoles in your browser of choice. - - API Manager Publisher: https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/publisher - API Manager DevPortal: https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal - -Please follow these steps to assess Micro Integrator. - -1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. - - kubectl get ing -n {{ .Release.Namespace }} - - Micro Integrator Management APIs - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-3.resource.prefix" . }}-mi-1-management-ingress) - - HOSTS: Hostname of the WSO2 Micro Integrator service ({{ .Values.wso2.deployment.mi.ingress.management.hostname }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the Micro Integrator service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the Micro Integrator service - -2. Add the above host as an entry in /etc/hosts file as follows: - - {{ .Values.wso2.deployment.mi.ingress.management.hostname }} - -Please refer the official documentation at https://apim.docs.wso2.com/en/latest/ for additional information on WSO2 API Manager. diff --git a/advanced/am-pattern-3/templates/_helpers.tpl b/advanced/am-pattern-3/templates/_helpers.tpl deleted file mode 100644 index 59870ce6..00000000 --- a/advanced/am-pattern-3/templates/_helpers.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{/* -Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at -http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "am-pattern-3.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "am-pattern-3.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "am-pattern-3.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "am-pattern-3.labels" -}} -app.kubernetes.io/name: {{ include "am-pattern-3.name" . }} -helm.sh/chart: {{ include "am-pattern-3.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Common prefix prepended to Kubernetes resources of this chart -*/}} -{{- define "am-pattern-3.resource.prefix" -}} -{{- "wso2am-pattern-3" }} -{{- end -}} - -{{- define "image" }} -{{- $imageName := .deployment.imageName }} -{{- $imageTag := .deployment.imageTag | default "" }} -{{- if or (eq .Values.wso2.subscription.username "") (eq .Values.wso2.subscription.password "") -}} -{{- $dockerRegistry := .deployment.dockerRegistry | default "wso2" }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}{{- printf ":%s" $imageTag -}}{{- end }} -{{- else }} -{{- $dockerRegistry := .deployment.dockerRegistry | default "docker.wso2.com" }} -{{- $parts := len (split "." $imageTag) }} -{{- if and (eq $parts 3) (eq $dockerRegistry "docker.wso2.com") }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}:{{ $imageTag }}.0{{- end }} -{{- else }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}:{{ $imageTag }}{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-conf.yaml b/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-conf.yaml deleted file mode 100644 index b084e28a..00000000 --- a/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-conf.yaml +++ /dev/null @@ -1,265 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-conf - namespace : {{ .Release.Namespace }} - {{ if .Values.wso2.deployment.am.cp.config }} -data: - {{- range $index, $content := .Values.wso2.deployment.am.cp.config }} - {{ $index }}: |- -{{ tpl $content $ | indent 4 }} - {{- end }} - - {{ else }} -data: - deployment.toml: |- - [server] - hostname = "{{ .Values.wso2.deployment.am.cp.ingress.hostname }}" - #offset=0 - base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}" - #discard_empty_caches = false - server_role = "control-plane" - - [user_store] - type = "database_unique_id" - - [super_admin] - username = "admin" - password = "admin" - create_admin_account = true - - [database.apim_db] - type = "{{ .Values.wso2.deployment.am.cp.db.type }}" - url = "{{ .Values.wso2.deployment.am.cp.db.apim.url }}" - username = "{{ .Values.wso2.deployment.am.cp.db.apim.username }}" - password = "{{ .Values.wso2.deployment.am.cp.db.apim.password }}" - driver = "{{ .Values.wso2.deployment.am.cp.db.driver }}" - - [database.shared_db] - type = "{{ .Values.wso2.deployment.am.cp.db.type }}" - url = "{{ .Values.wso2.deployment.am.cp.db.apim_shared.url }}" - username = "{{ .Values.wso2.deployment.am.cp.db.apim_shared.username }}" - password = "{{ .Values.wso2.deployment.am.cp.db.apim_shared.password }}" - driver = "{{ .Values.wso2.deployment.am.cp.db.driver }}" - - [keystore.tls] - file_name = "wso2carbon.jks" - type = "JKS" - password = "wso2carbon" - alias = "wso2carbon" - key_password = "wso2carbon" - - [truststore] - file_name = "client-truststore.jks" - type = "JKS" - password = "wso2carbon" - - #[keystore.primary] - #file_name = "wso2carbon.jks" - #type = "JKS" - #password = "wso2carbon" - #alias = "wso2carbon" - #key_password = "wso2carbon" - - #[keystore.internal] - #file_name = "wso2carbon.jks" - #type = "JKS" - #password = "wso2carbon" - #alias = "wso2carbon" - #key_password = "wso2carbon" - - [[apim.gateway.environment]] - name = "Default" - type = "hybrid" - provider = "wso2" - display_in_api_console = true - description = "This is a hybrid gateway that handles both production and sandbox token traffic." - show_as_token_endpoint_url = true - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service:${mgt.transport.https.port}/services/" - username= "${admin.username}" - password= "${admin.password}" - ws_endpoint = "ws://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" - wss_endpoint = "wss://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" - http_endpoint = "http://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" - https_endpoint = "https://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" - websub_event_receiver_http_endpoint = "http://{{ .Values.wso2.deployment.am.websub.ingress.hostname }}" - websub_event_receiver_https_endpoint = "https://{{ .Values.wso2.deployment.am.websub.ingress.hostname }}" - - [apim.devportal] - url = "https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal" - #enable_application_sharing = false - #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl - #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api - #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" - #display_multiple_versions = false - #display_deprecated_apis = false - #enable_comments = true - #enable_ratings = true - #enable_forum = true - #enable_anonymous_mode=true - #enable_cross_tenant_subscriptions = true - #default_reserved_username = "apim_reserved_user" - - [transport.http] - properties.port = 9763 - properties.proxyPort = 80 - - [transport.https] - properties.port = 9443 - properties.proxyPort = 443 - - [apim.event_hub] - enable = true - username= "$ref{super_admin.username}" - password= "$ref{super_admin.password}" - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - event_listening_endpoints = ["tcp://localhost:5672"] - event_duplicate_url = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:5672"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9711"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9711"] - - #[apim.cache.gateway_token] - #enable = true - #expiry_time = "900s" - - #[apim.cache.resource] - #enable = true - #expiry_time = "900s" - - #[apim.cache.km_token] - #enable = false - #expiry_time = "15m" - - #[apim.cache.recent_apis] - #enable = false - - #[apim.cache.scopes] - #enable = true - - #[apim.cache.publisher_roles] - #enable = true - - #[apim.cache.jwt_claim] - #enable = true - #expiry_time = "15m" - - #[apim.cache.tags] - #expiry_time = "2m" - - [apim.key_manager] - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - username = "$ref{super_admin.username}" - password = "$ref{super_admin.password}" - #pool.init_idle_capacity = 50 - #pool.max_idle = 100 - #key_validation_handler_type = "default" - #key_validation_handler_type = "custom" - #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" - - #[apim.oauth_config] - #enable_outbound_auth_header = false - #auth_header = "Authorization" - #revoke_endpoint = "https://localhost:${https.nio.port}/revoke" - #enable_token_encryption = false - #enable_token_hashing = false - - [apim.cors] - allow_origins = "*" - allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] - allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] - allow_credentials = false - - #[apim.workflow] - #enable = false - #service_url = "https://localhost:9445/bpmn" - #username = "$ref{super_admin.username}" - #password = "$ref{super_admin.password}" - #callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status" - #token_endpoint = "https://localhost:${https.nio.port}/token" - #client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register" - #client_registration_username = "$ref{super_admin.username}" - #client_registration_password = "$ref{super_admin.password}" - - #data bridge config - #[transport.receiver] - #type = "binary" - #worker_threads = 10 - #session_timeout = "30m" - #keystore.file_name = "$ref{keystore.tls.file_name}" - #keystore.password = "$ref{keystore.tls.password}" - #tcp_port = 9611 - #ssl_port = 9711 - #ssl_receiver_thread_pool_size = 100 - #tcp_receiver_thread_pool_size = 100 - #ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"] - #ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"] - - #[apim.notification] - #from_address = "APIM.com" - #username = "APIM" - #password = "APIM+123" - #hostname = "localhost" - #port = 3025 - #enable_start_tls = false - #enable_authentication = true - - #[apim.token.revocation] - #notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl" - #enable_realtime_notifier = true - #realtime_notifier.ttl = 5000 - #enable_persistent_notifier = true - #persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/" - #persistent_notifier.ttl = 5000 - #persistent_notifier.username = "root" - #persistent_notifier.password = "root" - - [[event_handler]] - name="userPostSelfRegistration" - subscriptions=["POST_ADD_USER"] - - [service_provider] - sp_name_regex = "^[\\sa-zA-Z0-9._-]*$" - - [[event_listener]] - id = "token_revocation" - type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" - name = "org.wso2.is.notification.ApimOauthEventInterceptor" - order = 1 - - [event_listener.properties] - notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" - username = "${admin.username}" - password = "${admin.password}" - 'header.X-WSO2-KEY-MANAGER' = "default" - - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - [database.local] - url = "jdbc:h2:/home/wso2carbon/solr/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" - - [indexing] - location = "/home/wso2carbon/solr/indexed-data" - {{ else }} - [database.local] - url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" - {{ end }} - {{- end }} diff --git a/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-deployment.yaml b/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-deployment.yaml deleted file mode 100644 index fb5ff74c..00000000 --- a/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-deployment.yaml +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-deployment - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-am-cp - node: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1 - template: - metadata: - annotations: - checksum.am.conf: {{ include (print $.Template.BasePath "/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-conf.yaml") . | sha256sum }} - labels: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-am-cp - node: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1 - product: apim - spec: - initContainers: - - name: init-db - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of DB Server deployment"; while ! nc -z "{{ .Values.wso2.deployment.am.cp.db.hostname }}" {{ .Values.wso2.deployment.am.cp.db.port }}; do sleep 1; printf "-"; done; echo -e " >> DB Server has started";'] - - name: init-db-connector-download - image: busybox:1.32 - command: - - /bin/sh - - "-c" - - | - set -e - connector_version=8.0.17 - wget "{{ .Values.wso2.deployment.am.cp.db.driver_url }}" -P /db-connector-jar/ - volumeMounts: - - name: db-connector-jar - mountPath: /db-connector-jar - containers: - - name: wso2am -{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.am) | indent 10 }} - imagePullPolicy: {{ .Values.wso2.deployment.am.imagePullPolicy }} - startupProbe: - exec: - command: - - /bin/sh - - -c - - nc -z localhost 9443 - initialDelaySeconds: {{ .Values.wso2.deployment.am.cp.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.cp.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.deployment.am.cp.startupProbe.failureThreshold }} - livenessProbe: - httpGet: - path: /services/Version - port: 9763 - periodSeconds: {{ .Values.wso2.deployment.am.cp.livenessProbe.periodSeconds }} - readinessProbe: - httpGet: - path: /services/Version - port: 9763 - initialDelaySeconds: {{ .Values.wso2.deployment.am.cp.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.cp.readinessProbe.periodSeconds }} - lifecycle: - preStop: - exec: - command: ['sh', '-c', '${WSO2_SERVER_HOME}/bin/api-manager.sh stop'] - resources: - requests: - memory: {{ .Values.wso2.deployment.am.cp.resources.requests.memory }} - cpu: {{ .Values.wso2.deployment.am.cp.resources.requests.cpu }} - limits: - memory: {{ .Values.wso2.deployment.am.cp.resources.limits.memory }} - cpu: {{ .Values.wso2.deployment.am.cp.resources.limits.cpu }} - securityContext: - runAsUser: 802 - ports: - - containerPort: 9763 - protocol: "TCP" - - containerPort: 9443 - protocol: "TCP" - - containerPort: 9711 - protocol: "TCP" - - containerPort: 9611 - protocol: "TCP" - - containerPort: 5672 - protocol: "TCP" - env: - - name: PROFILE_NAME - value: control-plane - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: JVM_MEM_OPTS - value: "-Xms{{ .Values.wso2.deployment.am.cp.resources.jvm.heap.memory.xms }} -Xmx{{ .Values.wso2.deployment.am.cp.resources.jvm.heap.memory.xmx }}" - volumeMounts: - - name: wso2am-conf - mountPath: /home/wso2carbon/wso2-config-volume/repository/conf - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - - name: wso2am-local-carbon-database-storage - mountPath: /home/wso2carbon/solr/database - - name: wso2am-solr-indexed-data-storage - mountPath: /home/wso2carbon/solr/indexed-data - - name: wso2am-conf-entrypoint - mountPath: /home/wso2carbon/docker-entrypoint.sh - subPath: docker-entrypoint.sh - {{ end }} - - name: db-connector-jar - mountPath: /home/wso2carbon/wso2-artifact-volume/repository/components/lib - serviceAccountName: {{ .Values.kubernetes.serviceAccount }} - {{- if .Values.wso2.deployment.am.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.wso2.deployment.am.imagePullSecrets }} - {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} - imagePullSecrets: - - name: {{ template "am-pattern-3.resource.prefix" . }}-wso2-private-registry-creds - {{ end }} - volumes: - - name: wso2am-conf - configMap: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-conf - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - - name: wso2am-local-carbon-database-storage - persistentVolumeClaim: - claimName: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-local-carbon-database-volume-claim - - name: wso2am-solr-indexed-data-storage - persistentVolumeClaim: - claimName: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-solr-indexed-data-volume-claim - - name: wso2am-conf-entrypoint - configMap: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-conf-entrypoint - defaultMode: 0407 - {{ end }} - - name: db-connector-jar - emptyDir: {} diff --git a/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-service.yaml b/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-service.yaml deleted file mode 100644 index 8bfb47c4..00000000 --- a/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service - namespace : {{ .Release.Namespace }} -spec: - # label keys and values that must match in order to receive traffic for this service - selector: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-am-cp - node: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1 - ports: - # ports that this service should serve on - - name: binary - protocol: TCP - port: 9611 - - name: binary-secure - protocol: TCP - port: 9711 - - name: jms-tcp - protocol: TCP - port: 5672 - - name: servlet-https - protocol: TCP - port: 9443 diff --git a/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-conf.yaml b/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-conf.yaml deleted file mode 100644 index 7a2a65c2..00000000 --- a/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-conf.yaml +++ /dev/null @@ -1,266 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-conf - namespace : {{ .Release.Namespace }} - {{ if .Values.wso2.deployment.am.cp.config }} -data: - {{- range $index, $content := .Values.wso2.deployment.am.cp.config }} - {{ $index }}: |- -{{ tpl $content $ | indent 4 }} - {{- end }} - - {{ else }} -data: - deployment.toml: |- - [server] - hostname = "{{ .Values.wso2.deployment.am.cp.ingress.hostname }}" - node_ip = "$env{NODE_IP}" - #offset=0 - base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}" - #discard_empty_caches = false - server_role = "control-plane" - - [user_store] - type = "database_unique_id" - - [super_admin] - username = "admin" - password = "admin" - create_admin_account = true - - [database.apim_db] - type = "{{ .Values.wso2.deployment.am.cp.db.type }}" - url = "{{ .Values.wso2.deployment.am.cp.db.apim.url }}" - username = "{{ .Values.wso2.deployment.am.cp.db.apim.username }}" - password = "{{ .Values.wso2.deployment.am.cp.db.apim.password }}" - driver = "{{ .Values.wso2.deployment.am.cp.db.driver }}" - - [database.shared_db] - type = "{{ .Values.wso2.deployment.am.cp.db.type }}" - url = "{{ .Values.wso2.deployment.am.cp.db.apim_shared.url }}" - username = "{{ .Values.wso2.deployment.am.cp.db.apim_shared.username }}" - password = "{{ .Values.wso2.deployment.am.cp.db.apim_shared.password }}" - driver = "{{ .Values.wso2.deployment.am.cp.db.driver }}" - - [keystore.tls] - file_name = "wso2carbon.jks" - type = "JKS" - password = "wso2carbon" - alias = "wso2carbon" - key_password = "wso2carbon" - - [truststore] - file_name = "client-truststore.jks" - type = "JKS" - password = "wso2carbon" - - #[keystore.primary] - #file_name = "wso2carbon.jks" - #type = "JKS" - #password = "wso2carbon" - #alias = "wso2carbon" - #key_password = "wso2carbon" - - #[keystore.internal] - #file_name = "wso2carbon.jks" - #type = "JKS" - #password = "wso2carbon" - #alias = "wso2carbon" - #key_password = "wso2carbon" - - [[apim.gateway.environment]] - name = "Default" - type = "hybrid" - provider = "wso2" - display_in_api_console = true - description = "This is a hybrid gateway that handles both production and sandbox token traffic." - show_as_token_endpoint_url = true - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service:${mgt.transport.https.port}/services/" - username= "${admin.username}" - password= "${admin.password}" - ws_endpoint = "ws://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" - wss_endpoint = "wss://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" - http_endpoint = "http://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" - https_endpoint = "https://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" - websub_event_receiver_http_endpoint = "http://{{ .Values.wso2.deployment.am.websub.ingress.hostname }}" - websub_event_receiver_https_endpoint = "https://{{ .Values.wso2.deployment.am.websub.ingress.hostname }}" - - [apim.devportal] - url = "https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal" - #enable_application_sharing = false - #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl - #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api - #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" - #display_multiple_versions = false - #display_deprecated_apis = false - #enable_comments = true - #enable_ratings = true - #enable_forum = true - #enable_anonymous_mode=true - #enable_cross_tenant_subscriptions = true - #default_reserved_username = "apim_reserved_user" - - [transport.http] - properties.port = 9763 - properties.proxyPort = 80 - - [transport.https] - properties.port = 9443 - properties.proxyPort = 443 - - [apim.event_hub] - enable = true - username= "$ref{super_admin.username}" - password= "$ref{super_admin.password}" - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - event_listening_endpoints = ["tcp://localhost:5672"] - event_duplicate_url = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:5672"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9711"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9711"] - - #[apim.cache.gateway_token] - #enable = true - #expiry_time = "900s" - - #[apim.cache.resource] - #enable = true - #expiry_time = "900s" - - #[apim.cache.km_token] - #enable = false - #expiry_time = "15m" - - #[apim.cache.recent_apis] - #enable = false - - #[apim.cache.scopes] - #enable = true - - #[apim.cache.publisher_roles] - #enable = true - - #[apim.cache.jwt_claim] - #enable = true - #expiry_time = "15m" - - #[apim.cache.tags] - #expiry_time = "2m" - - [apim.key_manager] - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - username = "$ref{super_admin.username}" - password = "$ref{super_admin.password}" - #pool.init_idle_capacity = 50 - #pool.max_idle = 100 - #key_validation_handler_type = "default" - #key_validation_handler_type = "custom" - #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" - - #[apim.oauth_config] - #enable_outbound_auth_header = false - #auth_header = "Authorization" - #revoke_endpoint = "https://localhost:${https.nio.port}/revoke" - #enable_token_encryption = false - #enable_token_hashing = false - - [apim.cors] - allow_origins = "*" - allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] - allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] - allow_credentials = false - - #[apim.workflow] - #enable = false - #service_url = "https://localhost:9445/bpmn" - #username = "$ref{super_admin.username}" - #password = "$ref{super_admin.password}" - #callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status" - #token_endpoint = "https://localhost:${https.nio.port}/token" - #client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register" - #client_registration_username = "$ref{super_admin.username}" - #client_registration_password = "$ref{super_admin.password}" - - #data bridge config - #[transport.receiver] - #type = "binary" - #worker_threads = 10 - #session_timeout = "30m" - #keystore.file_name = "$ref{keystore.tls.file_name}" - #keystore.password = "$ref{keystore.tls.password}" - #tcp_port = 9611 - #ssl_port = 9711 - #ssl_receiver_thread_pool_size = 100 - #tcp_receiver_thread_pool_size = 100 - #ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"] - #ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"] - - #[apim.notification] - #from_address = "APIM.com" - #username = "APIM" - #password = "APIM+123" - #hostname = "localhost" - #port = 3025 - #enable_start_tls = false - #enable_authentication = true - - #[apim.token.revocation] - #notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl" - #enable_realtime_notifier = true - #realtime_notifier.ttl = 5000 - #enable_persistent_notifier = true - #persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/" - #persistent_notifier.ttl = 5000 - #persistent_notifier.username = "root" - #persistent_notifier.password = "root" - - [[event_handler]] - name="userPostSelfRegistration" - subscriptions=["POST_ADD_USER"] - - [service_provider] - sp_name_regex = "^[\\sa-zA-Z0-9._-]*$" - - [[event_listener]] - id = "token_revocation" - type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" - name = "org.wso2.is.notification.ApimOauthEventInterceptor" - order = 1 - - [event_listener.properties] - notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" - username = "${admin.username}" - password = "${admin.password}" - 'header.X-WSO2-KEY-MANAGER' = "default" - - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - [database.local] - url = "jdbc:h2:/home/wso2carbon/solr/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" - - [indexing] - location = "/home/wso2carbon/solr/indexed-data" - {{ else }} - [database.local] - url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" - {{ end }} - {{- end }} diff --git a/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-deployment.yaml b/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-deployment.yaml deleted file mode 100644 index d8f6f76a..00000000 --- a/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-deployment.yaml +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-deployment - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-am-cp - node: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2 - template: - metadata: - annotations: - checksum.am.conf: {{ include (print $.Template.BasePath "/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-conf.yaml") . | sha256sum }} - labels: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-am-cp - node: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2 - product: apim - spec: - initContainers: - - name: init-db - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of DB Server deployment"; while ! nc -z "{{ .Values.wso2.deployment.am.cp.db.hostname }}" {{ .Values.wso2.deployment.am.cp.db.port }}; do sleep 1; printf "-"; done; echo -e " >> DB Server has started";'] - - name: init-db-connector-download - image: busybox:1.32 - command: - - /bin/sh - - "-c" - - | - set -e - connector_version=8.0.17 - wget "{{ .Values.wso2.deployment.am.cp.db.driver_url }}" -P /db-connector-jar/ - volumeMounts: - - name: db-connector-jar - mountPath: /db-connector-jar - containers: - - name: wso2am -{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.am) | indent 10 }} - imagePullPolicy: {{ .Values.wso2.deployment.am.imagePullPolicy }} - startupProbe: - exec: - command: - - /bin/sh - - -c - - nc -z localhost 9443 - initialDelaySeconds: {{ .Values.wso2.deployment.am.cp.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.cp.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.deployment.am.cp.startupProbe.failureThreshold }} - livenessProbe: - httpGet: - path: /services/Version - port: 9763 - periodSeconds: {{ .Values.wso2.deployment.am.cp.livenessProbe.periodSeconds }} - readinessProbe: - httpGet: - path: /services/Version - port: 9763 - initialDelaySeconds: {{ .Values.wso2.deployment.am.cp.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.cp.readinessProbe.periodSeconds }} - lifecycle: - preStop: - exec: - command: ['sh', '-c', '${WSO2_SERVER_HOME}/bin/api-manager.sh stop'] - resources: - requests: - memory: {{ .Values.wso2.deployment.am.cp.resources.requests.memory }} - cpu: {{ .Values.wso2.deployment.am.cp.resources.requests.cpu }} - limits: - memory: {{ .Values.wso2.deployment.am.cp.resources.limits.memory }} - cpu: {{ .Values.wso2.deployment.am.cp.resources.limits.cpu }} - securityContext: - runAsUser: 802 - ports: - - containerPort: 9763 - protocol: "TCP" - - containerPort: 9443 - protocol: "TCP" - - containerPort: 9711 - protocol: "TCP" - - containerPort: 9611 - protocol: "TCP" - - containerPort: 5672 - protocol: "TCP" - env: - - name: PROFILE_NAME - value: control-plane - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: JVM_MEM_OPTS - value: "-Xms{{ .Values.wso2.deployment.am.cp.resources.jvm.heap.memory.xms }} -Xmx{{ .Values.wso2.deployment.am.cp.resources.jvm.heap.memory.xmx }}" - volumeMounts: - - name: wso2am-conf - mountPath: /home/wso2carbon/wso2-config-volume/repository/conf - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - - name: wso2am-local-carbon-database-storage - mountPath: /home/wso2carbon/solr/database - - name: wso2am-solr-indexed-data-storage - mountPath: /home/wso2carbon/solr/indexed-data - - name: wso2am-conf-entrypoint - mountPath: /home/wso2carbon/docker-entrypoint.sh - subPath: docker-entrypoint.sh - {{ end }} - - name: db-connector-jar - mountPath: /home/wso2carbon/wso2-artifact-volume/repository/components/lib - serviceAccountName: {{ .Values.kubernetes.serviceAccount }} - {{- if .Values.wso2.deployment.am.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.wso2.deployment.am.imagePullSecrets }} - {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} - imagePullSecrets: - - name: {{ template "am-pattern-3.resource.prefix" . }}-wso2-private-registry-creds - {{ end }} - volumes: - - name: wso2am-conf - configMap: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-conf - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - - name: wso2am-local-carbon-database-storage - persistentVolumeClaim: - claimName: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-local-carbon-database-volume-claim - - name: wso2am-solr-indexed-data-storage - persistentVolumeClaim: - claimName: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-solr-indexed-data-volume-claim - - name: wso2am-conf-entrypoint - configMap: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-conf-entrypoint - defaultMode: 0407 - {{ end }} - - name: db-connector-jar - emptyDir: {} diff --git a/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-service.yaml b/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-service.yaml deleted file mode 100644 index 44f72d15..00000000 --- a/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service - namespace : {{ .Release.Namespace }} -spec: - # label keys and values that must match in order to receive traffic for this service - selector: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-am-cp - node: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2 - ports: - # ports that this service should serve on - - name: binary - protocol: TCP - port: 9611 - - name: binary-secure - protocol: TCP - port: 9711 - - name: jms-tcp - protocol: TCP - port: 5672 - - name: servlet-https - protocol: TCP - port: 9443 diff --git a/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-conf-entrypoint.yaml b/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-conf-entrypoint.yaml deleted file mode 100644 index 4ea97fb1..00000000 --- a/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-conf-entrypoint.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-conf-entrypoint - namespace: {{ .Release.Namespace }} -data: - docker-entrypoint.sh: | - #!/bin/bash - set -e - - # volume mounts - config_volume=${WORKING_DIRECTORY}/wso2-config-volume - artifact_volume=${WORKING_DIRECTORY}/wso2-artifact-volume - - # check if the WSO2 non-root user home exists - test ! -d ${WORKING_DIRECTORY} && echo "WSO2 Docker non-root user home does not exist" && exit 1 - - # check if the WSO2 product home exists - test ! -d ${WSO2_SERVER_HOME} && echo "WSO2 Docker product home does not exist" && exit 1 - - # Copying carbon_db - if ! test -f /home/wso2carbon/solr/database/WSO2CARBON_DB.mv.db - then - echo "Copying WSO2CARBON_DB.mv.db" >&2 - cp ${WSO2_SERVER_HOME}/repository/database/WSO2CARBON_DB.mv.db /home/wso2carbon/solr/database/ - fi - - # optimize WSO2 Carbon Server, if the profile name is defined as an environment variable - if [[ ! -z "${PROFILE_NAME}" ]] - then - echo "Optimizing WSO2 Carbon Server" >&2 - sh ${WSO2_SERVER_HOME}/bin/profileSetup.sh -Dprofile=${PROFILE_NAME} - fi - - # copy any configuration changes mounted to config_volume - test -d ${config_volume} && [[ "$(ls -A ${config_volume})" ]] && cp -RL ${config_volume}/* ${WSO2_SERVER_HOME}/ - # copy any artifact changes mounted to artifact_volume - test -d ${artifact_volume} && [[ "$(ls -A ${artifact_volume})" ]] && cp -RL ${artifact_volume}/* ${WSO2_SERVER_HOME}/ - - # start WSO2 Carbon server - echo "Start WSO2 Carbon server" >&2 - if [[ -z "${PROFILE_NAME}" ]] - then - # start the server with the provided startup arguments - sh ${WSO2_SERVER_HOME}/bin/api-manager.sh "$@" - else - # start the server with the specified profile and provided startup arguments - sh ${WSO2_SERVER_HOME}/bin/api-manager.sh -Dprofile=${PROFILE_NAME} "$@" - fi - - {{ end }} diff --git a/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-ingress.yaml b/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-ingress.yaml deleted file mode 100644 index 7cae6ae8..00000000 --- a/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-ingress.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.cp.ingress.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.cp.ingress.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.cp.ingress.annotations | indent 4 }} -{{- end }} -spec: - {{- if .Values.wso2.deployment.am.cp.ingress.className }} - ingressClassName: {{ .Values.wso2.deployment.am.cp.ingress.className }} - {{- end }} - tls: - - hosts: - - {{ .Values.wso2.deployment.am.cp.ingress.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.cp.ingress.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-service - port: - number: 9443 -{{- end -}} diff --git a/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-service.yaml b/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-service.yaml deleted file mode 100644 index d5d362e6..00000000 --- a/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-service - namespace : {{ .Release.Namespace }} -spec: - # label keys and values that must match in order to receive traffic for this service - selector: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-am-cp - ports: - # ports that this service should serve on - - name: servlet-http - protocol: TCP - port: 9763 - - name: servlet-https - protocol: TCP - port: 9443 diff --git a/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-volume-claims.yaml b/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-volume-claims.yaml deleted file mode 100644 index b7c0fb78..00000000 --- a/advanced/am-pattern-3/templates/am/control-plane/wso2am-pattern-3-am-control-plane-volume-claims.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-local-carbon-database-volume-claim - namespace : {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.carbonDatabase }} - storageClassName: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.storageClass }} - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-solr-indexed-data-volume-claim - namespace : {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.solrIndexedData }} - storageClassName: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.storageClass }} - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-local-carbon-database-volume-claim - namespace : {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.carbonDatabase }} - storageClassName: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.storageClass }} - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-solr-indexed-data-volume-claim - namespace : {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.solrIndexedData }} - storageClassName: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.storageClass }} - {{ end }} diff --git a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-conf.yaml b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-conf.yaml deleted file mode 100644 index 662199f7..00000000 --- a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-conf.yaml +++ /dev/null @@ -1,147 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-conf - namespace : {{ .Release.Namespace }} - {{ if .Values.wso2.deployment.am.gateway.config }} -data: - {{- range $index, $content := .Values.wso2.deployment.am.gateway.config }} - {{ $index }}: |- -{{ tpl $content $ | indent 4 }} - {{- end }} - - {{ else }} -data: - deployment.toml: |- - [server] - hostname = "{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" - node_ip = "$env{NODE_IP}" - server_role = "gateway-worker" - - [user_store] - type = "database_unique_id" - - [super_admin] - username = "admin" - password = "admin" - create_admin_account = true - - [database.shared_db] - type = "h2" - url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE" - username = "wso2carbon" - password = "wso2carbon" - - [keystore.tls] - file_name = "wso2carbon.jks" - type = "JKS" - password = "wso2carbon" - alias = "wso2carbon" - key_password = "wso2carbon" - - [truststore] - file_name = "client-truststore.jks" - type = "JKS" - password = "wso2carbon" - - [transport.http] - properties.port = 9763 - properties.proxyPort = 80 - - [transport.https] - properties.port = 9443 - properties.proxyPort = 443 - - # key manager implementation - [apim.key_manager] - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - username= "$ref{super_admin.username}" - password= "$ref{super_admin.password}" - - # JWT Generation - [apim.jwt] - enable = true - encoding = "base64" # base64,base64url - #generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" - claim_dialect = "http://wso2.org/claims" - header = "X-JWT-Assertion" - signing_algorithm = "SHA256withRSA" - #enable_user_claims = true - #claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever" - - [apim.sync_runtime_artifacts.gateway] - gateway_labels =["Default"] - - # Traffic Manager configurations - [apim.throttling] - username= "$ref{super_admin.username}" - password= "$ref{super_admin.password}" - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - throttle_decision_endpoints = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:5672","tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:5672"] - enable_unlimited_tier = true - enable_header_based_throttling = false - enable_jwt_claim_based_throttling = false - enable_query_param_based_throttling = false - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9711"] - type = "loadbalance" - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9711"] - type = "loadbalance" - - {{ if .Values.wso2.choreoAnalytics.enabled }} - [apim.analytics] - enable = true - config_endpoint = "{{ .Values.wso2.choreoAnalytics.endpoint }}" - auth_token = "{{ .Values.wso2.choreoAnalytics.onpremKey }}" - {{ else }} - [apim.analytics] - enable = false - config_endpoint = "https://analytics-event-auth.choreo.dev/auth/v1" - auth_token = "" - {{ end }} - - # Caches - [apim.cache.gateway_token] - enable = true - expiry_time = 15 - - [apim.cache.resource] - enable = true - - [apim.cache.jwt_claim] - enable = true - expiry_time = 900 - - [apim.oauth_config] - remove_outbound_auth_header = true - auth_header = "Authorization" - - [apim.cors] - allow_origins = "*" - allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] - allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] - allow_credentials = false - - [transport.passthru_https.sender.parameters] - HostnameVerifier = "AllowAll" - - {{- end }} diff --git a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-deployment.yaml b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-deployment.yaml deleted file mode 100644 index 3d46623a..00000000 --- a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-deployment - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.wso2.deployment.am.gateway.replicas }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.wso2.deployment.am.gateway.strategy.rollingUpdate.maxSurge }} - maxUnavailable: {{ .Values.wso2.deployment.am.gateway.strategy.rollingUpdate.maxUnavailable }} - type: RollingUpdate - selector: - matchLabels: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway - template: - metadata: - annotations: - checksum.am.gw.conf: {{ include (print $.Template.BasePath "/am/gateway/wso2am-pattern-3-am-gateway-conf.yaml") . | sha256sum }} - labels: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway - product: apim - spec: - initContainers: - - name: init-cp - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of Control Plane deployment"; while ! nc -z {{ template "am-pattern-3.resource.prefix" . }}-am-cp-service 9443; do sleep 1; printf "-"; done; echo -e " >> Control Plane has started";'] - containers: - - name: wso2am-gateway -{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.am) | indent 8 }} - imagePullPolicy: {{ .Values.wso2.deployment.am.imagePullPolicy }} - env: - - name: PROFILE_NAME - value: gateway-worker - - name: NODE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: JVM_MEM_OPTS - value: "-Xms{{ .Values.wso2.deployment.am.resources.jvm.heap.memory.xms }} -Xmx{{ .Values.wso2.deployment.am.resources.jvm.heap.memory.xmx }}" - startupProbe: - exec: - command: - - /bin/sh - - -c - - nc -z localhost 8243 - initialDelaySeconds: {{ .Values.wso2.deployment.am.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.deployment.am.startupProbe.failureThreshold }} - livenessProbe: - httpGet: - path: /services/Version - port: 9763 - periodSeconds: {{ .Values.wso2.deployment.am.livenessProbe.periodSeconds }} - readinessProbe: - httpGet: - path: /services/Version - port: 9763 - initialDelaySeconds: {{ .Values.wso2.deployment.am.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.readinessProbe.periodSeconds }} - lifecycle: - preStop: - exec: - command: ['sh', '-c', '${WSO2_SERVER_HOME}/bin/api-manager.sh stop'] - resources: - requests: - memory: {{ .Values.wso2.deployment.am.resources.requests.memory }} - cpu: {{ .Values.wso2.deployment.am.resources.requests.cpu }} - limits: - memory: {{ .Values.wso2.deployment.am.resources.limits.memory }} - cpu: {{ .Values.wso2.deployment.am.resources.limits.cpu }} - securityContext: - runAsUser: 802 - ports: - - containerPort: 8280 - protocol: TCP - - containerPort: 8243 - protocol: TCP - - containerPort: 9763 - protocol: TCP - - containerPort: 9443 - protocol: TCP - volumeMounts: - - name: wso2am-gateway-conf - mountPath: /home/wso2carbon/wso2-config-volume/repository/conf - serviceAccountName: {{ .Values.kubernetes.serviceAccount }} - {{- if .Values.wso2.deployment.am.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.wso2.deployment.am.imagePullSecrets }} - {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} - imagePullSecrets: - - name: {{ template "am-pattern-3.resource.prefix" . }}-wso2-private-registry-creds - {{ end }} - volumes: - - name: wso2am-gateway-conf - configMap: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-conf diff --git a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-ingress.yaml b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-ingress.yaml deleted file mode 100644 index e992482d..00000000 --- a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-ingress.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.gateway.ingress.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.gateway.ingress.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.gateway.ingress.annotations | indent 4 }} -{{- end }} -spec: - {{- if .Values.wso2.deployment.am.gateway.ingress.className }} - ingressClassName: {{ .Values.wso2.deployment.am.gateway.ingress.className }} - {{- end }} - tls: - - hosts: - - {{ .Values.wso2.deployment.am.gateway.ingress.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.gateway.ingress.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service - port: - number: 8243 -{{- end -}} diff --git a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-service.yaml b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-service.yaml deleted file mode 100644 index fc31b7c4..00000000 --- a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service - namespace : {{ .Release.Namespace }} -spec: - # label keys and values that must match in order to receive traffic for this service - selector: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway - ports: - # ports that this service should serve on - - name: pass-through-http - protocol: TCP - port: 8280 - - name: pass-through-https - protocol: TCP - port: 8243 - - name: servlet-http - protocol: TCP - port: 9763 - - name: servlet-https - protocol: TCP - port: 9443 - - name: websub-http - protocol: TCP - port: 9021 - - name: websub-https - protocol: TCP - port: 8021 - - name: websocket-http - protocol: TCP - port: 9099 - - name: websocket-https - protocol: TCP - port: 8099 diff --git a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-websocket-ingress.yaml b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-websocket-ingress.yaml deleted file mode 100644 index bf95ddc0..00000000 --- a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-websocket-ingress.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.websocket.ingress.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-websocket-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.websocket.ingress.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.websocket.ingress.annotations | indent 4 }} -{{- end }} -spec: - {{- if .Values.wso2.deployment.am.websocket.ingress.className }} - ingressClassName: {{ .Values.wso2.deployment.am.websocket.ingress.className }} - {{- end }} - tls: - - hosts: - - {{ .Values.wso2.deployment.am.websocket.ingress.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.websocket.ingress.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service - port: - number: 8099 -{{- end -}} diff --git a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-websub-ingress.yaml b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-websub-ingress.yaml deleted file mode 100644 index d8526cae..00000000 --- a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-websub-ingress.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.websub.ingress.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-websub-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.websub.ingress.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.websub.ingress.annotations | indent 4 }} -{{- end }} -spec: - {{- if .Values.wso2.deployment.am.websub.ingress.className }} - ingressClassName: {{ .Values.wso2.deployment.am.websub.ingress.className }} - {{- end }} - tls: - - hosts: - - {{ .Values.wso2.deployment.am.websub.ingress.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.websub.ingress.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service - port: - number: 8021 -{{- end -}} diff --git a/advanced/am-pattern-3/templates/mi/instance-1/wso2am-pattern-3-mi-conf.yaml b/advanced/am-pattern-3/templates/mi/instance-1/wso2am-pattern-3-mi-conf.yaml deleted file mode 100644 index 046d1a98..00000000 --- a/advanced/am-pattern-3/templates/mi/instance-1/wso2am-pattern-3-mi-conf.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.wso2.deployment.mi.config }} -# Copyright (c) 2023, WSO2 LLC (https://www.wso2.com) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-mi-1-conf - namespace: {{ .Release.Namespace }} -data: - {{- range $index, $content := .Values.wso2.deployment.mi.config }} - {{ $index }}: |- -{{ tpl $content $ | indent 4 }} - {{- end }} -{{- end }} diff --git a/advanced/am-pattern-3/templates/mi/instance-1/wso2am-pattern-3-mi-deployment.yaml b/advanced/am-pattern-3/templates/mi/instance-1/wso2am-pattern-3-mi-deployment.yaml deleted file mode 100644 index 6c90dbe7..00000000 --- a/advanced/am-pattern-3/templates/mi/instance-1/wso2am-pattern-3-mi-deployment.yaml +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-mi-1-deployment - namespace: {{ .Release.Namespace }} - labels: -{{ include "am-pattern-3.labels" . | indent 4 }} -spec: - replicas: {{ .Values.wso2.deployment.mi.replicas }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.wso2.deployment.mi.strategy.rollingUpdate.maxSurge }} - maxUnavailable: {{ .Values.wso2.deployment.mi.strategy.rollingUpdate.maxUnavailable }} - type: RollingUpdate - selector: - matchLabels: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-mi - node: {{ template "am-pattern-3.resource.prefix" . }}-mi-1 - template: - metadata: - {{- if .Values.wso2.deployment.mi.config }} - annotations: - checksum.mi.conf: {{ include (print $.Template.BasePath "/mi/instance-1/wso2am-pattern-3-mi-conf.yaml") . | sha256sum }} - {{- end }} - labels: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-mi - node: {{ template "am-pattern-3.resource.prefix" . }}-mi-1 - product: apim - spec: - initContainers: - - name: init-cp - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of Control Plane deployment"; while ! nc -z {{ template "am-pattern-3.resource.prefix" . }}-am-cp-service 9443; do sleep 1; printf "-"; done; echo -e " >> Control Plane has started";'] - - name: init-gw - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of Gateway deployment"; while ! nc -z {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service 8243; do sleep 1; printf "-"; done; echo -e " >> Gateway has started";'] - containers: - - name: wso2micro-integrator -{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.mi) | indent 10 }} - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - args: - - "-DsynapseTest=true" - {{- end }} - startupProbe: - exec: - command: - - /bin/sh - - -c - - nc -z localhost 8290 - initialDelaySeconds: {{ .Values.wso2.deployment.mi.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.mi.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.deployment.mi.startupProbe.failureThreshold }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - - nc -z localhost 8290 - periodSeconds: {{ .Values.wso2.deployment.mi.livenessProbe.periodSeconds }} - readinessProbe: - httpGet: - path: /healthz - port: 9201 - initialDelaySeconds: {{ .Values.wso2.deployment.mi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.mi.readinessProbe.periodSeconds }} - resources: - requests: - memory: {{ .Values.wso2.deployment.mi.resources.requests.memory }} - cpu: {{ .Values.wso2.deployment.mi.resources.requests.cpu }} - limits: - memory: {{ .Values.wso2.deployment.mi.resources.limits.memory }} - cpu: {{ .Values.wso2.deployment.mi.resources.limits.cpu }} - imagePullPolicy: Always - securityContext: - runAsUser: 802 - ports: - - containerPort: 8290 - protocol: TCP - - containerPort: 9201 - protocol: TCP - - containerPort: 9164 - protocol: TCP - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - - containerPort: 9008 - protocol: TCP - {{- end }} - {{- if .Values.wso2.deployment.mi.envs }} - env: - {{- range $key, $val := .Values.wso2.deployment.mi.envs }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.wso2.deployment.mi.config }} - volumeMounts: - - name: wso2mi-conf - mountPath: /home/wso2carbon/wso2-config-volume/conf/deployment.toml - subPath: deployment.toml - {{- end }} - serviceAccountName: {{ .Values.kubernetes.serviceAccount }} - {{- if .Values.wso2.deployment.mi.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.wso2.deployment.mi.imagePullSecrets }} - {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} - imagePullSecrets: - - name: {{ template "am-pattern-3.resource.prefix" . }}-mi-1-wso2-private-registry-creds - {{ end }} - {{- if .Values.wso2.deployment.mi.config }} - volumes: - - name: wso2mi-conf - configMap: - name: {{ template "am-pattern-3.resource.prefix" . }}-mi-1-conf - {{ end }} diff --git a/advanced/am-pattern-3/templates/mi/instance-1/wso2am-pattern-3-mi-management-ingress.yaml b/advanced/am-pattern-3/templates/mi/instance-1/wso2am-pattern-3-mi-management-ingress.yaml deleted file mode 100644 index 7ca04347..00000000 --- a/advanced/am-pattern-3/templates/mi/instance-1/wso2am-pattern-3-mi-management-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-mi-1-management-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.mi.ingress.management.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.mi.ingress.management.annotations | indent 4 }} -{{- end }} -spec: - {{- if .Values.wso2.deployment.mi.ingress.management.className }} - ingressClassName: {{ .Values.wso2.deployment.mi.ingress.management.className }} - {{- end }} - tls: - - hosts: - - {{ .Values.wso2.deployment.mi.ingress.management.hostname | quote }} - rules: - - host: {{ .Values.wso2.deployment.mi.ingress.management.hostname | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-3.resource.prefix" . }}-mi-1-service - port: - number: 9164 diff --git a/advanced/am-pattern-3/templates/mi/wso2am-pattern-3-mi-service.yaml b/advanced/am-pattern-3/templates/mi/wso2am-pattern-3-mi-service.yaml deleted file mode 100644 index 628b81c6..00000000 --- a/advanced/am-pattern-3/templates/mi/wso2am-pattern-3-mi-service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-mi-1-service - namespace : {{ .Release.Namespace }} - labels: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-mi - node: {{ template "am-pattern-3.resource.prefix" . }}-mi-1 -{{ include "am-pattern-3.labels" . | indent 4 }} -spec: - type: ClusterIP - ports: - - port: 8290 - targetPort: 8290 - protocol: TCP - name: pass-through-http - - port: 8253 - targetPort: 8253 - protocol: TCP - name: pass-through-https - - port: 9201 - targetPort: 9201 - protocol: TCP - name: metrics - - port: 9164 - targetPort: 9164 - protocol: TCP - name: management - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - - port: 9008 - targetPort: 9008 - protocol: TCP - name: synapse-test - {{- end}} - selector: - deployment: {{ template "am-pattern-3.resource.prefix" . }}-mi - node: {{ template "am-pattern-3.resource.prefix" . }}-mi-1 diff --git a/advanced/am-pattern-3/templates/wso2am-pattern-3-mi-secrets.yaml b/advanced/am-pattern-3/templates/wso2am-pattern-3-mi-secrets.yaml deleted file mode 100644 index 3745715d..00000000 --- a/advanced/am-pattern-3/templates/wso2am-pattern-3-mi-secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) (eq (default "docker.wso2.com" .Values.wso2.deployment.mi.dockerRegistry) "docker.wso2.com") }} -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $username := .Values.wso2.subscription.username }} -{{- $password := .Values.wso2.subscription.password }} -{{- $email := .Values.wso2.subscription.username }} -{{- $regId := default "docker.wso2.com" .Values.wso2.deployment.mi.dockerRegistry }} -{{- $auth := printf "%s:%s" $username $password | b64enc }} -{{- $files := .Files }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-mi-1-wso2-private-registry-creds - namespace: {{ .Release.Namespace }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ $files.Get "auth.json" | replace "reg.id" $regId | replace "docker.wso2.com.username" $username | replace "docker.wso2.com.password" $password | replace "docker.wso2.com.email" $email | replace "docker.wso2.com.auth" $auth | b64enc }} -{{ end }} diff --git a/advanced/am-pattern-3/templates/wso2am-pattern-3-secrets.yaml b/advanced/am-pattern-3/templates/wso2am-pattern-3-secrets.yaml deleted file mode 100644 index 3d9a5ea6..00000000 --- a/advanced/am-pattern-3/templates/wso2am-pattern-3-secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $username := .Values.wso2.subscription.username }} -{{- $password := .Values.wso2.subscription.password }} -{{- $email := .Values.wso2.subscription.username }} -{{- $regId := default "docker.wso2.com" .Values.wso2.dockerRegistry }} -{{- $auth := printf "%s:%s" $username $password | b64enc }} -{{- $files := .Files }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "am-pattern-3.resource.prefix" . }}-wso2-private-registry-creds - namespace: {{ .Release.Namespace }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ $files.Get "auth.json" | replace "reg.id" $regId | replace "docker.wso2.com.username" $username | replace "docker.wso2.com.password" $password | replace "docker.wso2.com.email" $email | replace "docker.wso2.com.auth" $auth | b64enc }} -{{ end }} diff --git a/advanced/am-pattern-3/templates/wso2am-pattern-3-service-account.yaml b/advanced/am-pattern-3/templates/wso2am-pattern-3-service-account.yaml deleted file mode 100644 index 98e1a488..00000000 --- a/advanced/am-pattern-3/templates/wso2am-pattern-3-service-account.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.kubernetes.serviceAccount }} - namespace : {{ .Release.Namespace }} diff --git a/advanced/am-pattern-3/values.yaml b/advanced/am-pattern-3/values.yaml deleted file mode 100644 index 352a3794..00000000 --- a/advanced/am-pattern-3/values.yaml +++ /dev/null @@ -1,319 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -wso2: - # WSO2 Subscription parameters (https://wso2.com/subscription/) - # If provided, these parameters will be used to obtain official WSO2 product Docker images available at WSO2 Private Docker Registry (https://docker.wso2.com/) - # for this deployment - subscription: - username: "" - password: "" - - # WSO2 Choreo Analytics Parameters - # If provided, these parameters will be used publish analytics data to Choreo Analytics environment (https://apim.docs.wso2.com/en/latest/observe/api-manager-analytics/configure-analytics/register-for-analytics/). - choreoAnalytics: - enabled: false - endpoint: "" - onpremKey: "" - - deployment: - dependencies: - # The configuration should be set to be 'true' if a MySQL database should be spawned as a pod within the cluster - cluster_mysql: true - # Enable NFS dynamic provisioner for Kubernetes - nfsServerProvisioner: true - - # Persisted and shared runtime artifacts for API Manager - # See official documentation (from https://apim.docs.wso2.com/en/latest/install-and-setup/setup/reference/common-runtime-and-configuration-artifacts/#persistent-runtime-artifacts) - persistentRuntimeArtifacts: - # Kubernetes Storage Class to be used to dynamically provision the relevant Persistent Volumes - # Only persistent storage solutions supporting ReadWriteMany access mode are applicable (https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) - # Defaults to Kubernetes Storage Class generated using the NFS Server Provisioner (https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner) - storageClass: &storage_class "nfs" - - # Persistent runtime artifacts for Apache Solr-based indexing - apacheSolrIndexing: - # Indicates if persistence of the runtime artifacts for Apache Solr-based indexing is enabled - # By default, this is disabled - enabled: false - # Define capacities for persistent runtime artifact directories - capacity: - # For persisting the H2 based local Carbon database file - carbonDatabase: 50M - # For persisting the indexed data - solrIndexedData: 50M - - am: - # Container image configurations - # If a custom image must be used, uncomment 'dockerRegistry' and provide its value - dockerRegistry: "docker.wso2.com" - imageName: "wso2am" - imageTag: "4.2.0.0" - # Refer to the Kubernetes documentation on updating images (https://kubernetes.io/docs/concepts/containers/images/#updating-images) - imagePullPolicy: Always - - resources: - # These are the resource recommendations for running WSO2 API Management product profiles with profile optimization - # Resource configurations defined here are applicable for all API Manager product profiles of this deployment - requests: - memory: "1Gi" - cpu: "1000m" - limits: - memory: "2Gi" - cpu: "2000m" - # JVM settings - # These are the resource allocation configurations associated with the JVM - # Refer to the official documentation for advanced details (https://apim.docs.wso2.com/en/latest/install-and-setup/install/installation-prerequisites/) - jvm: - # Resource allocation for the Java Heap - heap: - memory: - # Initial and minimum Heap size - xms: "512m" - # Maximum Heap size - xmx: "512m" - - # Kubernetes Probes - # Startup probe executed prior to Liveness Probe taking over - startupProbe: - # Number of seconds after the container has started before startup probes are initiated - initialDelaySeconds: 45 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Number of attempts - failureThreshold: 8 - # Indicates whether the container is running - livenessProbe: - # How often (in seconds) to perform the probe - periodSeconds: 10 - # Indicates whether the container is ready to service requests - readinessProbe: - # Number of seconds after the container has started before readiness probes are initiated - initialDelaySeconds: 50 - # How often (in seconds) to perform the probe - periodSeconds: 10 - - # API Manager's WebSub specific configurations - websub: - # Configure Ingress - ingress: - enabled: true - # Name of the IngressClass to use - className: "" - # Hostname for Gateway (WebSub) service - hostname: "websub.am.wso2.com" - # Annotations for the API Manager Gateway (WebSub) service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # API Manager's WebSocket specific configurations - websocket: - # Configure Ingress - ingress: - enabled: true - # Name of the IngressClass to use - className: "" - # Hostname for Gateway (WebSocket) service - hostname: "websocket.am.wso2.com" - # Annotations for the API Manager Gateway (WebSocket) service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - - # API Manager's Gateway specific configurations - gateway: - # Configure Ingress - ingress: - enabled: true - # Name of the IngressClass to use - className: "" - # Hostname for Gateway profile - hostname: "gateway.am.wso2.com" - # Annotations for the API Manager Gateway service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - - # Number of Gateway replicas - replicas: 2 - - # Kubernetes RollingUpdate strategy configurations - strategy: - rollingUpdate: - # The maximum number of pods that can be scheduled above the desired number of pods - maxSurge: 2 - # The maximum number of pods that can be unavailable during the update - maxUnavailable: 0 - - # If the deployment configurations for the Gateway profile of WSO2 API Manager v3.2.0 (/repository/conf/deployment.toml), - # add the customized configuration file under (wso2 -> deployment -> am -> gateway -> config -> deployment.toml) - # config: - # deployment.toml: |- - # # deployment configurations for the Gateway profile of WSO2 API Manager v3.2.0 (/repository/conf/deployment.toml) - - # API Manager's Control Plane specific configurations - cp: - db: - hostname: wso2am-mysql-db-service - port: 3306 - type: mysql - driver: com.mysql.cj.jdbc.Driver - driver_url: https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.29/mysql-connector-java-8.0.29.jar - apim: - username: wso2carbon - password: wso2carbon - url: jdbc:mysql://wso2am-mysql-db-service:3306/WSO2AM_DB?useSSL=false&autoReconnect=true&requireSSL=false&verifyServerCertificate=false - apim_shared: - username: wso2carbon - password: wso2carbon - url: jdbc:mysql://wso2am-mysql-db-service:3306/WSO2AM_SHARED_DB?useSSL=false&autoReconnect=true&requireSSL=false&verifyServerCertificate=false - # Kubernetes Probes - # Startup probe executed prior to Liveness Probe taking over - startupProbe: - # Number of seconds after the container has started before startup probes are initiated - initialDelaySeconds: 60 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Number of attempts - failureThreshold: 8 - # Indicates whether the container is running - livenessProbe: - # How often (in seconds) to perform the probe - periodSeconds: 10 - # Indicates whether the container is ready to service requests - readinessProbe: - # Number of seconds after the container has started before readiness probes are initiated - initialDelaySeconds: 80 - # How often (in seconds) to perform the probe - periodSeconds: 10 - - # Configure Ingress - ingress: - enabled: true - # Name of the IngressClass to use - className: "" - # Hostname for Control Plane profile - hostname: "am.wso2.com" - # Annotations for the API Manager Control Plane service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/session-cookie-name: "route" - nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" - - resources: - # These are the minimum resource recommendations for running WSO2 API Management Control Plane deployment - # as per official documentation (https://apim.docs.wso2.com/en/latest/install-and-setup/install/installation-prerequisites/) - requests: - memory: "2Gi" - cpu: "2000m" - limits: - memory: "3Gi" - cpu: "3000m" - # JVM settings - # These are the resource allocation configurations associated with the JVM - # Refer to the official documentation for advanced details (https://apim.docs.wso2.com/en/latest/install-and-setup/install/installation-prerequisites/) - jvm: - # Resource allocation for the Java Heap - heap: - memory: - # Initial and minimum Heap size - xms: "1024m" - # Maximum Heap size - xmx: "1024m" - - # config: - # deployment.toml: |- - # # deployment configurations for the Control Plane profile of WSO2 API Manager v4.0.0 (/repository/conf/deployment.toml) - - mi: - # If a custom image must be used, uncomment 'dockerRegistry' and provide its value. - dockerRegistry: "docker.wso2.com" - imageName: "wso2mi" - imageTag: "4.2.0.0" - # Number of deployment replicas - replicas: 2 - strategy: - rollingUpdate: - # The maximum number of pods that can be scheduled above the desired number of pods. - maxSurge: 1 - # The maximum number of pods that can be unavailable during the update. - maxUnavailable: 0 - # Kubernetes Probes - # Startup probe executed prior to Liveness Probe taking over - startupProbe: - # Number of seconds after the container has started before startup probes are initiated - initialDelaySeconds: 10 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Number of attempts - failureThreshold: 8 - # Indicates whether the container is running. - livenessProbe: - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # Indicates whether the container is ready to service requests. - readinessProbe: - # Number of seconds after the container has started before readiness probes are initiated. - initialDelaySeconds: 35 - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # These are the minimum resource recommendations for running WSO2 Micro Integrator - resources: - requests: - # The minimum amount of memory that should be allocated for a Pod - memory: "512Mi" - # The minimum amount of CPU that should be allocated for a Pod - cpu: "500m" - limits: - # The maximum amount of memory that should be allocated for a Pod - memory: "1Gi" - # The maximum amount of CPU that should be allocated for a Pod - cpu: "1000m" - # Environment variables for the Micro integrator deployment. - envs: - # ENV_NAME: ENV_VALUE - - # Add the customized deployment configurations for the WSO2 MI v4.2.0 (/conf/deployment.toml) - # config: - # deployment.toml: |- - # # toml configurations for the WSO2 MI v4.2.0 - - # Configure synapse testing. - synapseTest: - enabled: false - - # Configure Ingresses - ingress: - # Name of the IngressClass to use - className: "" - # Configure management ingress - management: - # Hostname for the Micro Integrator management endpoint. - hostname: "management.mi.wso2.com" - # Annotations for the Micro Integrator management Ingress. - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - -kubernetes: - # Name of Kubernetes service account - serviceAccount: "wso2am-pattern-3-svc-account" - -# Override sub chart parameters -mysql-am: - mysql: - persistence: - storageClass: *storage_class diff --git a/advanced/am-pattern-4/README.md b/advanced/am-pattern-4/README.md index 2d4ade66..ef743a6d 100644 --- a/advanced/am-pattern-4/README.md +++ b/advanced/am-pattern-4/README.md @@ -121,20 +121,6 @@ If you are using a custom WSO2 Docker images you will need to provide those info Or else, you can configure the default configurations inside the am-pattern-4 helm chart [values.yaml](https://github.com/wso2/kubernetes-apim/blob/newpattern/advanced/am-pattern-4/values.yaml) file. Refer [this](https://helm.sh/docs/chart_template_guide/values_files/) for to learn more details about the `values.yaml` file. - -> **Note:**
-From the above Helm commands, base image of a Micro Integrator is deployed (without any integration solution). To deploy your integration solution with the Helm charts follow the below steps.

->1. [Create an integration service using WSO2 Integration Studio and expose it as a Managed API](https://apim.docs.wso2.com/en/4.2.0/tutorials/integration-tutorials/service-catalog-tutorial/#exposing-an-integration-service-as-a-managed-api). Then [create a Docker image](https://apim.docs.wso2.com/en/4.2.0/integrate/develop/create-docker-project/#creating-docker-exporter) and push it to your private or public Docker registry.

- - `INTEGRATION_IMAGE_REGISTRY` will refer to the Docker registry that created Docker image has been pushed
- - `INTEGRATION_IMAGE_NAME` will refer to the name of the created Docker image
- - `INTEGRATION_IMAGE_TAG` will refer to the tag of the created Docker image

->2. If your Docker registry is a private registry, [create an imagePullSecret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).

- - `IMAGE_PULL_SECRET` will refer to the created image pull secret

->3. Deploy the helm resource using following command.

-> ``` -> helm install wso2/am-pattern-4 --version 4.2.0-1 --namespace --set wso2.deployment.mi.dockerRegistry= --set wso2.deployment.mi.imageName= --set wso2.deployment.mi.imageTag= --set wso2.deployment.mi.imagePullSecrets= -> ``` - > **Note:** > If you are using Rancher Desktop for the Kubernetes cluster, add the following changes. > 1. Change `storageClass` to `local-path` in [`values.yaml`](https://github.com/wso2/kubernetes-apim/blob/master/advanced/am-pattern-4/values.yaml#L43). @@ -191,13 +177,6 @@ API Manager Websub - ADDRESS: External IP (EXTERNAL-IP) exposing the API Manager's Websub service to outside of the Kubernetes environment - PORTS: Externally exposed service ports of the API Manager's Websub service -Micro Integrator Management APIs - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to wso2am-pattern-4-mi-1-management-ingress) -- HOSTS: Hostname of the WSO2 Micro Integrator service (``) -- ADDRESS: External IP (EXTERNAL-IP) exposing the Micro Integrator service to outside of the Kubernetes environment -PORTS: Externally exposed service ports of the Micro Integrator service - ### 3. Add a DNS record mapping the hostnames and the external IP If the defined hostnames (in the previous step) are backed by a DNS service, add a DNS record mapping the hostnames and @@ -293,26 +272,6 @@ If you do not have an active WSO2 subscription, **do not change** the parameters | `wso2.deployment.am.trafficmanager.resources.jvm.heap.memory.xms` | The minimum Resource allocation for the Java Heap size for running API Manager Traffic Manager | 1024m | | `wso2.deployment.am.trafficmanager.resources.jvm.heap.memory.xmx` | The maximum Resource allocation for the Java Heap size for running API Manager Traffic Manager | 1024m | -###### Micro Integrator Server Configurations - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.mi.dockerRegistry` | Registry location of the Docker image to be used to create Micro Integrator instances | - | -| `wso2.deployment.mi.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2mi` | -| `wso2.deployment.mi.imageTag` | Tag of the image used to create API Manager instances | 4.2.0 | -| `wso2.deployment.mi.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` | -| `wso2.deployment.mi.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for Micro Integrator node | 35 | -| `wso2.deployment.mi.livenessProbe.periodSeconds` | Period of the live-ness probe for Micro Integrator node | 10 | -| `wso2.deployment.mi.readinessProbe.initialDelaySeconds` | Initial delay for the readiness probe for Micro Integrator node | 35 | -| `wso2.deployment.mi.readinessProbe.periodSeconds` | Period of the readiness probe for Micro Integrator node | 10 | -| `wso2.deployment.mi.resources.requests.memory` | The minimum amount of memory that should be allocated for a Pod | 512Mi | -| `wso2.deployment.mi.resources.requests.cpu` | The minimum amount of CPU that should be allocated for a Pod | 500m | -| `wso2.deployment.mi.resources.limits.memory` | The maximum amount of memory that should be allocated for a Pod | 1Gi | -| `wso2.deployment.mi.resources.limits.cpu` | The maximum amount of CPU that should be allocated for a Pod | 1000m | -| `wso2.deployment.mi.config` | Custom deployment configuration file (`/conf/deployment.toml`) | - | -| `wso2.deployment.mi.ingress.management.hostname` | Hostname for Micro Integrator management apis | `management.mi.wso2.com` | -| `wso2.deployment.mi.ingress.management.annotations` | Ingress resource annotations for API Manager Gateway | Community NGINX Ingress controller annotations | - **Note**: The above mentioned default, minimum resource amounts for running WSO2 API Manager server profiles are based on its [official documentation](https://apim.docs.wso2.com/en/4.2.0/install-and-setup/install/installation-prerequisites/). ## Kubernetes Specific Configurations diff --git a/advanced/am-pattern-4/templates/NOTES.txt b/advanced/am-pattern-4/templates/NOTES.txt index 51aa1b41..cfdcdfc5 100644 --- a/advanced/am-pattern-4/templates/NOTES.txt +++ b/advanced/am-pattern-4/templates/NOTES.txt @@ -35,23 +35,4 @@ Please follow these steps to access API Manager Publisher, DevPortal consoles. 3. Navigate to the consoles in your browser of choice. API Manager Publisher: https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/publisher - API Manager DevPortal: https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal - -Please follow these steps to assess Micro Integrator. - -1. Obtain the external IP (`EXTERNAL-IP`) of the Ingress resources by listing down the Kubernetes Ingresses. - - kubectl get ing -n {{ .Release.Namespace }} - - Micro Integrator Management APIs - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-pattern-4.resource.prefix" . }}-mi-1-management-ingress) - - HOSTS: Hostname of the WSO2 Micro Integrator service ({{ .Values.wso2.deployment.mi.ingress.management.hostname }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the Micro Integrator service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the Micro Integrator service - -2. Add the above host as an entry in /etc/hosts file as follows: - - {{ .Values.wso2.deployment.mi.ingress.management.hostname }} - -Please refer the official documentation at https://apim.docs.wso2.com/en/latest/ for additional information on WSO2 API Manager. + API Manager DevPortal: https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal \ No newline at end of file diff --git a/advanced/am-pattern-4/templates/am/control-plane/instance-1/wso2am-pattern-4-am-control-plane-deployment.yaml b/advanced/am-pattern-4/templates/am/control-plane/instance-1/wso2am-pattern-4-am-control-plane-deployment.yaml index 12024b42..03e36fb0 100644 --- a/advanced/am-pattern-4/templates/am/control-plane/instance-1/wso2am-pattern-4-am-control-plane-deployment.yaml +++ b/advanced/am-pattern-4/templates/am/control-plane/instance-1/wso2am-pattern-4-am-control-plane-deployment.yaml @@ -59,7 +59,7 @@ spec: command: - /bin/sh - -c - - nc -z localhost 9443 + - timeout 1 bash -c "> Control Plane has started";'] - - name: init-gw - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of Gateway deployment"; while ! nc -z {{ template "am-pattern-4.resource.prefix" . }}-am-gateway-service 8243; do sleep 1; printf "-"; done; echo -e " >> Gateway has started";'] - containers: - - name: wso2micro-integrator -{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.mi) | indent 10 }} - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - args: - - "-DsynapseTest=true" - {{- end }} - startupProbe: - exec: - command: - - /bin/sh - - -c - - nc -z localhost 8290 - initialDelaySeconds: {{ .Values.wso2.deployment.mi.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.mi.startupProbe.periodSeconds }} - failureThreshold: {{ .Values.wso2.deployment.mi.startupProbe.failureThreshold }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - - nc -z localhost 8290 - periodSeconds: {{ .Values.wso2.deployment.mi.livenessProbe.periodSeconds }} - readinessProbe: - httpGet: - path: /healthz - port: 9201 - initialDelaySeconds: {{ .Values.wso2.deployment.mi.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.mi.readinessProbe.periodSeconds }} - resources: - requests: - memory: {{ .Values.wso2.deployment.mi.resources.requests.memory }} - cpu: {{ .Values.wso2.deployment.mi.resources.requests.cpu }} - limits: - memory: {{ .Values.wso2.deployment.mi.resources.limits.memory }} - cpu: {{ .Values.wso2.deployment.mi.resources.limits.cpu }} - imagePullPolicy: Always - securityContext: - runAsUser: 802 - ports: - - containerPort: 8290 - protocol: TCP - - containerPort: 9201 - protocol: TCP - - containerPort: 9164 - protocol: TCP - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - - containerPort: 9008 - protocol: TCP - {{- end }} - {{- if .Values.wso2.deployment.mi.envs }} - env: - {{- range $key, $val := .Values.wso2.deployment.mi.envs }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - {{- end }} - {{- if .Values.wso2.deployment.mi.config }} - volumeMounts: - - name: wso2mi-conf - mountPath: /home/wso2carbon/wso2-config-volume/conf/deployment.toml - subPath: deployment.toml - {{- end }} - serviceAccountName: {{ .Values.kubernetes.serviceAccount }} - {{- if .Values.wso2.deployment.mi.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.wso2.deployment.mi.imagePullSecrets }} - {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} - imagePullSecrets: - - name: {{ template "am-pattern-4.resource.prefix" . }}-mi-wso2-private-registry-creds - {{ end }} - {{- if .Values.wso2.deployment.mi.config }} - volumes: - - name: wso2mi-conf - configMap: - name: {{ template "am-pattern-4.resource.prefix" . }}-mi-conf - {{ end }} diff --git a/advanced/am-pattern-4/templates/mi/wso2am-pattern-4-mi-management-ingress.yaml b/advanced/am-pattern-4/templates/mi/wso2am-pattern-4-mi-management-ingress.yaml deleted file mode 100644 index 34699212..00000000 --- a/advanced/am-pattern-4/templates/mi/wso2am-pattern-4-mi-management-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-pattern-4.resource.prefix" . }}-mi-management-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.mi.ingress.management.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.mi.ingress.management.annotations | indent 4 }} -{{- end }} -spec: - {{- if .Values.wso2.deployment.mi.ingress.management.className }} - ingressClassName: {{ .Values.wso2.deployment.mi.ingress.management.className }} - {{- end }} - tls: - - hosts: - - {{ .Values.wso2.deployment.mi.ingress.management.hostname | quote }} - rules: - - host: {{ .Values.wso2.deployment.mi.ingress.management.hostname | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-pattern-4.resource.prefix" . }}-mi-service - port: - number: 9164 diff --git a/advanced/am-pattern-4/templates/mi/wso2am-pattern-4-mi-service.yaml b/advanced/am-pattern-4/templates/mi/wso2am-pattern-4-mi-service.yaml deleted file mode 100644 index da778a88..00000000 --- a/advanced/am-pattern-4/templates/mi/wso2am-pattern-4-mi-service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-pattern-4.resource.prefix" . }}-mi-service - namespace : {{ .Release.Namespace }} - labels: - deployment: {{ template "am-pattern-4.resource.prefix" . }}-mi - node: {{ template "am-pattern-4.resource.prefix" . }}-mi -{{ include "am-pattern-4.labels" . | indent 4 }} -spec: - type: ClusterIP - ports: - - port: 8290 - targetPort: 8290 - protocol: TCP - name: pass-through-http - - port: 8253 - targetPort: 8253 - protocol: TCP - name: pass-through-https - - port: 9201 - targetPort: 9201 - protocol: TCP - name: metrics - - port: 9164 - targetPort: 9164 - protocol: TCP - name: management - {{- if .Values.wso2.deployment.mi.synapseTest.enabled }} - - port: 9008 - targetPort: 9008 - protocol: TCP - name: synapse-test - {{- end}} - selector: - deployment: {{ template "am-pattern-4.resource.prefix" . }}-mi - node: {{ template "am-pattern-4.resource.prefix" . }}-mi diff --git a/advanced/am-pattern-4/templates/wso2am-pattern-4-mi-secrets.yaml b/advanced/am-pattern-4/templates/wso2am-pattern-4-mi-secrets.yaml deleted file mode 100644 index 801ca716..00000000 --- a/advanced/am-pattern-4/templates/wso2am-pattern-4-mi-secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) (eq (default "docker.wso2.com" .Values.wso2.deployment.mi.dockerRegistry) "docker.wso2.com") }} -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $username := .Values.wso2.subscription.username }} -{{- $password := .Values.wso2.subscription.password }} -{{- $email := .Values.wso2.subscription.username }} -{{- $regId := default "docker.wso2.com" .Values.wso2.deployment.mi.dockerRegistry }} -{{- $auth := printf "%s:%s" $username $password | b64enc }} -{{- $files := .Files }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "am-pattern-4.resource.prefix" . }}-mi-wso2-private-registry-creds - namespace: {{ .Release.Namespace }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ $files.Get "auth.json" | replace "reg.id" $regId | replace "docker.wso2.com.username" $username | replace "docker.wso2.com.password" $password | replace "docker.wso2.com.email" $email | replace "docker.wso2.com.auth" $auth | b64enc }} -{{ end }} diff --git a/advanced/am-pattern-4/values.yaml b/advanced/am-pattern-4/values.yaml index 04b47ba0..eed039f7 100644 --- a/advanced/am-pattern-4/values.yaml +++ b/advanced/am-pattern-4/values.yaml @@ -280,76 +280,6 @@ wso2: # deployment.toml: |- # # deployment configurations for the Control Plane profile of WSO2 API Manager v4.0.0 (/repository/conf/deployment.toml) - mi: - # If a custom image must be used, uncomment 'dockerRegistry' and provide its value. - dockerRegistry: "docker.wso2.com" - imageName: "wso2mi" - imageTag: "4.2.0.0" - # Number of MI replicas - replicas: 2 - strategy: - rollingUpdate: - # The maximum number of pods that can be scheduled above the desired number of pods. - maxSurge: 1 - # The maximum number of pods that can be unavailable during the update. - maxUnavailable: 0 - # Kubernetes Probes - # Startup probe executed prior to Liveness Probe taking over - startupProbe: - # Number of seconds after the container has started before startup probes are initiated - initialDelaySeconds: 10 - # How often (in seconds) to perform the probe - periodSeconds: 5 - # Number of attempts - failureThreshold: 8 - # Indicates whether the container is running. - livenessProbe: - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # Indicates whether the container is ready to service requests. - readinessProbe: - # Number of seconds after the container has started before readiness probes are initiated. - initialDelaySeconds: 35 - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # These are the minimum resource recommendations for running WSO2 Micro Integrator - resources: - requests: - # The minimum amount of memory that should be allocated for a Pod - memory: "512Mi" - # The minimum amount of CPU that should be allocated for a Pod - cpu: "500m" - limits: - # The maximum amount of memory that should be allocated for a Pod - memory: "1Gi" - # The maximum amount of CPU that should be allocated for a Pod - cpu: "1000m" - # Environment variables for the Micro integrator deployment. - envs: - # ENV_NAME: ENV_VALUE - - # Add the customized deployment configurations for the WSO2 MI v4.2.0 (/conf/deployment.toml) - # config: - # deployment.toml: |- - # # toml configurations for the WSO2 MI v4.2.0 - - # Configure synapse testing. - synapseTest: - enabled: false - - # Configure Ingresses - ingress: - # Name of the IngressClass to use - className: "" - # Configure management ingress - management: - # Hostname for the Micro Integrator management endpoint. - hostname: "management.mi.wso2.com" - # Annotations for the Micro Integrator management Ingress. - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - kubernetes: # Name of Kubernetes service account serviceAccount: "wso2am-pattern-4-svc-account" diff --git a/advanced/mysql-am/Chart.yaml b/advanced/mysql-am/Chart.yaml deleted file mode 100644 index 43e3e507..00000000 --- a/advanced/mysql-am/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -appVersion: "5.7" -description: A Helm chart for MySQL based deployment of WSO2 API Management Datasources -name: mysql-am -version: 4.2.0-1 -icon: https://wso2.cachefly.net/wso2/sites/all/images/wso2logo.svg diff --git a/advanced/mysql-am/requirements.yaml b/advanced/mysql-am/requirements.yaml deleted file mode 100644 index 4db6cfcc..00000000 --- a/advanced/mysql-am/requirements.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: mysql - version: "1.6.9" - repository: "https://helm.wso2.com" diff --git a/advanced/mysql-am/values.yaml b/advanced/mysql-am/values.yaml deleted file mode 100644 index a77c7529..00000000 --- a/advanced/mysql-am/values.yaml +++ /dev/null @@ -1,3055 +0,0 @@ -# Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -mysql: - image: "bitnami/mysql" - imageTag: "5.7.41" - mysqlRootPassword: root - mysqlUser: wso2carbon - mysqlPassword: wso2carbon - fullnameOverride: "wso2am-mysql-db-service" - livenessProbe: - initialDelaySeconds: 120 - readinessProbe: - initialDelaySeconds: 120 - configurationFiles: - mysql.cnf: |- - [mysqld] - max_connections = 10000 - initializationFiles: - mysql_apim.sql: |- - DROP DATABASE IF EXISTS WSO2AM_DB; - CREATE DATABASE WSO2AM_DB DEFAULT CHARACTER SET latin1; - GRANT ALL ON WSO2AM_DB.* TO 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon'; - - USE WSO2AM_DB; - - -- Start of IDENTITY Tables-- - CREATE TABLE IF NOT EXISTS IDN_BASE_TABLE ( - PRODUCT_NAME VARCHAR(20), - PRIMARY KEY (PRODUCT_NAME) - )ENGINE INNODB; - - INSERT INTO IDN_BASE_TABLE values ('WSO2 Identity Server'); - - CREATE TABLE IF NOT EXISTS IDN_OAUTH_CONSUMER_APPS ( - ID INTEGER NOT NULL AUTO_INCREMENT, - CONSUMER_KEY VARCHAR(255), - CONSUMER_SECRET VARCHAR(2048), - USERNAME VARCHAR(255), - TENANT_ID INTEGER DEFAULT 0, - USER_DOMAIN VARCHAR(50), - APP_NAME VARCHAR(255), - OAUTH_VERSION VARCHAR(128), - CALLBACK_URL VARCHAR(2048), - GRANT_TYPES VARCHAR (1024), - PKCE_MANDATORY CHAR(1) DEFAULT '0', - PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0', - APP_STATE VARCHAR (25) DEFAULT 'ACTIVE', - USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600, - APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600, - REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600, - ID_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600, - CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY), - PRIMARY KEY (ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_VALIDATORS ( - APP_ID INTEGER NOT NULL, - SCOPE_VALIDATOR VARCHAR (128) NOT NULL, - PRIMARY KEY (APP_ID,SCOPE_VALIDATOR), - FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH1A_REQUEST_TOKEN ( - REQUEST_TOKEN VARCHAR(255), - REQUEST_TOKEN_SECRET VARCHAR(512), - CONSUMER_KEY_ID INTEGER, - CALLBACK_URL VARCHAR(2048), - SCOPE VARCHAR(2048), - AUTHORIZED VARCHAR(128), - OAUTH_VERIFIER VARCHAR(512), - AUTHZ_USER VARCHAR(512), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (REQUEST_TOKEN), - FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH1A_ACCESS_TOKEN ( - ACCESS_TOKEN VARCHAR(255), - ACCESS_TOKEN_SECRET VARCHAR(512), - CONSUMER_KEY_ID INTEGER, - SCOPE VARCHAR(2048), - AUTHZ_USER VARCHAR(512), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (ACCESS_TOKEN), - FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN ( - TOKEN_ID VARCHAR (255), - ACCESS_TOKEN VARCHAR(2048), - REFRESH_TOKEN VARCHAR(2048), - CONSUMER_KEY_ID INTEGER, - AUTHZ_USER VARCHAR (100), - TENANT_ID INTEGER, - USER_DOMAIN VARCHAR(50), - USER_TYPE VARCHAR (25), - GRANT_TYPE VARCHAR (50), - TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - REFRESH_TOKEN_TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - VALIDITY_PERIOD BIGINT, - REFRESH_TOKEN_VALIDITY_PERIOD BIGINT, - TOKEN_SCOPE_HASH VARCHAR(32), - TOKEN_STATE VARCHAR(25) DEFAULT 'ACTIVE', - TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE', - SUBJECT_IDENTIFIER VARCHAR(255), - ACCESS_TOKEN_HASH VARCHAR(512), - REFRESH_TOKEN_HASH VARCHAR(512), - IDP_ID INTEGER DEFAULT -1 NOT NULL, - TOKEN_BINDING_REF VARCHAR (32) DEFAULT 'NONE', - CONSENTED_TOKEN VARCHAR(6), - PRIMARY KEY (TOKEN_ID), - FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE, - CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH, - TOKEN_STATE,TOKEN_STATE_ID,IDP_ID,TOKEN_BINDING_REF) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_TOKEN_BINDING ( - TOKEN_ID VARCHAR (255), - TOKEN_BINDING_TYPE VARCHAR (32), - TOKEN_BINDING_REF VARCHAR (32), - TOKEN_BINDING_VALUE VARCHAR (1024), - TENANT_ID INTEGER DEFAULT -1, - UNIQUE (TOKEN_ID,TOKEN_BINDING_TYPE,TOKEN_BINDING_VALUE), - FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE - )ENGINE INNODB; - - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_AUDIT ( - ID INTEGER NOT NULL AUTO_INCREMENT, - TOKEN_ID VARCHAR (255), - ACCESS_TOKEN VARCHAR(2048), - REFRESH_TOKEN VARCHAR(2048), - CONSUMER_KEY_ID INTEGER, - AUTHZ_USER VARCHAR (100), - TENANT_ID INTEGER, - USER_DOMAIN VARCHAR(50), - USER_TYPE VARCHAR (25), - GRANT_TYPE VARCHAR (50), - TIME_CREATED TIMESTAMP NULL, - REFRESH_TOKEN_TIME_CREATED TIMESTAMP NULL, - VALIDITY_PERIOD BIGINT, - REFRESH_TOKEN_VALIDITY_PERIOD BIGINT, - TOKEN_SCOPE_HASH VARCHAR(32), - TOKEN_STATE VARCHAR(25), - TOKEN_STATE_ID VARCHAR (128) , - SUBJECT_IDENTIFIER VARCHAR(255), - ACCESS_TOKEN_HASH VARCHAR(512), - REFRESH_TOKEN_HASH VARCHAR(512), - INVALIDATED_TIME TIMESTAMP NULL, - IDP_ID INTEGER DEFAULT -1 NOT NULL, - PRIMARY KEY(ID) - ); - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHORIZATION_CODE ( - CODE_ID VARCHAR (255), - AUTHORIZATION_CODE VARCHAR(2048), - CONSUMER_KEY_ID INTEGER, - CALLBACK_URL VARCHAR(2048), - SCOPE VARCHAR(2048), - AUTHZ_USER VARCHAR (100), - TENANT_ID INTEGER, - USER_DOMAIN VARCHAR(50), - TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - VALIDITY_PERIOD BIGINT, - STATE VARCHAR (25) DEFAULT 'ACTIVE', - TOKEN_ID VARCHAR(255), - SUBJECT_IDENTIFIER VARCHAR(255), - PKCE_CODE_CHALLENGE VARCHAR(255), - PKCE_CODE_CHALLENGE_METHOD VARCHAR(128), - AUTHORIZATION_CODE_HASH VARCHAR(512), - IDP_ID INTEGER DEFAULT -1 NOT NULL, - PRIMARY KEY (CODE_ID), - FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE - )ENGINE INNODB; - - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHZ_CODE_SCOPE( - CODE_ID VARCHAR(255), - SCOPE VARCHAR(60), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (CODE_ID, SCOPE), - FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE (CODE_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_DEVICE_FLOW ( - CODE_ID VARCHAR(255), - DEVICE_CODE VARCHAR(255), - USER_CODE VARCHAR(25), - QUANTIFIER INTEGER NOT NULL DEFAULT 0, - CONSUMER_KEY_ID INTEGER, - LAST_POLL_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - EXPIRY_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - POLL_TIME BIGINT, - STATUS VARCHAR (25) DEFAULT 'PENDING', - AUTHZ_USER VARCHAR (100), - TENANT_ID INTEGER, - USER_DOMAIN VARCHAR(50), - IDP_ID INTEGER, - PRIMARY KEY (DEVICE_CODE), - UNIQUE (CODE_ID), - CONSTRAINT USRCDE_QNTFR_CONSTRAINT UNIQUE (USER_CODE, QUANTIFIER), - FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_DEVICE_FLOW_SCOPES ( - ID INTEGER NOT NULL AUTO_INCREMENT, - SCOPE_ID VARCHAR(255), - SCOPE VARCHAR(255), - PRIMARY KEY (ID), - FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_DEVICE_FLOW(CODE_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE ( - TOKEN_ID VARCHAR (255), - TOKEN_SCOPE VARCHAR (100), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (TOKEN_ID, TOKEN_SCOPE), - FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE ( - SCOPE_ID INTEGER NOT NULL AUTO_INCREMENT, - NAME VARCHAR(255) NOT NULL, - DISPLAY_NAME VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(512), - TENANT_ID INTEGER NOT NULL DEFAULT -1, - SCOPE_TYPE VARCHAR(255) NOT NULL, - PRIMARY KEY (SCOPE_ID), - UNIQUE (NAME, TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_BINDING ( - ID INTEGER NOT NULL AUTO_INCREMENT, - SCOPE_ID INTEGER NOT NULL, - SCOPE_BINDING VARCHAR(255) NOT NULL, - BINDING_TYPE VARCHAR(255) NOT NULL, - FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE (SCOPE_ID) ON DELETE CASCADE, - UNIQUE (SCOPE_ID, SCOPE_BINDING, BINDING_TYPE), - PRIMARY KEY (ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_RESOURCE_SCOPE ( - RESOURCE_PATH VARCHAR(255) NOT NULL, - SCOPE_ID INTEGER NOT NULL, - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (RESOURCE_PATH), - FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE (SCOPE_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_SCIM_GROUP ( - ID INTEGER AUTO_INCREMENT, - TENANT_ID INTEGER NOT NULL, - ROLE_NAME VARCHAR(255) NOT NULL, - ATTR_NAME VARCHAR(1024) NOT NULL, - ATTR_VALUE VARCHAR(1024), - UNIQUE(TENANT_ID, ROLE_NAME, ATTR_NAME), - PRIMARY KEY (ID) - )ENGINE INNODB; - - - - CREATE TABLE IF NOT EXISTS IDN_OPENID_REMEMBER_ME ( - USER_NAME VARCHAR(255) NOT NULL, - TENANT_ID INTEGER DEFAULT 0, - COOKIE_VALUE VARCHAR(1024), - CREATED_TIME TIMESTAMP, - PRIMARY KEY (USER_NAME, TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OPENID_USER_RPS ( - USER_NAME VARCHAR(255) NOT NULL, - TENANT_ID INTEGER DEFAULT 0, - RP_URL VARCHAR(255) NOT NULL, - TRUSTED_ALWAYS VARCHAR(128) DEFAULT 'FALSE', - LAST_VISIT DATE NOT NULL, - VISIT_COUNT INTEGER DEFAULT 0, - DEFAULT_PROFILE_NAME VARCHAR(255) DEFAULT 'DEFAULT', - PRIMARY KEY (USER_NAME, TENANT_ID, RP_URL) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OPENID_ASSOCIATIONS ( - HANDLE VARCHAR(255) NOT NULL, - ASSOC_TYPE VARCHAR(255) NOT NULL, - EXPIRE_IN TIMESTAMP NOT NULL, - MAC_KEY VARCHAR(255) NOT NULL, - ASSOC_STORE VARCHAR(128) DEFAULT 'SHARED', - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (HANDLE) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_STS_STORE ( - ID INTEGER AUTO_INCREMENT, - TOKEN_ID VARCHAR(255) NOT NULL, - TOKEN_CONTENT BLOB(1024) NOT NULL, - CREATE_DATE TIMESTAMP NOT NULL, - EXPIRE_DATE TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - STATE INTEGER DEFAULT 0, - PRIMARY KEY (ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_IDENTITY_USER_DATA ( - TENANT_ID INTEGER DEFAULT -1234, - USER_NAME VARCHAR(255) NOT NULL, - DATA_KEY VARCHAR(255) NOT NULL, - DATA_VALUE VARCHAR(2048), - PRIMARY KEY (TENANT_ID, USER_NAME, DATA_KEY) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_IDENTITY_META_DATA ( - USER_NAME VARCHAR(255) NOT NULL, - TENANT_ID INTEGER DEFAULT -1234, - METADATA_TYPE VARCHAR(255) NOT NULL, - METADATA VARCHAR(255) NOT NULL, - VALID VARCHAR(255) NOT NULL, - PRIMARY KEY (TENANT_ID, USER_NAME, METADATA_TYPE,METADATA) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_THRIFT_SESSION ( - SESSION_ID VARCHAR(255) NOT NULL, - USER_NAME VARCHAR(255) NOT NULL, - CREATED_TIME VARCHAR(255) NOT NULL, - LAST_MODIFIED_TIME VARCHAR(255) NOT NULL, - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (SESSION_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_STORE ( - SESSION_ID VARCHAR (100) NOT NULL, - SESSION_TYPE VARCHAR(100) NOT NULL, - OPERATION VARCHAR(10) NOT NULL, - SESSION_OBJECT BLOB, - TIME_CREATED BIGINT, - TENANT_ID INTEGER DEFAULT -1, - EXPIRY_TIME BIGINT, - PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION) - )ENGINE INNODB; - - - - - CREATE TABLE IF NOT EXISTS IDN_AUTH_TEMP_SESSION_STORE ( - SESSION_ID VARCHAR (100) NOT NULL, - SESSION_TYPE VARCHAR(100) NOT NULL, - OPERATION VARCHAR(10) NOT NULL, - SESSION_OBJECT BLOB, - TIME_CREATED BIGINT, - TENANT_ID INTEGER DEFAULT -1, - EXPIRY_TIME BIGINT, - PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_AUTH_USER ( - USER_ID VARCHAR(255) NOT NULL, - USER_NAME VARCHAR(255) NOT NULL, - TENANT_ID INTEGER NOT NULL, - DOMAIN_NAME VARCHAR(255) NOT NULL, - IDP_ID INTEGER NOT NULL, - PRIMARY KEY (USER_ID), - CONSTRAINT USER_STORE_CONSTRAINT UNIQUE (USER_NAME, TENANT_ID, DOMAIN_NAME, IDP_ID)); - - CREATE TABLE IF NOT EXISTS IDN_AUTH_USER_SESSION_MAPPING ( - ID INTEGER NOT NULL AUTO_INCREMENT, - USER_ID VARCHAR(255) NOT NULL, - SESSION_ID VARCHAR(255) NOT NULL, - CONSTRAINT USER_SESSION_STORE_CONSTRAINT UNIQUE (USER_ID, SESSION_ID), - PRIMARY KEY (ID)); - - CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_APP_INFO ( - SESSION_ID VARCHAR (100) NOT NULL, - SUBJECT VARCHAR (100) NOT NULL, - APP_ID INTEGER NOT NULL, - INBOUND_AUTH_TYPE VARCHAR (255) NOT NULL, - PRIMARY KEY (SESSION_ID, SUBJECT, APP_ID, INBOUND_AUTH_TYPE) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_META_DATA ( - SESSION_ID VARCHAR (100) NOT NULL, - PROPERTY_TYPE VARCHAR (100) NOT NULL, - VALUE VARCHAR (255) NOT NULL, - PRIMARY KEY (SESSION_ID, PROPERTY_TYPE, VALUE) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS SP_APP ( - ID INTEGER NOT NULL AUTO_INCREMENT, - TENANT_ID INTEGER NOT NULL, - APP_NAME VARCHAR (255) NOT NULL , - USER_STORE VARCHAR (255) NOT NULL, - USERNAME VARCHAR (255) NOT NULL , - DESCRIPTION VARCHAR (1024), - ROLE_CLAIM VARCHAR (512), - AUTH_TYPE VARCHAR (255) NOT NULL, - PROVISIONING_USERSTORE_DOMAIN VARCHAR (512), - IS_LOCAL_CLAIM_DIALECT CHAR(1) DEFAULT '1', - IS_SEND_LOCAL_SUBJECT_ID CHAR(1) DEFAULT '0', - IS_SEND_AUTH_LIST_OF_IDPS CHAR(1) DEFAULT '0', - IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1', - IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1', - ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0', - SUBJECT_CLAIM_URI VARCHAR (512), - IS_SAAS_APP CHAR(1) DEFAULT '0', - IS_DUMB_MODE CHAR(1) DEFAULT '0', - UUID CHAR(36), - IMAGE_URL VARCHAR(1024), - ACCESS_URL VARCHAR(1024), - IS_DISCOVERABLE CHAR(1) DEFAULT '0', - - PRIMARY KEY (ID) - )ENGINE INNODB; - - ALTER TABLE SP_APP ADD CONSTRAINT APPLICATION_NAME_CONSTRAINT UNIQUE(APP_NAME, TENANT_ID); - ALTER TABLE SP_APP ADD CONSTRAINT APPLICATION_UUID_CONSTRAINT UNIQUE(UUID); - - CREATE TABLE IF NOT EXISTS SP_METADATA ( - ID INTEGER AUTO_INCREMENT, - SP_ID INTEGER, - NAME VARCHAR(255) NOT NULL, - VALUE VARCHAR(255) NOT NULL, - DISPLAY_NAME VARCHAR(255), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (ID), - CONSTRAINT SP_METADATA_CONSTRAINT UNIQUE (SP_ID, NAME), - FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS SP_INBOUND_AUTH ( - ID INTEGER NOT NULL AUTO_INCREMENT, - TENANT_ID INTEGER NOT NULL, - INBOUND_AUTH_KEY VARCHAR (255), - INBOUND_AUTH_TYPE VARCHAR (255) NOT NULL, - INBOUND_CONFIG_TYPE VARCHAR (255) NOT NULL, - PROP_NAME VARCHAR (255), - PROP_VALUE VARCHAR (1024) , - APP_ID INTEGER NOT NULL, - PRIMARY KEY (ID) - )ENGINE INNODB; - - ALTER TABLE SP_INBOUND_AUTH ADD CONSTRAINT APPLICATION_ID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; - - CREATE TABLE IF NOT EXISTS SP_AUTH_STEP ( - ID INTEGER NOT NULL AUTO_INCREMENT, - TENANT_ID INTEGER NOT NULL, - STEP_ORDER INTEGER DEFAULT 1, - APP_ID INTEGER NOT NULL , - IS_SUBJECT_STEP CHAR(1) DEFAULT '0', - IS_ATTRIBUTE_STEP CHAR(1) DEFAULT '0', - PRIMARY KEY (ID) - )ENGINE INNODB; - - ALTER TABLE SP_AUTH_STEP ADD CONSTRAINT APPLICATION_ID_CONSTRAINT_STEP FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; - - CREATE TABLE IF NOT EXISTS SP_FEDERATED_IDP ( - ID INTEGER NOT NULL, - TENANT_ID INTEGER NOT NULL, - AUTHENTICATOR_ID INTEGER NOT NULL, - PRIMARY KEY (ID, AUTHENTICATOR_ID) - )ENGINE INNODB; - - ALTER TABLE SP_FEDERATED_IDP ADD CONSTRAINT STEP_ID_CONSTRAINT FOREIGN KEY (ID) REFERENCES SP_AUTH_STEP (ID) ON DELETE CASCADE; - - CREATE TABLE IF NOT EXISTS SP_CLAIM_DIALECT ( - ID INTEGER NOT NULL AUTO_INCREMENT, - TENANT_ID INTEGER NOT NULL, - SP_DIALECT VARCHAR (512) NOT NULL, - APP_ID INTEGER NOT NULL, - PRIMARY KEY (ID)); - - ALTER TABLE SP_CLAIM_DIALECT ADD CONSTRAINT DIALECTID_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; - - CREATE TABLE IF NOT EXISTS SP_CLAIM_MAPPING ( - ID INTEGER NOT NULL AUTO_INCREMENT, - TENANT_ID INTEGER NOT NULL, - IDP_CLAIM VARCHAR (512) NOT NULL , - SP_CLAIM VARCHAR (512) NOT NULL , - APP_ID INTEGER NOT NULL, - IS_REQUESTED VARCHAR(128) DEFAULT '0', - IS_MANDATORY VARCHAR(128) DEFAULT '0', - DEFAULT_VALUE VARCHAR(255), - PRIMARY KEY (ID) - )ENGINE INNODB; - - ALTER TABLE SP_CLAIM_MAPPING ADD CONSTRAINT CLAIMID_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; - - CREATE TABLE IF NOT EXISTS SP_ROLE_MAPPING ( - ID INTEGER NOT NULL AUTO_INCREMENT, - TENANT_ID INTEGER NOT NULL, - IDP_ROLE VARCHAR (255) NOT NULL , - SP_ROLE VARCHAR (255) NOT NULL , - APP_ID INTEGER NOT NULL, - PRIMARY KEY (ID) - )ENGINE INNODB; - - ALTER TABLE SP_ROLE_MAPPING ADD CONSTRAINT ROLEID_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; - - CREATE TABLE IF NOT EXISTS SP_REQ_PATH_AUTHENTICATOR ( - ID INTEGER NOT NULL AUTO_INCREMENT, - TENANT_ID INTEGER NOT NULL, - AUTHENTICATOR_NAME VARCHAR (255) NOT NULL , - APP_ID INTEGER NOT NULL, - PRIMARY KEY (ID) - )ENGINE INNODB; - - ALTER TABLE SP_REQ_PATH_AUTHENTICATOR ADD CONSTRAINT REQ_AUTH_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; - - CREATE TABLE IF NOT EXISTS SP_PROVISIONING_CONNECTOR ( - ID INTEGER NOT NULL AUTO_INCREMENT, - TENANT_ID INTEGER NOT NULL, - IDP_NAME VARCHAR (255) NOT NULL , - CONNECTOR_NAME VARCHAR (255) NOT NULL , - APP_ID INTEGER NOT NULL, - IS_JIT_ENABLED CHAR(1) NOT NULL DEFAULT '0', - BLOCKING CHAR(1) NOT NULL DEFAULT '0', - RULE_ENABLED CHAR(1) NOT NULL DEFAULT '0', - PRIMARY KEY (ID) - )ENGINE INNODB; - - ALTER TABLE SP_PROVISIONING_CONNECTOR ADD CONSTRAINT PRO_CONNECTOR_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE; - - CREATE TABLE SP_AUTH_SCRIPT ( - ID INTEGER AUTO_INCREMENT NOT NULL, - TENANT_ID INTEGER NOT NULL, - APP_ID INTEGER NOT NULL, - TYPE VARCHAR(255) NOT NULL, - CONTENT BLOB DEFAULT NULL, - IS_ENABLED CHAR(1) NOT NULL DEFAULT '0', - PRIMARY KEY (ID)); - - CREATE TABLE IF NOT EXISTS SP_TEMPLATE ( - ID INTEGER AUTO_INCREMENT NOT NULL, - TENANT_ID INTEGER NOT NULL, - NAME VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(1023), - CONTENT BLOB DEFAULT NULL, - PRIMARY KEY (ID), - CONSTRAINT SP_TEMPLATE_CONSTRAINT UNIQUE (TENANT_ID, NAME)); - - CREATE TABLE IF NOT EXISTS IDN_AUTH_WAIT_STATUS ( - ID INTEGER AUTO_INCREMENT NOT NULL, - TENANT_ID INTEGER NOT NULL, - LONG_WAIT_KEY VARCHAR(255) NOT NULL, - WAIT_STATUS CHAR(1) NOT NULL DEFAULT '1', - TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - EXPIRE_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (ID), - CONSTRAINT IDN_AUTH_WAIT_STATUS_KEY UNIQUE (LONG_WAIT_KEY)); - - CREATE TABLE IF NOT EXISTS IDP ( - ID INTEGER AUTO_INCREMENT, - TENANT_ID INTEGER, - NAME VARCHAR(254) NOT NULL, - IS_ENABLED CHAR(1) NOT NULL DEFAULT '1', - IS_PRIMARY CHAR(1) NOT NULL DEFAULT '0', - HOME_REALM_ID VARCHAR(254), - IMAGE MEDIUMBLOB, - CERTIFICATE BLOB, - ALIAS VARCHAR(254), - INBOUND_PROV_ENABLED CHAR (1) NOT NULL DEFAULT '0', - INBOUND_PROV_USER_STORE_ID VARCHAR(254), - USER_CLAIM_URI VARCHAR(254), - ROLE_CLAIM_URI VARCHAR(254), - DESCRIPTION VARCHAR (1024), - DEFAULT_AUTHENTICATOR_NAME VARCHAR(254), - DEFAULT_PRO_CONNECTOR_NAME VARCHAR(254), - PROVISIONING_ROLE VARCHAR(128), - IS_FEDERATION_HUB CHAR(1) NOT NULL DEFAULT '0', - IS_LOCAL_CLAIM_DIALECT CHAR(1) NOT NULL DEFAULT '0', - DISPLAY_NAME VARCHAR(255), - IMAGE_URL VARCHAR(1024), - UUID CHAR(36) NOT NULL, - PRIMARY KEY (ID), - UNIQUE (TENANT_ID, NAME), - UNIQUE (UUID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_ROLE ( - ID INTEGER AUTO_INCREMENT, - IDP_ID INTEGER, - TENANT_ID INTEGER, - ROLE VARCHAR(254), - PRIMARY KEY (ID), - UNIQUE (IDP_ID, ROLE), - FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_ROLE_MAPPING ( - ID INTEGER AUTO_INCREMENT, - IDP_ROLE_ID INTEGER, - TENANT_ID INTEGER, - USER_STORE_ID VARCHAR (253), - LOCAL_ROLE VARCHAR(253), - PRIMARY KEY (ID), - UNIQUE (IDP_ROLE_ID, TENANT_ID, USER_STORE_ID, LOCAL_ROLE), - FOREIGN KEY (IDP_ROLE_ID) REFERENCES IDP_ROLE(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_CLAIM ( - ID INTEGER AUTO_INCREMENT, - IDP_ID INTEGER, - TENANT_ID INTEGER, - CLAIM VARCHAR(254), - PRIMARY KEY (ID), - UNIQUE (IDP_ID, CLAIM), - FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_CLAIM_MAPPING ( - ID INTEGER AUTO_INCREMENT, - IDP_CLAIM_ID INTEGER, - TENANT_ID INTEGER, - LOCAL_CLAIM VARCHAR(253), - DEFAULT_VALUE VARCHAR(255), - IS_REQUESTED VARCHAR(128) DEFAULT '0', - PRIMARY KEY (ID), - UNIQUE (IDP_CLAIM_ID, TENANT_ID, LOCAL_CLAIM), - FOREIGN KEY (IDP_CLAIM_ID) REFERENCES IDP_CLAIM(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_AUTHENTICATOR ( - ID INTEGER AUTO_INCREMENT, - TENANT_ID INTEGER, - IDP_ID INTEGER, - NAME VARCHAR(255) NOT NULL, - IS_ENABLED CHAR (1) DEFAULT '1', - DISPLAY_NAME VARCHAR(255), - PRIMARY KEY (ID), - UNIQUE (TENANT_ID, IDP_ID, NAME), - FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_METADATA ( - ID INTEGER AUTO_INCREMENT, - IDP_ID INTEGER, - NAME VARCHAR(255) NOT NULL, - VALUE VARCHAR(255) NOT NULL, - DISPLAY_NAME VARCHAR(255), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (ID), - CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME), - FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_AUTHENTICATOR_PROPERTY ( - ID INTEGER AUTO_INCREMENT, - TENANT_ID INTEGER, - AUTHENTICATOR_ID INTEGER, - PROPERTY_KEY VARCHAR(255) NOT NULL, - PROPERTY_VALUE VARCHAR(2047), - IS_SECRET CHAR (1) DEFAULT '0', - PRIMARY KEY (ID), - UNIQUE (TENANT_ID, AUTHENTICATOR_ID, PROPERTY_KEY), - FOREIGN KEY (AUTHENTICATOR_ID) REFERENCES IDP_AUTHENTICATOR(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_PROVISIONING_CONFIG ( - ID INTEGER AUTO_INCREMENT, - TENANT_ID INTEGER, - IDP_ID INTEGER, - PROVISIONING_CONNECTOR_TYPE VARCHAR(255) NOT NULL, - IS_ENABLED CHAR (1) DEFAULT '0', - IS_BLOCKING CHAR (1) DEFAULT '0', - IS_RULES_ENABLED CHAR (1) DEFAULT '0', - PRIMARY KEY (ID), - UNIQUE (TENANT_ID, IDP_ID, PROVISIONING_CONNECTOR_TYPE), - FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_PROV_CONFIG_PROPERTY ( - ID INTEGER AUTO_INCREMENT, - TENANT_ID INTEGER, - PROVISIONING_CONFIG_ID INTEGER, - PROPERTY_KEY VARCHAR(255) NOT NULL, - PROPERTY_VALUE VARCHAR(2048), - PROPERTY_BLOB_VALUE BLOB, - PROPERTY_TYPE CHAR(32) NOT NULL, - IS_SECRET CHAR (1) DEFAULT '0', - PRIMARY KEY (ID), - UNIQUE (TENANT_ID, PROVISIONING_CONFIG_ID, PROPERTY_KEY), - FOREIGN KEY (PROVISIONING_CONFIG_ID) REFERENCES IDP_PROVISIONING_CONFIG(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_PROVISIONING_ENTITY ( - ID INTEGER AUTO_INCREMENT, - PROVISIONING_CONFIG_ID INTEGER, - ENTITY_TYPE VARCHAR(255) NOT NULL, - ENTITY_LOCAL_USERSTORE VARCHAR(255) NOT NULL, - ENTITY_NAME VARCHAR(255) NOT NULL, - ENTITY_VALUE VARCHAR(255), - TENANT_ID INTEGER, - ENTITY_LOCAL_ID VARCHAR(255), - PRIMARY KEY (ID), - UNIQUE (ENTITY_TYPE, TENANT_ID, ENTITY_LOCAL_USERSTORE, ENTITY_NAME, PROVISIONING_CONFIG_ID), - UNIQUE (PROVISIONING_CONFIG_ID, ENTITY_TYPE, ENTITY_VALUE), - FOREIGN KEY (PROVISIONING_CONFIG_ID) REFERENCES IDP_PROVISIONING_CONFIG(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDP_LOCAL_CLAIM ( - ID INTEGER AUTO_INCREMENT, - TENANT_ID INTEGER, - IDP_ID INTEGER, - CLAIM_URI VARCHAR(255) NOT NULL, - DEFAULT_VALUE VARCHAR(255), - IS_REQUESTED VARCHAR(128) DEFAULT '0', - PRIMARY KEY (ID), - UNIQUE (TENANT_ID, IDP_ID, CLAIM_URI), - FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_ASSOCIATED_ID ( - ID INTEGER AUTO_INCREMENT, - IDP_USER_ID VARCHAR(255) NOT NULL, - TENANT_ID INTEGER DEFAULT -1234, - IDP_ID INTEGER NOT NULL, - DOMAIN_NAME VARCHAR(255) NOT NULL, - USER_NAME VARCHAR(255) NOT NULL, - ASSOCIATION_ID CHAR(36) NOT NULL, - PRIMARY KEY (ID), - UNIQUE(IDP_USER_ID, TENANT_ID, IDP_ID), - FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_USER_ACCOUNT_ASSOCIATION ( - ASSOCIATION_KEY VARCHAR(255) NOT NULL, - TENANT_ID INTEGER, - DOMAIN_NAME VARCHAR(255) NOT NULL, - USER_NAME VARCHAR(255) NOT NULL, - PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS FIDO_DEVICE_STORE ( - TENANT_ID INTEGER, - DOMAIN_NAME VARCHAR(255) NOT NULL, - USER_NAME VARCHAR(45) NOT NULL, - TIME_REGISTERED TIMESTAMP, - KEY_HANDLE VARCHAR(200) NOT NULL, - DEVICE_DATA VARCHAR(2048) NOT NULL, - PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS FIDO2_DEVICE_STORE ( - TENANT_ID INTEGER, - DOMAIN_NAME VARCHAR(255) NOT NULL, - USER_NAME VARCHAR(45) NOT NULL, - TIME_REGISTERED TIMESTAMP, - USER_HANDLE VARCHAR(64) NOT NULL, - CREDENTIAL_ID VARCHAR(200) NOT NULL, - PUBLIC_KEY_COSE VARCHAR(1024) NOT NULL, - SIGNATURE_COUNT BIGINT, - USER_IDENTITY VARCHAR(512) NOT NULL, - DISPLAY_NAME VARCHAR(255), - IS_USERNAMELESS_SUPPORTED CHAR(1) DEFAULT '0', - PRIMARY KEY (CREDENTIAL_ID, USER_HANDLE) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS WF_REQUEST ( - UUID VARCHAR (45), - CREATED_BY VARCHAR (255), - TENANT_ID INTEGER DEFAULT -1, - OPERATION_TYPE VARCHAR (50), - CREATED_AT TIMESTAMP, - UPDATED_AT TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - STATUS VARCHAR (30), - REQUEST BLOB, - PRIMARY KEY (UUID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS WF_BPS_PROFILE ( - PROFILE_NAME VARCHAR(45), - HOST_URL_MANAGER VARCHAR(255), - HOST_URL_WORKER VARCHAR(255), - USERNAME VARCHAR(100), - PASSWORD VARCHAR(1023), - CALLBACK_HOST VARCHAR (45), - CALLBACK_USERNAME VARCHAR (100), - CALLBACK_PASSWORD VARCHAR (255), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (PROFILE_NAME, TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS WF_WORKFLOW( - ID VARCHAR (45), - WF_NAME VARCHAR (45), - DESCRIPTION VARCHAR (255), - TEMPLATE_ID VARCHAR (45), - IMPL_ID VARCHAR (45), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS WF_WORKFLOW_ASSOCIATION( - ID INTEGER NOT NULL AUTO_INCREMENT, - ASSOC_NAME VARCHAR (45), - EVENT_ID VARCHAR(45), - ASSOC_CONDITION VARCHAR (2000), - WORKFLOW_ID VARCHAR (45), - IS_ENABLED CHAR (1) DEFAULT '1', - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY(ID), - FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS WF_WORKFLOW_CONFIG_PARAM( - WORKFLOW_ID VARCHAR (45), - PARAM_NAME VARCHAR (45), - PARAM_VALUE VARCHAR (1000), - PARAM_QNAME VARCHAR (45), - PARAM_HOLDER VARCHAR (45), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (WORKFLOW_ID, PARAM_NAME, PARAM_QNAME, PARAM_HOLDER), - FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS WF_REQUEST_ENTITY_RELATIONSHIP( - REQUEST_ID VARCHAR (45), - ENTITY_NAME VARCHAR (255), - ENTITY_TYPE VARCHAR (50), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY(REQUEST_ID, ENTITY_NAME, ENTITY_TYPE, TENANT_ID), - FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS WF_WORKFLOW_REQUEST_RELATION( - RELATIONSHIP_ID VARCHAR (45), - WORKFLOW_ID VARCHAR (45), - REQUEST_ID VARCHAR (45), - UPDATED_AT TIMESTAMP, - STATUS VARCHAR (30), - TENANT_ID INTEGER DEFAULT -1, - PRIMARY KEY (RELATIONSHIP_ID), - FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE, - FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_RECOVERY_DATA ( - USER_NAME VARCHAR(255) NOT NULL, - USER_DOMAIN VARCHAR(127) NOT NULL, - TENANT_ID INTEGER DEFAULT -1, - CODE VARCHAR(255) NOT NULL, - SCENARIO VARCHAR(255) NOT NULL, - STEP VARCHAR(127) NOT NULL, - TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - REMAINING_SETS VARCHAR(2500) DEFAULT NULL, - PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP), - UNIQUE(CODE) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( - ID INTEGER NOT NULL AUTO_INCREMENT, - USER_NAME VARCHAR(255) NOT NULL, - USER_DOMAIN VARCHAR(127) NOT NULL, - TENANT_ID INTEGER DEFAULT -1, - SALT_VALUE VARCHAR(255), - HASH VARCHAR(255) NOT NULL, - TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY(ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_CLAIM_DIALECT ( - ID INTEGER NOT NULL AUTO_INCREMENT, - DIALECT_URI VARCHAR (255) NOT NULL, - TENANT_ID INTEGER NOT NULL, - PRIMARY KEY (ID), - CONSTRAINT DIALECT_URI_CONSTRAINT UNIQUE (DIALECT_URI, TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_CLAIM ( - ID INTEGER NOT NULL AUTO_INCREMENT, - DIALECT_ID INTEGER NOT NULL, - CLAIM_URI VARCHAR (255) NOT NULL, - TENANT_ID INTEGER NOT NULL, - PRIMARY KEY (ID), - FOREIGN KEY (DIALECT_ID) REFERENCES IDN_CLAIM_DIALECT(ID) ON DELETE CASCADE, - CONSTRAINT CLAIM_URI_CONSTRAINT UNIQUE (DIALECT_ID, CLAIM_URI, TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPED_ATTRIBUTE ( - ID INTEGER NOT NULL AUTO_INCREMENT, - LOCAL_CLAIM_ID INTEGER, - USER_STORE_DOMAIN_NAME VARCHAR (255) NOT NULL, - ATTRIBUTE_NAME VARCHAR (255) NOT NULL, - TENANT_ID INTEGER NOT NULL, - PRIMARY KEY (ID), - FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE, - CONSTRAINT USER_STORE_DOMAIN_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, USER_STORE_DOMAIN_NAME, TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_CLAIM_PROPERTY ( - ID INTEGER NOT NULL AUTO_INCREMENT, - LOCAL_CLAIM_ID INTEGER, - PROPERTY_NAME VARCHAR (255) NOT NULL, - PROPERTY_VALUE VARCHAR (255) NOT NULL, - TENANT_ID INTEGER NOT NULL, - PRIMARY KEY (ID), - FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE, - CONSTRAINT PROPERTY_NAME_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, PROPERTY_NAME, TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPING ( - ID INTEGER NOT NULL AUTO_INCREMENT, - EXT_CLAIM_ID INTEGER NOT NULL, - MAPPED_LOCAL_CLAIM_ID INTEGER NOT NULL, - TENANT_ID INTEGER NOT NULL, - PRIMARY KEY (ID), - FOREIGN KEY (EXT_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE, - FOREIGN KEY (MAPPED_LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE, - CONSTRAINT EXT_TO_LOC_MAPPING_CONSTRN UNIQUE (EXT_CLAIM_ID, TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_SAML2_ASSERTION_STORE ( - ID INTEGER NOT NULL AUTO_INCREMENT, - SAML2_ID VARCHAR(255) , - SAML2_ISSUER VARCHAR(255) , - SAML2_SUBJECT VARCHAR(255) , - SAML2_SESSION_INDEX VARCHAR(255) , - SAML2_AUTHN_CONTEXT_CLASS_REF VARCHAR(255) , - SAML2_ASSERTION VARCHAR(4096) , - ASSERTION BLOB , - PRIMARY KEY (ID) - )ENGINE INNODB; - - CREATE TABLE IDN_SAML2_ARTIFACT_STORE ( - ID INT(11) NOT NULL AUTO_INCREMENT, - SOURCE_ID VARCHAR(255) NOT NULL, - MESSAGE_HANDLER VARCHAR(255) NOT NULL, - AUTHN_REQ_DTO BLOB NOT NULL, - SESSION_ID VARCHAR(255) NOT NULL, - EXP_TIMESTAMP TIMESTAMP NOT NULL, - INIT_TIMESTAMP TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - ASSERTION_ID VARCHAR(255), - PRIMARY KEY (`ID`) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OIDC_JTI ( - JWT_ID VARCHAR(255) NOT NULL, - EXP_TIME TIMESTAMP NOT NULL , - TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , - PRIMARY KEY (JWT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OIDC_PROPERTY ( - ID INTEGER NOT NULL AUTO_INCREMENT, - TENANT_ID INTEGER, - CONSUMER_KEY VARCHAR(255) , - PROPERTY_KEY VARCHAR(255) NOT NULL, - PROPERTY_VALUE VARCHAR(2047) , - PRIMARY KEY (ID), - FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_REFERENCE ( - ID INTEGER NOT NULL AUTO_INCREMENT, - CONSUMER_KEY_ID INTEGER , - CODE_ID VARCHAR(255) , - TOKEN_ID VARCHAR(255) , - SESSION_DATA_KEY VARCHAR(255), - PRIMARY KEY (ID), - FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE, - FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE, - FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_CLAIMS ( - ID INTEGER NOT NULL AUTO_INCREMENT, - REQ_OBJECT_ID INTEGER, - CLAIM_ATTRIBUTE VARCHAR(255) , - ESSENTIAL CHAR(1) NOT NULL DEFAULT '0' , - VALUE VARCHAR(255) , - IS_USERINFO CHAR(1) NOT NULL DEFAULT '0', - PRIMARY KEY (ID), - FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE (ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJ_CLAIM_VALUES ( - ID INTEGER NOT NULL AUTO_INCREMENT, - REQ_OBJECT_CLAIMS_ID INTEGER , - CLAIM_VALUES VARCHAR(255) , - PRIMARY KEY (ID), - FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_CERTIFICATE ( - ID INTEGER NOT NULL AUTO_INCREMENT, - NAME VARCHAR(100), - CERTIFICATE_IN_PEM BLOB, - TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY(ID), - CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OIDC_SCOPE_CLAIM_MAPPING ( - ID INTEGER NOT NULL AUTO_INCREMENT, - SCOPE_ID INTEGER NOT NULL, - EXTERNAL_CLAIM_ID INTEGER NOT NULL, - PRIMARY KEY (ID), - FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE, - FOREIGN KEY (EXTERNAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE, - UNIQUE (SCOPE_ID, EXTERNAL_CLAIM_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_FUNCTION_LIBRARY ( - NAME VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(1023), - TYPE VARCHAR(255) NOT NULL, - TENANT_ID INTEGER NOT NULL, - DATA BLOB NOT NULL, - PRIMARY KEY (TENANT_ID,NAME) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_CIBA_AUTH_CODE ( - AUTH_CODE_KEY CHAR (36), - AUTH_REQ_ID CHAR (36), - ISSUED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - CONSUMER_KEY VARCHAR(255), - LAST_POLLED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - POLLING_INTERVAL INTEGER, - EXPIRES_IN INTEGER, - AUTHENTICATED_USER_NAME VARCHAR(255), - USER_STORE_DOMAIN VARCHAR(100), - TENANT_ID INTEGER, - AUTH_REQ_STATUS VARCHAR (100) DEFAULT 'REQUESTED', - IDP_ID INTEGER, - UNIQUE(AUTH_REQ_ID), - PRIMARY KEY (AUTH_CODE_KEY), - FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_CIBA_REQUEST_SCOPES ( - ID INTEGER NOT NULL AUTO_INCREMENT, - AUTH_CODE_KEY CHAR (36), - SCOPE VARCHAR (255), - FOREIGN KEY (AUTH_CODE_KEY) REFERENCES IDN_OAUTH2_CIBA_AUTH_CODE(AUTH_CODE_KEY) ON DELETE CASCADE, - PRIMARY KEY (ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_FED_AUTH_SESSION_MAPPING ( - ID INTEGER NOT NULL AUTO_INCREMENT, - IDP_SESSION_ID VARCHAR(255) NOT NULL, - SESSION_ID VARCHAR(255) NOT NULL, - IDP_NAME VARCHAR(255) NOT NULL, - AUTHENTICATOR_ID VARCHAR(255), - PROTOCOL_TYPE VARCHAR(255), - TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - TENANT_ID INTEGER NOT NULL DEFAULT 0, - PRIMARY KEY (ID), - UNIQUE (IDP_SESSION_ID, TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_CONFIG_TYPE ( - ID VARCHAR(255) NOT NULL, - NAME VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(1023) NULL, - PRIMARY KEY (ID), - CONSTRAINT TYPE_NAME_CONSTRAINT UNIQUE (NAME) - )ENGINE INNODB; - - INSERT INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES - ('9ab0ef95-13e9-4ed5-afaf-d29bed62f7bd', 'IDP_TEMPLATE', 'Template type to uniquely identify IDP templates'), - ('3c4ac3d0-5903-4e3d-aaca-38df65b33bfd', 'APPLICATION_TEMPLATE', 'Template type to uniquely identify Application templates'), - ('8ec6dbf1-218a-49bf-bc34-0d2db52d151c', 'CORS_CONFIGURATION', 'A resource type to keep the tenant CORS configurations'), - ('669b99ca-cdb0-44a6-8cae-babed3b585df', 'Publisher', 'A resource type to keep the event publisher configurations'), - ('73f6d9ca-62f4-4566-bab9-2a930ae51ba8', 'BRANDING_PREFERENCES', 'A resource type to keep the tenant branding preferences'), - ('899c69b2-8bf7-46b5-9666-f7f99f90d6cc', 'fido-config', 'A resource type to store FIDO authenticator related preferences'); - - CREATE TABLE IF NOT EXISTS IDN_CONFIG_RESOURCE ( - ID VARCHAR(255) NOT NULL, - TENANT_ID INT NOT NULL, - NAME VARCHAR(255) NOT NULL, - CREATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - LAST_MODIFIED TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - HAS_FILE tinyint(1) NOT NULL, - HAS_ATTRIBUTE tinyint(1) NOT NULL, - TYPE_ID VARCHAR(255) NOT NULL, - PRIMARY KEY (ID), - CONSTRAINT NAME_TENANT_TYPE_CONSTRAINT UNIQUE (NAME, TENANT_ID, TYPE_ID) - )ENGINE INNODB; - ALTER TABLE IDN_CONFIG_RESOURCE ADD CONSTRAINT TYPE_ID_FOREIGN_CONSTRAINT FOREIGN KEY (TYPE_ID) REFERENCES - IDN_CONFIG_TYPE (ID) ON DELETE CASCADE ON UPDATE CASCADE; - - CREATE TABLE IF NOT EXISTS IDN_CONFIG_ATTRIBUTE ( - ID VARCHAR(255) NOT NULL, - RESOURCE_ID VARCHAR(255) NOT NULL, - ATTR_KEY VARCHAR(255) NOT NULL, - ATTR_VALUE VARCHAR(1023) NULL, - PRIMARY KEY (ID), - CONSTRAINT RESOURCE_KEY_VAL_CONSTRAINT UNIQUE (RESOURCE_ID(64), ATTR_KEY(255)) - )ENGINE INNODB; - ALTER TABLE IDN_CONFIG_ATTRIBUTE ADD CONSTRAINT RESOURCE_ID_ATTRIBUTE_FOREIGN_CONSTRAINT FOREIGN KEY (RESOURCE_ID) - REFERENCES IDN_CONFIG_RESOURCE (ID) ON DELETE CASCADE ON UPDATE CASCADE; - - CREATE TABLE IF NOT EXISTS IDN_CONFIG_FILE ( - ID VARCHAR(255) NOT NULL, - VALUE BLOB NULL, - RESOURCE_ID VARCHAR(255) NOT NULL, - NAME VARCHAR(255) NULL, - PRIMARY KEY (ID) - )ENGINE INNODB; - ALTER TABLE IDN_CONFIG_FILE ADD CONSTRAINT RESOURCE_ID_FILE_FOREIGN_CONSTRAINT FOREIGN KEY (RESOURCE_ID) REFERENCES - IDN_CONFIG_RESOURCE (ID) ON DELETE CASCADE ON UPDATE CASCADE; - - CREATE TABLE IDN_REMOTE_FETCH_CONFIG ( - ID VARCHAR(255) NOT NULL, - TENANT_ID INT NOT NULL, - IS_ENABLED CHAR(1) NOT NULL, - REPO_MANAGER_TYPE VARCHAR(255) NOT NULL, - ACTION_LISTENER_TYPE VARCHAR(255) NOT NULL, - CONFIG_DEPLOYER_TYPE VARCHAR(255) NOT NULL, - REMOTE_FETCH_NAME VARCHAR(255), - REMOTE_RESOURCE_URI VARCHAR(255) NOT NULL, - ATTRIBUTES_JSON MEDIUMTEXT NOT NULL, - PRIMARY KEY (ID), - CONSTRAINT UC_REMOTE_RESOURCE_TYPE UNIQUE (TENANT_ID, CONFIG_DEPLOYER_TYPE) - )ENGINE INNODB; - - CREATE TABLE IDN_REMOTE_FETCH_REVISIONS ( - ID VARCHAR(255) NOT NULL, - CONFIG_ID VARCHAR(255) NOT NULL, - FILE_PATH VARCHAR(255) NOT NULL, - FILE_HASH VARCHAR(255), - DEPLOYED_DATE TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - LAST_SYNC_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - DEPLOYMENT_STATUS VARCHAR(255), - ITEM_NAME VARCHAR(255), - DEPLOY_ERR_LOG MEDIUMTEXT, - PRIMARY KEY (ID), - FOREIGN KEY (CONFIG_ID) REFERENCES IDN_REMOTE_FETCH_CONFIG(ID) ON DELETE CASCADE, - CONSTRAINT UC_REVISIONS UNIQUE (CONFIG_ID, ITEM_NAME) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_USER_FUNCTIONALITY_MAPPING ( - ID VARCHAR(255) NOT NULL, - USER_ID VARCHAR(255) NOT NULL, - TENANT_ID INTEGER NOT NULL, - FUNCTIONALITY_ID VARCHAR(255) NOT NULL, - IS_FUNCTIONALITY_LOCKED BOOLEAN NOT NULL, - FUNCTIONALITY_UNLOCK_TIME BIGINT NOT NULL, - FUNCTIONALITY_LOCK_REASON VARCHAR(1023), - FUNCTIONALITY_LOCK_REASON_CODE VARCHAR(255), - PRIMARY KEY (ID), - CONSTRAINT IDN_USER_FUNCTIONALITY_MAPPING_CONSTRAINT UNIQUE (USER_ID, TENANT_ID, FUNCTIONALITY_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_USER_FUNCTIONALITY_PROPERTY ( - ID VARCHAR(255) NOT NULL, - USER_ID VARCHAR(255) NOT NULL, - TENANT_ID INTEGER NOT NULL, - FUNCTIONALITY_ID VARCHAR(255) NOT NULL, - PROPERTY_NAME VARCHAR(255), - PROPERTY_VALUE VARCHAR(255), - PRIMARY KEY (ID), - CONSTRAINT IDN_USER_FUNCTIONALITY_PROPERTY_CONSTRAINT UNIQUE (USER_ID, TENANT_ID, FUNCTIONALITY_ID, PROPERTY_NAME) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_CORS_ORIGIN ( - ID INT NOT NULL AUTO_INCREMENT, - TENANT_ID INT NOT NULL, - ORIGIN VARCHAR(2048) NOT NULL, - UUID CHAR(36) NOT NULL, - PRIMARY KEY (ID), - UNIQUE (UUID) - ) ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_CORS_ASSOCIATION ( - IDN_CORS_ORIGIN_ID INT NOT NULL, - SP_APP_ID INT NOT NULL, - - PRIMARY KEY (IDN_CORS_ORIGIN_ID, SP_APP_ID), - FOREIGN KEY (IDN_CORS_ORIGIN_ID) REFERENCES IDN_CORS_ORIGIN (ID) ON DELETE CASCADE, - FOREIGN KEY (SP_APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE - ) ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_USER_CONSENT ( - ID INTEGER NOT NULL AUTO_INCREMENT, - USER_ID VARCHAR(255) NOT NULL, - APP_ID CHAR(36) NOT NULL, - TENANT_ID INTEGER NOT NULL DEFAULT -1, - CONSENT_ID VARCHAR(255) NOT NULL, - - PRIMARY KEY (ID), - FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE, - UNIQUE (USER_ID, APP_ID, TENANT_ID), - UNIQUE (CONSENT_ID) - ) ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_OAUTH2_USER_CONSENTED_SCOPES ( - ID INTEGER NOT NULL AUTO_INCREMENT, - CONSENT_ID VARCHAR(255) NOT NULL, - TENANT_ID INTEGER NOT NULL DEFAULT -1, - SCOPE VARCHAR(255) NOT NULL, - CONSENT BOOLEAN NOT NULL DEFAULT 1, - - PRIMARY KEY (ID), - FOREIGN KEY (CONSENT_ID) REFERENCES IDN_OAUTH2_USER_CONSENT(CONSENT_ID) ON DELETE CASCADE, - UNIQUE (CONSENT_ID, SCOPE) - ) ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS IDN_SECRET_TYPE ( - ID VARCHAR(255) NOT NULL, - NAME VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(1023) NULL, - PRIMARY KEY (ID), - CONSTRAINT SECRET_TYPE_NAME_CONSTRAINT UNIQUE (NAME) - )ENGINE INNODB; - - INSERT INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES - ('1358bdbf-e0cc-4268-a42c-c3e0960e13f0', 'ADAPTIVE_AUTH_CALL_CHOREO', 'Secret type to uniquely identify secrets relevant to callChoreo adaptive auth function'); - - CREATE TABLE IF NOT EXISTS IDN_SECRET ( - ID VARCHAR(255) NOT NULL, - TENANT_ID INT NOT NULL, - SECRET_NAME VARCHAR(255) NOT NULL, - SECRET_VALUE VARCHAR(8000) NOT NULL, - CREATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - LAST_MODIFIED TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - TYPE_ID VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(1023) NULL, - PRIMARY KEY (ID), - FOREIGN KEY (TYPE_ID) REFERENCES IDN_SECRET_TYPE(ID) ON DELETE CASCADE, - UNIQUE (SECRET_NAME, TENANT_ID, TYPE_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS SP_SHARED_APP ( - ID INTEGER NOT NULL AUTO_INCREMENT, - MAIN_APP_ID CHAR(36) NOT NULL, - OWNER_ORG_ID CHAR(36) NOT NULL, - SHARED_APP_ID CHAR(36) NOT NULL, - SHARED_ORG_ID CHAR(36) NOT NULL, - PRIMARY KEY (ID), - FOREIGN KEY (MAIN_APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE, - FOREIGN KEY (SHARED_APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE, - UNIQUE (MAIN_APP_ID, OWNER_ORG_ID, SHARED_ORG_ID), - UNIQUE (SHARED_APP_ID) - )ENGINE INNODB; - - -- --------------------------- INDEX CREATION ----------------------------- - -- IDN_OAUTH2_ACCESS_TOKEN -- - CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED); - CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH); - CREATE INDEX IDX_AT_TI_UD ON IDN_OAUTH2_ACCESS_TOKEN(AUTHZ_USER, TENANT_ID, TOKEN_STATE, USER_DOMAIN); - CREATE INDEX IDX_AT_RTH ON IDN_OAUTH2_ACCESS_TOKEN(REFRESH_TOKEN_HASH); - CREATE INDEX IDX_AT_CKID_AU_TID_UD_TSH_TS ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, TOKEN_SCOPE_HASH, TOKEN_STATE); - - -- IDN_OAUTH2_AUTHORIZATION_CODE -- - CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH, CONSUMER_KEY_ID); - CREATE INDEX IDX_AUTHORIZATION_CODE_AU_TI ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHZ_USER, TENANT_ID, USER_DOMAIN, STATE); - CREATE INDEX IDX_AC_CKID ON IDN_OAUTH2_AUTHORIZATION_CODE(CONSUMER_KEY_ID); - CREATE INDEX IDX_AC_TID ON IDN_OAUTH2_AUTHORIZATION_CODE(TOKEN_ID); - - -- IDN_SCIM_GROUP -- - CREATE INDEX IDX_IDN_SCIM_GROUP_TI_RN ON IDN_SCIM_GROUP (TENANT_ID, ROLE_NAME); - CREATE INDEX IDX_IDN_SCIM_GROUP_TI_RN_AN ON IDN_SCIM_GROUP (TENANT_ID, ROLE_NAME, ATTR_NAME(500)); - - -- IDN_AUTH_SESSION_STORE -- - CREATE INDEX IDX_IDN_AUTH_SESSION_TIME ON IDN_AUTH_SESSION_STORE (TIME_CREATED); - CREATE INDEX IDX_IDN_AUTH_SSTR_ST_OP_ID_TM ON IDN_AUTH_SESSION_STORE (OPERATION, SESSION_TYPE, SESSION_ID, TIME_CREATED); - CREATE INDEX IDX_IDN_AUTH_SSTR_ET_ID ON IDN_AUTH_SESSION_STORE (EXPIRY_TIME, SESSION_ID); - - -- IDN_AUTH_TEMP_SESSION_STORE -- - CREATE INDEX IDX_IDN_AUTH_TMP_SESSION_TIME ON IDN_AUTH_TEMP_SESSION_STORE (TIME_CREATED); - - -- IDN_OIDC_SCOPE_CLAIM_MAPPING -- - CREATE INDEX IDX_AT_SI_ECI ON IDN_OIDC_SCOPE_CLAIM_MAPPING(SCOPE_ID, EXTERNAL_CLAIM_ID); - - -- IDN_OAUTH2_SCOPE -- - CREATE INDEX IDX_SC_TID ON IDN_OAUTH2_SCOPE(TENANT_ID); - - -- IDN_OAUTH2_SCOPE_BINDING -- - CREATE INDEX IDX_SB_SCPID ON IDN_OAUTH2_SCOPE_BINDING(SCOPE_ID); - - -- IDN_OIDC_REQ_OBJECT_REFERENCE -- - CREATE INDEX IDX_OROR_TID ON IDN_OIDC_REQ_OBJECT_REFERENCE(TOKEN_ID); - - -- IDN_OAUTH2_ACCESS_TOKEN_SCOPE -- - CREATE INDEX IDX_ATS_TID ON IDN_OAUTH2_ACCESS_TOKEN_SCOPE(TOKEN_ID); - - -- SP_TEMPLATE -- - CREATE INDEX IDX_SP_TEMPLATE ON SP_TEMPLATE (TENANT_ID, NAME); - - -- IDN_AUTH_USER -- - CREATE INDEX IDX_AUTH_USER_UN_TID_DN ON IDN_AUTH_USER (USER_NAME, TENANT_ID, DOMAIN_NAME); - CREATE INDEX IDX_AUTH_USER_DN_TOD ON IDN_AUTH_USER (DOMAIN_NAME, TENANT_ID); - - -- IDN_AUTH_USER_SESSION_MAPPING -- - CREATE INDEX IDX_USER_ID ON IDN_AUTH_USER_SESSION_MAPPING (USER_ID); - CREATE INDEX IDX_SESSION_ID ON IDN_AUTH_USER_SESSION_MAPPING (SESSION_ID); - - -- IDN_AUTH_SESSION_APP_INFO -- - CREATE INDEX IDX_AUTH_SAI_UN_AID_SID ON IDN_AUTH_SESSION_APP_INFO (APP_ID, SUBJECT, SESSION_ID); - - -- IDN_OAUTH_CONSUMER_APPS -- - CREATE INDEX IDX_OCA_UM_TID_UD_APN ON IDN_OAUTH_CONSUMER_APPS(USERNAME,TENANT_ID,USER_DOMAIN, APP_NAME); - - -- IDX_SPI_APP -- - CREATE INDEX IDX_SPI_APP ON SP_INBOUND_AUTH(APP_ID); - - -- IDN_OIDC_PROPERTY -- - CREATE INDEX IDX_IOP_CK ON IDN_OIDC_PROPERTY(CONSUMER_KEY); - - -- IDN_FIDO2_PROPERTY -- - CREATE INDEX IDX_FIDO2_STR ON FIDO2_DEVICE_STORE(USER_NAME, TENANT_ID, DOMAIN_NAME, CREDENTIAL_ID, USER_HANDLE); - - -- IDN_ASSOCIATED_ID -- - CREATE INDEX IDX_AI_DN_UN_AI ON IDN_ASSOCIATED_ID(DOMAIN_NAME, USER_NAME, ASSOCIATION_ID); - - -- IDN_OAUTH2_TOKEN_BINDING -- - CREATE INDEX IDX_IDN_AUTH_BIND ON IDN_OAUTH2_TOKEN_BINDING (TOKEN_BINDING_REF); - CREATE INDEX IDX_TK_VALUE_TYPE ON IDN_OAUTH2_TOKEN_BINDING (TOKEN_BINDING_VALUE, TOKEN_BINDING_TYPE); - - -- IDN_FED_AUTH_SESSION_MAPPING -- - CREATE INDEX IDX_FEDERATED_AUTH_SESSION_ID ON IDN_FED_AUTH_SESSION_MAPPING (SESSION_ID); - - -- IDN_REMOTE_FETCH_REVISIONS -- - CREATE INDEX IDX_REMOTE_FETCH_REVISION_CONFIG_ID ON IDN_REMOTE_FETCH_REVISIONS (CONFIG_ID); - - -- IDN_CORS_ASSOCIATION -- - CREATE INDEX IDX_CORS_SP_APP_ID ON IDN_CORS_ASSOCIATION (SP_APP_ID); - - -- IDN_CORS_ASSOCIATION -- - CREATE INDEX IDX_CORS_ORIGIN_ID ON IDN_CORS_ASSOCIATION (IDN_CORS_ORIGIN_ID); - - - -- End of IDENTITY Tables-- - - -- Start of CONSENT-MGT Tables -- - - CREATE TABLE CM_PII_CATEGORY ( - ID INTEGER AUTO_INCREMENT, - NAME VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(1023), - DISPLAY_NAME VARCHAR(255), - IS_SENSITIVE INTEGER NOT NULL, - TENANT_ID INTEGER DEFAULT '-1234', - UNIQUE KEY (NAME, TENANT_ID), - PRIMARY KEY (ID) - ); - - CREATE TABLE CM_RECEIPT ( - CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL, - VERSION VARCHAR(255) NOT NULL, - JURISDICTION VARCHAR(255) NOT NULL, - CONSENT_TIMESTAMP TIMESTAMP NOT NULL, - COLLECTION_METHOD VARCHAR(255) NOT NULL, - LANGUAGE VARCHAR(255) NOT NULL, - PII_PRINCIPAL_ID VARCHAR(255) NOT NULL, - PRINCIPAL_TENANT_ID INTEGER DEFAULT '-1234', - POLICY_URL VARCHAR(255) NOT NULL, - STATE VARCHAR(255) NOT NULL, - PII_CONTROLLER VARCHAR(2048) NOT NULL, - PRIMARY KEY (CONSENT_RECEIPT_ID) - ); - - CREATE TABLE CM_PURPOSE ( - ID INTEGER AUTO_INCREMENT, - NAME VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(1023), - PURPOSE_GROUP VARCHAR(255) NOT NULL, - GROUP_TYPE VARCHAR(255) NOT NULL, - TENANT_ID INTEGER DEFAULT '-1234', - UNIQUE KEY (NAME, TENANT_ID, PURPOSE_GROUP, GROUP_TYPE), - PRIMARY KEY (ID) - ); - - CREATE TABLE CM_PURPOSE_CATEGORY ( - ID INTEGER AUTO_INCREMENT, - NAME VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(1023), - TENANT_ID INTEGER DEFAULT '-1234', - UNIQUE KEY (NAME, TENANT_ID), - PRIMARY KEY (ID) - ); - - CREATE TABLE CM_RECEIPT_SP_ASSOC ( - ID INTEGER AUTO_INCREMENT, - CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL, - SP_NAME VARCHAR(255) NOT NULL, - SP_DISPLAY_NAME VARCHAR(255), - SP_DESCRIPTION VARCHAR(1024), - SP_TENANT_ID INTEGER DEFAULT '-1234', - UNIQUE KEY (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID), - PRIMARY KEY (ID) - ); - - CREATE TABLE CM_SP_PURPOSE_ASSOC ( - ID INTEGER AUTO_INCREMENT, - RECEIPT_SP_ASSOC INTEGER NOT NULL, - PURPOSE_ID INTEGER NOT NULL, - CONSENT_TYPE VARCHAR(255) NOT NULL, - IS_PRIMARY_PURPOSE INTEGER NOT NULL, - TERMINATION VARCHAR(255) NOT NULL, - THIRD_PARTY_DISCLOSURE INTEGER NOT NULL, - THIRD_PARTY_NAME VARCHAR(255), - UNIQUE KEY (RECEIPT_SP_ASSOC, PURPOSE_ID), - PRIMARY KEY (ID) - ); - - CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC ( - ID INTEGER NOT NULL AUTO_INCREMENT, - SP_PURPOSE_ASSOC_ID INTEGER NOT NULL, - PURPOSE_CATEGORY_ID INTEGER NOT NULL, - UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PURPOSE_CATEGORY_ID), - PRIMARY KEY (ID) - ); - - CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC ( - ID INTEGER NOT NULL AUTO_INCREMENT, - PURPOSE_ID INTEGER NOT NULL, - CM_PII_CATEGORY_ID INTEGER NOT NULL, - IS_MANDATORY INTEGER NOT NULL, - UNIQUE KEY (PURPOSE_ID, CM_PII_CATEGORY_ID), - PRIMARY KEY (ID) - ); - - CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC ( - ID INTEGER NOT NULL AUTO_INCREMENT, - SP_PURPOSE_ASSOC_ID INTEGER NOT NULL, - PII_CATEGORY_ID INTEGER NOT NULL, - VALIDITY VARCHAR(1023), - IS_CONSENTED BOOLEAN DEFAULT TRUE, - UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID), - PRIMARY KEY (ID) - ); - - CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY ( - ID INTEGER NOT NULL AUTO_INCREMENT, - CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL, - NAME VARCHAR(255) NOT NULL, - VALUE VARCHAR(1023) NOT NULL, - UNIQUE KEY (CONSENT_RECEIPT_ID, NAME), - PRIMARY KEY (ID) - ); - - ALTER TABLE CM_RECEIPT_SP_ASSOC - ADD CONSTRAINT CM_RECEIPT_SP_ASSOC_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID); - - ALTER TABLE CM_SP_PURPOSE_ASSOC - ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk0 FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID); - - ALTER TABLE CM_SP_PURPOSE_ASSOC - ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk1 FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID); - - ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC - ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID); - - ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC - ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk1 FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID); - - ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC - ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID); - - ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC - ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk1 FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID); - - ALTER TABLE CM_CONSENT_RECEIPT_PROPERTY - ADD CONSTRAINT CM_CONSENT_RECEIPT_PRT_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID); - - INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, PURPOSE_GROUP, GROUP_TYPE, TENANT_ID) VALUES ('DEFAULT', 'For core functionalities of the product', 'DEFAULT', 'SP', '-1234'); - - INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234'); - -- End of CONSENT-MGT Tables -- - - -- Start of API-MGT Tables -- - CREATE TABLE IF NOT EXISTS AM_SUBSCRIBER ( - SUBSCRIBER_ID INTEGER AUTO_INCREMENT, - USER_ID VARCHAR(255) NOT NULL, - TENANT_ID INTEGER NOT NULL, - EMAIL_ADDRESS VARCHAR(256) NULL, - DATE_SUBSCRIBED TIMESTAMP NOT NULL, - PRIMARY KEY (SUBSCRIBER_ID), - CREATED_BY VARCHAR(100), - CREATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - UPDATED_BY VARCHAR(100), - UPDATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - UNIQUE (TENANT_ID,USER_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_APPLICATION ( - APPLICATION_ID INTEGER AUTO_INCREMENT, - NAME VARCHAR(100), - SUBSCRIBER_ID INTEGER, - APPLICATION_TIER VARCHAR(50) DEFAULT 'Unlimited', - CALLBACK_URL VARCHAR(512), - DESCRIPTION VARCHAR(512), - APPLICATION_STATUS VARCHAR(50) DEFAULT 'APPROVED', - GROUP_ID VARCHAR(100), - CREATED_BY VARCHAR(100), - CREATED_TIME TIMESTAMP, - UPDATED_BY VARCHAR(100), - UPDATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - UUID VARCHAR(256), - TOKEN_TYPE VARCHAR(10), - ORGANIZATION VARCHAR(100), - FOREIGN KEY(SUBSCRIBER_ID) REFERENCES AM_SUBSCRIBER(SUBSCRIBER_ID) ON UPDATE CASCADE ON DELETE RESTRICT, - PRIMARY KEY(APPLICATION_ID), - UNIQUE (NAME,SUBSCRIBER_ID,ORGANIZATION), - UNIQUE (UUID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API ( - API_ID INTEGER AUTO_INCREMENT, - API_UUID VARCHAR(256), - API_PROVIDER VARCHAR(200), - API_NAME VARCHAR(200), - API_VERSION VARCHAR(30), - CONTEXT VARCHAR(256), - CONTEXT_TEMPLATE VARCHAR(256), - API_TIER VARCHAR(256), - API_TYPE VARCHAR(10), - ORGANIZATION VARCHAR(100), - GATEWAY_VENDOR VARCHAR(100) DEFAULT 'wso2', - CREATED_BY VARCHAR(100), - CREATED_TIME TIMESTAMP, - UPDATED_BY VARCHAR(100), - UPDATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - STATUS VARCHAR(30), - LOG_LEVEL VARCHAR(255) DEFAULT 'OFF', - REVISIONS_CREATED INTEGER DEFAULT 0, - VERSION_COMPARABLE VARCHAR(15), - PRIMARY KEY(API_ID), - UNIQUE (API_PROVIDER,API_NAME,API_VERSION,ORGANIZATION), - UNIQUE (API_UUID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_GRAPHQL_COMPLEXITY ( - UUID VARCHAR(256), - API_ID INTEGER NOT NULL, - TYPE VARCHAR(256), - FIELD VARCHAR(256), - COMPLEXITY_VALUE INTEGER, - REVISION_UUID VARCHAR(255), - FOREIGN KEY (API_ID) REFERENCES AM_API(API_ID) ON UPDATE CASCADE ON DELETE CASCADE, - PRIMARY KEY(UUID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_URL_MAPPING ( - URL_MAPPING_ID INTEGER AUTO_INCREMENT, - API_ID INTEGER NOT NULL, - HTTP_METHOD VARCHAR(20) NULL, - AUTH_SCHEME VARCHAR(50) NULL, - URL_PATTERN VARCHAR(512) NULL, - THROTTLING_TIER varchar(512) DEFAULT NULL, - MEDIATION_SCRIPT BLOB, - REVISION_UUID VARCHAR(255), - PRIMARY KEY (URL_MAPPING_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_RESOURCE_SCOPE_MAPPING ( - SCOPE_NAME VARCHAR(255) NOT NULL, - URL_MAPPING_ID INTEGER NOT NULL, - TENANT_ID INTEGER NOT NULL, - FOREIGN KEY (URL_MAPPING_ID) REFERENCES AM_API_URL_MAPPING(URL_MAPPING_ID) ON DELETE CASCADE, - PRIMARY KEY(SCOPE_NAME, URL_MAPPING_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_SECURITY_AUDIT_UUID_MAPPING ( - API_ID INTEGER NOT NULL, - AUDIT_UUID VARCHAR(255) NOT NULL, - FOREIGN KEY (API_ID) REFERENCES AM_API(API_ID) ON UPDATE CASCADE ON DELETE CASCADE, - PRIMARY KEY (API_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_PRODUCT_MAPPING ( - API_PRODUCT_MAPPING_ID INTEGER AUTO_INCREMENT, - API_ID INTEGER, - URL_MAPPING_ID INTEGER, - REVISION_UUID VARCHAR(255), - FOREIGN KEY (API_ID) REFERENCES AM_API(API_ID) ON DELETE CASCADE, - FOREIGN KEY (URL_MAPPING_ID) REFERENCES AM_API_URL_MAPPING(URL_MAPPING_ID) ON DELETE CASCADE, - PRIMARY KEY(API_PRODUCT_MAPPING_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_SUBSCRIPTION ( - SUBSCRIPTION_ID INTEGER AUTO_INCREMENT, - TIER_ID VARCHAR(50), - TIER_ID_PENDING VARCHAR(50), - API_ID INTEGER, - LAST_ACCESSED TIMESTAMP NULL, - APPLICATION_ID INTEGER, - SUB_STATUS VARCHAR(50), - SUBS_CREATE_STATE VARCHAR(50) DEFAULT 'SUBSCRIBE', - CREATED_BY VARCHAR(100), - CREATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - UPDATED_BY VARCHAR(100), - UPDATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - UUID VARCHAR(256), - FOREIGN KEY(APPLICATION_ID) REFERENCES AM_APPLICATION(APPLICATION_ID) ON UPDATE CASCADE ON DELETE CASCADE, - FOREIGN KEY(API_ID) REFERENCES AM_API(API_ID) ON UPDATE CASCADE ON DELETE CASCADE, - PRIMARY KEY (SUBSCRIPTION_ID), - UNIQUE (UUID) - )ENGINE INNODB; - - - - CREATE TABLE IF NOT EXISTS AM_APPLICATION_KEY_MAPPING ( - UUID VARCHAR(100), - APPLICATION_ID INTEGER, - CONSUMER_KEY VARCHAR(255), - KEY_TYPE VARCHAR(512) NOT NULL, - STATE VARCHAR(30) NOT NULL, - CREATE_MODE VARCHAR(30) DEFAULT 'CREATED', - KEY_MANAGER VARCHAR(100), - APP_INFO BLOB , - FOREIGN KEY(APPLICATION_ID) REFERENCES AM_APPLICATION(APPLICATION_ID) ON UPDATE CASCADE ON DELETE CASCADE, - PRIMARY KEY(APPLICATION_ID,KEY_TYPE,KEY_MANAGER) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_LC_EVENT ( - EVENT_ID INTEGER AUTO_INCREMENT, - API_ID INTEGER NOT NULL, - PREVIOUS_STATE VARCHAR(50), - NEW_STATE VARCHAR(50) NOT NULL, - USER_ID VARCHAR(255) NOT NULL, - TENANT_ID INTEGER NOT NULL, - EVENT_DATE TIMESTAMP NOT NULL, - FOREIGN KEY(API_ID) REFERENCES AM_API(API_ID) ON UPDATE CASCADE ON DELETE CASCADE, - PRIMARY KEY (EVENT_ID) - )ENGINE INNODB; - - CREATE TABLE AM_APP_KEY_DOMAIN_MAPPING ( - CONSUMER_KEY VARCHAR(255), - AUTHZ_DOMAIN VARCHAR(255) DEFAULT 'ALL', - PRIMARY KEY (CONSUMER_KEY,AUTHZ_DOMAIN) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_COMMENTS ( - COMMENT_ID VARCHAR(64) NOT NULL, - COMMENT_TEXT VARCHAR(512), - CREATED_BY VARCHAR(255), - CREATED_TIME TIMESTAMP NOT NULL, - UPDATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - API_ID INTEGER, - PARENT_COMMENT_ID VARCHAR(64) DEFAULT NULL, - ENTRY_POINT VARCHAR(20), - CATEGORY VARCHAR(20) DEFAULT 'general', - FOREIGN KEY(API_ID) REFERENCES AM_API(API_ID) ON DELETE CASCADE, - FOREIGN KEY(PARENT_COMMENT_ID) REFERENCES AM_API_COMMENTS(COMMENT_ID), - PRIMARY KEY (COMMENT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_RATINGS ( - RATING_ID VARCHAR(255) NOT NULL, - API_ID INTEGER, - RATING INTEGER, - SUBSCRIBER_ID INTEGER, - FOREIGN KEY(API_ID) REFERENCES AM_API(API_ID) ON UPDATE CASCADE ON DELETE CASCADE, - FOREIGN KEY(SUBSCRIBER_ID) REFERENCES AM_SUBSCRIBER(SUBSCRIBER_ID) ON UPDATE CASCADE ON DELETE RESTRICT, - PRIMARY KEY (RATING_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_TIER_PERMISSIONS ( - TIER_PERMISSIONS_ID INTEGER AUTO_INCREMENT, - TIER VARCHAR(50) NOT NULL, - PERMISSIONS_TYPE VARCHAR(50) NOT NULL, - ROLES VARCHAR(512) NOT NULL, - TENANT_ID INTEGER NOT NULL, - PRIMARY KEY(TIER_PERMISSIONS_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_EXTERNAL_STORES ( - APISTORE_ID INTEGER AUTO_INCREMENT, - API_ID INTEGER, - STORE_ID VARCHAR(255) NOT NULL, - STORE_DISPLAY_NAME VARCHAR(255) NOT NULL, - STORE_ENDPOINT VARCHAR(255) NOT NULL, - STORE_TYPE VARCHAR(255) NOT NULL, - LAST_UPDATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY(API_ID) REFERENCES AM_API(API_ID) ON UPDATE CASCADE ON DELETE RESTRICT, - PRIMARY KEY (APISTORE_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_WORKFLOWS( - WF_ID INTEGER AUTO_INCREMENT, - WF_REFERENCE VARCHAR(255) NOT NULL, - WF_TYPE VARCHAR(255) NOT NULL, - WF_STATUS VARCHAR(255) NOT NULL, - WF_CREATED_TIME TIMESTAMP, - WF_UPDATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP , - WF_STATUS_DESC VARCHAR(1000), - TENANT_ID INTEGER, - TENANT_DOMAIN VARCHAR(255), - WF_EXTERNAL_REFERENCE VARCHAR(255) NOT NULL, - WF_METADATA BLOB DEFAULT NULL, - WF_PROPERTIES BLOB DEFAULT NULL, - PRIMARY KEY (WF_ID), - UNIQUE (WF_EXTERNAL_REFERENCE) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_APPLICATION_REGISTRATION ( - REG_ID INT AUTO_INCREMENT, - SUBSCRIBER_ID INT, - WF_REF VARCHAR(255) NOT NULL, - APP_ID INT, - TOKEN_TYPE VARCHAR(30), - TOKEN_SCOPE VARCHAR(1500) DEFAULT 'default', - INPUTS VARCHAR(1000), - ALLOWED_DOMAINS VARCHAR(256), - VALIDITY_PERIOD BIGINT, - KEY_MANAGER VARCHAR(255) NOT NULL, - UNIQUE (SUBSCRIBER_ID,APP_ID,TOKEN_TYPE,KEY_MANAGER), - FOREIGN KEY(SUBSCRIBER_ID) REFERENCES AM_SUBSCRIBER(SUBSCRIBER_ID) ON UPDATE CASCADE ON DELETE RESTRICT, - FOREIGN KEY(APP_ID) REFERENCES AM_APPLICATION(APPLICATION_ID) ON UPDATE CASCADE ON DELETE CASCADE, - PRIMARY KEY (REG_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_SHARED_SCOPE ( - NAME VARCHAR(255) NOT NULL, - UUID VARCHAR (256), - TENANT_ID INTEGER, - PRIMARY KEY (UUID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_DEFAULT_VERSION ( - DEFAULT_VERSION_ID INT AUTO_INCREMENT, - API_NAME VARCHAR(256) NOT NULL , - API_PROVIDER VARCHAR(256) NOT NULL , - DEFAULT_API_VERSION VARCHAR(30) , - PUBLISHED_DEFAULT_API_VERSION VARCHAR(30) , - ORGANIZATION VARCHAR(100), - PRIMARY KEY (DEFAULT_VERSION_ID) - )ENGINE = INNODB; - - CREATE INDEX IDX_SUB_APP_ID ON AM_SUBSCRIPTION (APPLICATION_ID, SUBSCRIPTION_ID); - - CREATE TABLE IF NOT EXISTS AM_MONETIZATION_USAGE ( - ID VARCHAR(100) NOT NULL, - STATE VARCHAR(50) NOT NULL, - STATUS VARCHAR(50) NOT NULL, - STARTED_TIME VARCHAR(50) NOT NULL, - PUBLISHED_TIME VARCHAR(50) NOT NULL, - PRIMARY KEY(ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_ALERT_TYPES ( - ALERT_TYPE_ID INTEGER AUTO_INCREMENT, - ALERT_TYPE_NAME VARCHAR(255) NOT NULL , - STAKE_HOLDER VARCHAR(100) NOT NULL, - PRIMARY KEY (ALERT_TYPE_ID) - )ENGINE = INNODB; - - CREATE TABLE IF NOT EXISTS AM_ALERT_TYPES_VALUES ( - ALERT_TYPE_ID INTEGER, - USER_NAME VARCHAR(255) NOT NULL , - STAKE_HOLDER VARCHAR(100) NOT NULL , - PRIMARY KEY (ALERT_TYPE_ID,USER_NAME,STAKE_HOLDER) - )ENGINE = INNODB; - - CREATE TABLE IF NOT EXISTS AM_ALERT_EMAILLIST ( - EMAIL_LIST_ID INTEGER AUTO_INCREMENT, - USER_NAME VARCHAR(255) NOT NULL , - STAKE_HOLDER VARCHAR(100) NOT NULL , - PRIMARY KEY (EMAIL_LIST_ID,USER_NAME,STAKE_HOLDER) - )ENGINE = INNODB; - - CREATE TABLE IF NOT EXISTS AM_ALERT_EMAILLIST_DETAILS ( - EMAIL_LIST_ID INTEGER, - EMAIL VARCHAR(255), - PRIMARY KEY (EMAIL_LIST_ID,EMAIL) - )ENGINE = INNODB; - - INSERT INTO AM_ALERT_TYPES (ALERT_TYPE_NAME, STAKE_HOLDER) VALUES ('AbnormalResponseTime', 'publisher'); - INSERT INTO AM_ALERT_TYPES (ALERT_TYPE_NAME, STAKE_HOLDER) VALUES ('AbnormalBackendTime', 'publisher'); - INSERT INTO AM_ALERT_TYPES (ALERT_TYPE_NAME, STAKE_HOLDER) VALUES ('AbnormalRequestsPerMin', 'subscriber'); - INSERT INTO AM_ALERT_TYPES (ALERT_TYPE_NAME, STAKE_HOLDER) VALUES ('AbnormalRequestPattern', 'subscriber'); - INSERT INTO AM_ALERT_TYPES (ALERT_TYPE_NAME, STAKE_HOLDER) VALUES ('UnusualIPAccess', 'subscriber'); - INSERT INTO AM_ALERT_TYPES (ALERT_TYPE_NAME, STAKE_HOLDER) VALUES ('FrequentTierLimitHitting', 'subscriber'); - INSERT INTO AM_ALERT_TYPES (ALERT_TYPE_NAME, STAKE_HOLDER) VALUES ('ApiHealthMonitor', 'publisher'); - - - - -- AM Throttling tables -- - - CREATE TABLE IF NOT EXISTS AM_POLICY_SUBSCRIPTION ( - POLICY_ID INT(11) NOT NULL AUTO_INCREMENT, - NAME VARCHAR(512) NOT NULL, - DISPLAY_NAME VARCHAR(512) NULL DEFAULT NULL, - TENANT_ID INT(11) NOT NULL, - DESCRIPTION VARCHAR(1024) NULL DEFAULT NULL, - QUOTA_TYPE VARCHAR(25) NOT NULL, - QUOTA INT(11) NOT NULL, - QUOTA_UNIT VARCHAR(10) NULL, - UNIT_TIME INT(11) NOT NULL, - TIME_UNIT VARCHAR(25) NOT NULL, - RATE_LIMIT_COUNT INT(11) NULL DEFAULT NULL, - RATE_LIMIT_TIME_UNIT VARCHAR(25) NULL DEFAULT NULL, - IS_DEPLOYED TINYINT(1) NOT NULL DEFAULT 0, - CUSTOM_ATTRIBUTES BLOB DEFAULT NULL, - STOP_ON_QUOTA_REACH BOOLEAN NOT NULL DEFAULT 0, - BILLING_PLAN VARCHAR(20) NOT NULL, - UUID VARCHAR(256), - MONETIZATION_PLAN VARCHAR(25) NULL DEFAULT NULL, - FIXED_RATE VARCHAR(15) NULL DEFAULT NULL, - BILLING_CYCLE VARCHAR(15) NULL DEFAULT NULL, - PRICE_PER_REQUEST VARCHAR(15) NULL DEFAULT NULL, - CURRENCY VARCHAR(15) NULL DEFAULT NULL, - MAX_COMPLEXITY INT(11) NOT NULL DEFAULT 0, - MAX_DEPTH INT(11) NOT NULL DEFAULT 0, - CONNECTIONS_COUNT INT(11) NOT NULL DEFAULT 0, - PRIMARY KEY (POLICY_ID), - UNIQUE INDEX AM_POLICY_SUBSCRIPTION_NAME_TENANT (NAME, TENANT_ID), - UNIQUE (UUID) - )ENGINE = InnoDB; - - CREATE TABLE IF NOT EXISTS AM_POLICY_APPLICATION ( - POLICY_ID INT(11) NOT NULL AUTO_INCREMENT, - NAME VARCHAR(512) NOT NULL, - DISPLAY_NAME VARCHAR(512) NULL DEFAULT NULL, - TENANT_ID INT(11) NOT NULL, - DESCRIPTION VARCHAR(1024) NULL DEFAULT NULL, - QUOTA_TYPE VARCHAR(25) NOT NULL, - QUOTA INT(11) NOT NULL, - QUOTA_UNIT VARCHAR(10) NULL DEFAULT NULL, - UNIT_TIME INT(11) NOT NULL, - TIME_UNIT VARCHAR(25) NOT NULL, - IS_DEPLOYED TINYINT(1) NOT NULL DEFAULT 0, - CUSTOM_ATTRIBUTES BLOB DEFAULT NULL, - UUID VARCHAR(256), - PRIMARY KEY (POLICY_ID), - UNIQUE INDEX APP_NAME_TENANT (NAME, TENANT_ID), - UNIQUE (UUID) - )ENGINE = InnoDB; - - CREATE TABLE IF NOT EXISTS AM_POLICY_HARD_THROTTLING ( - POLICY_ID INT(11) NOT NULL AUTO_INCREMENT, - NAME VARCHAR(512) NOT NULL, - TENANT_ID INT(11) NOT NULL, - DESCRIPTION VARCHAR(1024) NULL DEFAULT NULL, - QUOTA_TYPE VARCHAR(25) NOT NULL, - QUOTA INT(11) NOT NULL, - QUOTA_UNIT VARCHAR(10) NULL DEFAULT NULL, - UNIT_TIME INT(11) NOT NULL, - TIME_UNIT VARCHAR(25) NOT NULL, - IS_DEPLOYED TINYINT(1) NOT NULL DEFAULT 0, - PRIMARY KEY (POLICY_ID), - UNIQUE INDEX POLICY_HARD_NAME_TENANT (NAME, TENANT_ID) - )ENGINE = InnoDB; - - - CREATE TABLE IF NOT EXISTS AM_API_THROTTLE_POLICY ( - POLICY_ID INT(11) NOT NULL AUTO_INCREMENT, - NAME VARCHAR(512) NOT NULL, - DISPLAY_NAME VARCHAR(512) NULL DEFAULT NULL, - TENANT_ID INT(11) NOT NULL, - DESCRIPTION VARCHAR (1024), - DEFAULT_QUOTA_TYPE VARCHAR(25) NOT NULL, - DEFAULT_QUOTA INTEGER NOT NULL, - DEFAULT_QUOTA_UNIT VARCHAR(10) NULL, - DEFAULT_UNIT_TIME INTEGER NOT NULL, - DEFAULT_TIME_UNIT VARCHAR(25) NOT NULL, - APPLICABLE_LEVEL VARCHAR(25) NOT NULL, - IS_DEPLOYED TINYINT(1) NOT NULL DEFAULT 0, - UUID VARCHAR(256), - PRIMARY KEY (POLICY_ID), - UNIQUE INDEX API_NAME_TENANT (NAME, TENANT_ID), - UNIQUE (UUID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_CONDITION_GROUP ( - CONDITION_GROUP_ID INTEGER NOT NULL AUTO_INCREMENT, - POLICY_ID INTEGER NOT NULL, - QUOTA_TYPE VARCHAR(25), - QUOTA INTEGER NOT NULL, - QUOTA_UNIT VARCHAR(10) NULL DEFAULT NULL, - UNIT_TIME INTEGER NOT NULL, - TIME_UNIT VARCHAR(25) NOT NULL, - DESCRIPTION VARCHAR (1024) NULL DEFAULT NULL, - PRIMARY KEY (CONDITION_GROUP_ID), - FOREIGN KEY (POLICY_ID) REFERENCES AM_API_THROTTLE_POLICY(POLICY_ID) ON DELETE CASCADE ON UPDATE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_QUERY_PARAMETER_CONDITION ( - QUERY_PARAMETER_ID INTEGER NOT NULL AUTO_INCREMENT, - CONDITION_GROUP_ID INTEGER NOT NULL, - PARAMETER_NAME VARCHAR(255) DEFAULT NULL, - PARAMETER_VALUE VARCHAR(255) DEFAULT NULL, - IS_PARAM_MAPPING BOOLEAN DEFAULT 1, - PRIMARY KEY (QUERY_PARAMETER_ID), - FOREIGN KEY (CONDITION_GROUP_ID) REFERENCES AM_CONDITION_GROUP(CONDITION_GROUP_ID) ON DELETE CASCADE ON UPDATE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_HEADER_FIELD_CONDITION ( - HEADER_FIELD_ID INTEGER NOT NULL AUTO_INCREMENT, - CONDITION_GROUP_ID INTEGER NOT NULL, - HEADER_FIELD_NAME VARCHAR(255) DEFAULT NULL, - HEADER_FIELD_VALUE VARCHAR(255) DEFAULT NULL, - IS_HEADER_FIELD_MAPPING BOOLEAN DEFAULT 1, - PRIMARY KEY (HEADER_FIELD_ID), - FOREIGN KEY (CONDITION_GROUP_ID) REFERENCES AM_CONDITION_GROUP(CONDITION_GROUP_ID) ON DELETE CASCADE ON UPDATE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_JWT_CLAIM_CONDITION ( - JWT_CLAIM_ID INTEGER NOT NULL AUTO_INCREMENT, - CONDITION_GROUP_ID INTEGER NOT NULL, - CLAIM_URI VARCHAR(512) DEFAULT NULL, - CLAIM_ATTRIB VARCHAR(1024) DEFAULT NULL, - IS_CLAIM_MAPPING BOOLEAN DEFAULT 1, - PRIMARY KEY (JWT_CLAIM_ID), - FOREIGN KEY (CONDITION_GROUP_ID) REFERENCES AM_CONDITION_GROUP(CONDITION_GROUP_ID) ON DELETE CASCADE ON UPDATE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_IP_CONDITION ( - AM_IP_CONDITION_ID INT NOT NULL AUTO_INCREMENT, - STARTING_IP VARCHAR(45) NULL, - ENDING_IP VARCHAR(45) NULL, - SPECIFIC_IP VARCHAR(45) NULL, - WITHIN_IP_RANGE BOOLEAN DEFAULT 1, - CONDITION_GROUP_ID INT NULL, - PRIMARY KEY (AM_IP_CONDITION_ID), - INDEX fk_AM_IP_CONDITION_1_idx (CONDITION_GROUP_ID ASC), CONSTRAINT fk_AM_IP_CONDITION_1 FOREIGN KEY (CONDITION_GROUP_ID) - REFERENCES AM_CONDITION_GROUP (CONDITION_GROUP_ID) ON DELETE CASCADE ON UPDATE CASCADE) - ENGINE = InnoDB; - - - CREATE TABLE IF NOT EXISTS AM_POLICY_GLOBAL ( - POLICY_ID INT(11) NOT NULL AUTO_INCREMENT, - NAME VARCHAR(512) NOT NULL, - KEY_TEMPLATE VARCHAR(512) NOT NULL, - TENANT_ID INT(11) NOT NULL, - DESCRIPTION VARCHAR(1024) NULL DEFAULT NULL, - SIDDHI_QUERY BLOB DEFAULT NULL, - IS_DEPLOYED TINYINT(1) NOT NULL DEFAULT 0, - UUID VARCHAR(256), - PRIMARY KEY (POLICY_ID), - UNIQUE (UUID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_THROTTLE_TIER_PERMISSIONS ( - THROTTLE_TIER_PERMISSIONS_ID INT NOT NULL AUTO_INCREMENT, - TIER VARCHAR(50) NULL, - PERMISSIONS_TYPE VARCHAR(50) NULL, - ROLES VARCHAR(512) NULL, - TENANT_ID INT(11) NULL, - PRIMARY KEY (THROTTLE_TIER_PERMISSIONS_ID)) - ENGINE = InnoDB; - - CREATE TABLE `AM_BLOCK_CONDITIONS` ( - `CONDITION_ID` int(11) NOT NULL AUTO_INCREMENT, - `TYPE` varchar(45) DEFAULT NULL, - `BLOCK_CONDITION` varchar(512) DEFAULT NULL, - `ENABLED` varchar(45) DEFAULT NULL, - `DOMAIN` varchar(45) DEFAULT NULL, - `UUID` VARCHAR(256), - PRIMARY KEY (`CONDITION_ID`), - UNIQUE (`UUID`) - ) ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS `AM_CERTIFICATE_METADATA` ( - `TENANT_ID` INT(11) NOT NULL, - `ALIAS` VARCHAR(255) NOT NULL, - `END_POINT` VARCHAR(255) NOT NULL, - `CERTIFICATE` BLOB DEFAULT NULL, - CONSTRAINT PK_ALIAS PRIMARY KEY (`ALIAS`) - ) ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS `AM_API_CLIENT_CERTIFICATE` ( - `TENANT_ID` INT(11) NOT NULL, - `ALIAS` VARCHAR(45) NOT NULL, - `API_ID` INTEGER NOT NULL, - `CERTIFICATE` BLOB NOT NULL, - `REMOVED` BOOLEAN NOT NULL DEFAULT 0, - `TIER_NAME` VARCHAR (512), - `REVISION_UUID` VARCHAR(255) NOT NULL DEFAULT 'Current API', - FOREIGN KEY (API_ID) REFERENCES AM_API (API_ID) ON DELETE CASCADE ON UPDATE CASCADE, - PRIMARY KEY (`ALIAS`, `TENANT_ID`, `REMOVED`, `REVISION_UUID`) - ) ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_APPLICATION_GROUP_MAPPING ( - APPLICATION_ID INTEGER NOT NULL, - GROUP_ID VARCHAR(512) NOT NULL, - TENANT VARCHAR(255), - PRIMARY KEY (APPLICATION_ID,GROUP_ID,TENANT), - FOREIGN KEY (APPLICATION_ID) REFERENCES AM_APPLICATION(APPLICATION_ID) ON DELETE CASCADE ON UPDATE CASCADE - ) ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_USAGE_UPLOADED_FILES ( - TENANT_DOMAIN varchar(255) NOT NULL, - FILE_NAME varchar(255) NOT NULL, - FILE_TIMESTAMP TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - FILE_PROCESSED tinyint(1) DEFAULT FALSE, - FILE_CONTENT MEDIUMBLOB DEFAULT NULL, - PRIMARY KEY (TENANT_DOMAIN, FILE_NAME, FILE_TIMESTAMP) - ) ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_API_LC_PUBLISH_EVENTS ( - ID INTEGER(11) NOT NULL AUTO_INCREMENT, - TENANT_DOMAIN VARCHAR(500) NOT NULL, - API_ID VARCHAR(500) NOT NULL, - EVENT_TIME TIMESTAMP NOT NULL, - PRIMARY KEY (ID) - ) ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_APPLICATION_ATTRIBUTES ( - APPLICATION_ID int(11) NOT NULL, - NAME varchar(255) NOT NULL, - APP_ATTRIBUTE varchar(1024) NOT NULL, - TENANT_ID int(11) NOT NULL, - PRIMARY KEY (APPLICATION_ID,NAME), - FOREIGN KEY (APPLICATION_ID) REFERENCES AM_APPLICATION (APPLICATION_ID) ON DELETE CASCADE ON UPDATE CASCADE - ) ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_SYSTEM_APPS ( - ID INTEGER AUTO_INCREMENT, - NAME VARCHAR(50) NOT NULL, - CONSUMER_KEY VARCHAR(512) NOT NULL, - CONSUMER_SECRET VARCHAR(512) NOT NULL, - CREATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - TENANT_DOMAIN VARCHAR(255) DEFAULT 'carbon.super', - UNIQUE (CONSUMER_KEY), - PRIMARY KEY (ID) - ) ENGINE=InnoDB; - - -- BotDATA Email table -- - CREATE TABLE IF NOT EXISTS AM_NOTIFICATION_SUBSCRIBER ( - UUID VARCHAR(255), - CATEGORY VARCHAR(255), - NOTIFICATION_METHOD VARCHAR(255), - SUBSCRIBER_ADDRESS VARCHAR(255) NOT NULL, - PRIMARY KEY(UUID, SUBSCRIBER_ADDRESS) - ) ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_REVOKED_JWT ( - UUID VARCHAR(255) NOT NULL, - SIGNATURE VARCHAR(2048) NOT NULL, - EXPIRY_TIMESTAMP BIGINT NOT NULL, - TENANT_ID INTEGER DEFAULT -1, - TOKEN_TYPE VARCHAR(15) DEFAULT 'DEFAULT', - TIME_CREATED TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (UUID) - ) ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_API_CATEGORIES ( - UUID VARCHAR(50), - NAME VARCHAR(255), - DESCRIPTION VARCHAR(1024), - ORGANIZATION VARCHAR(100), - UNIQUE (NAME,ORGANIZATION), - PRIMARY KEY (UUID) - ) ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_USER ( - USER_ID VARCHAR(255) NOT NULL, - USER_NAME VARCHAR(255) NOT NULL, - PRIMARY KEY(USER_ID) - ) ENGINE=InnoDB; - - -- Tenant Themes Table -- - CREATE TABLE IF NOT EXISTS AM_TENANT_THEMES ( - TENANT_ID INTEGER NOT NULL, - THEME MEDIUMBLOB NOT NULL, - PRIMARY KEY (TENANT_ID) - ) ENGINE=InnoDB; - -- End of API-MGT Tables -- - - -- UMA tables -- - CREATE TABLE IF NOT EXISTS IDN_UMA_RESOURCE ( - ID INTEGER AUTO_INCREMENT NOT NULL, - RESOURCE_ID VARCHAR(255), - RESOURCE_NAME VARCHAR(255), - TIME_CREATED TIMESTAMP NOT NULL, - RESOURCE_OWNER_NAME VARCHAR(255), - CLIENT_ID VARCHAR(255), - TENANT_ID INTEGER DEFAULT -1234, - USER_DOMAIN VARCHAR(50), - PRIMARY KEY (ID) - ); - - CREATE INDEX IDX_RID ON IDN_UMA_RESOURCE (RESOURCE_ID); - - CREATE INDEX IDX_USER ON IDN_UMA_RESOURCE (RESOURCE_OWNER_NAME, USER_DOMAIN); - - CREATE INDEX IDX_USER_RID ON IDN_UMA_RESOURCE (RESOURCE_ID, RESOURCE_OWNER_NAME(32), USER_DOMAIN, CLIENT_ID); - - CREATE TABLE IF NOT EXISTS IDN_UMA_RESOURCE_META_DATA ( - ID INTEGER AUTO_INCREMENT NOT NULL, - RESOURCE_IDENTITY INTEGER NOT NULL, - PROPERTY_KEY VARCHAR(40), - PROPERTY_VALUE VARCHAR(255), - PRIMARY KEY (ID), - FOREIGN KEY (RESOURCE_IDENTITY) REFERENCES IDN_UMA_RESOURCE (ID) ON DELETE CASCADE - ); - - CREATE TABLE IF NOT EXISTS IDN_UMA_RESOURCE_SCOPE ( - ID INTEGER AUTO_INCREMENT NOT NULL, - RESOURCE_IDENTITY INTEGER NOT NULL, - SCOPE_NAME VARCHAR(255), - PRIMARY KEY (ID), - FOREIGN KEY (RESOURCE_IDENTITY) REFERENCES IDN_UMA_RESOURCE (ID) ON DELETE CASCADE - ); - - CREATE INDEX IDX_RS ON IDN_UMA_RESOURCE_SCOPE (SCOPE_NAME); - - CREATE TABLE IF NOT EXISTS IDN_UMA_PERMISSION_TICKET ( - ID INTEGER AUTO_INCREMENT NOT NULL, - PT VARCHAR(255) NOT NULL, - TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - EXPIRY_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - TICKET_STATE VARCHAR(25) DEFAULT 'ACTIVE', - TENANT_ID INTEGER DEFAULT -1234, - TOKEN_ID VARCHAR(255), - PRIMARY KEY (ID) - ); - - CREATE INDEX IDX_PT ON IDN_UMA_PERMISSION_TICKET (PT); - - CREATE TABLE IF NOT EXISTS IDN_UMA_PT_RESOURCE ( - ID INTEGER AUTO_INCREMENT NOT NULL, - PT_RESOURCE_ID INTEGER NOT NULL, - PT_ID INTEGER NOT NULL, - PRIMARY KEY (ID), - FOREIGN KEY (PT_ID) REFERENCES IDN_UMA_PERMISSION_TICKET (ID) ON DELETE CASCADE, - FOREIGN KEY (PT_RESOURCE_ID) REFERENCES IDN_UMA_RESOURCE (ID) ON DELETE CASCADE - ); - - CREATE TABLE IF NOT EXISTS IDN_UMA_PT_RESOURCE_SCOPE ( - ID INTEGER AUTO_INCREMENT NOT NULL, - PT_RESOURCE_ID INTEGER NOT NULL, - PT_SCOPE_ID INTEGER NOT NULL, - PRIMARY KEY (ID), - FOREIGN KEY (PT_RESOURCE_ID) REFERENCES IDN_UMA_PT_RESOURCE (ID) ON DELETE CASCADE, - FOREIGN KEY (PT_SCOPE_ID) REFERENCES IDN_UMA_RESOURCE_SCOPE (ID) ON DELETE CASCADE - ); - - CREATE TABLE IF NOT EXISTS AM_USER ( - USER_ID VARCHAR(255) NOT NULL, - USER_NAME VARCHAR(255) NOT NULL, - PRIMARY KEY(USER_ID) - ); - - CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER ( - UUID VARCHAR(50) NOT NULL, - NAME VARCHAR(100) NULL, - DISPLAY_NAME VARCHAR(100) NULL, - DESCRIPTION VARCHAR(256) NULL, - TYPE VARCHAR(45) NULL, - CONFIGURATION BLOB NULL, - ENABLED BOOLEAN DEFAULT 1, - ORGANIZATION VARCHAR(100) NULL, - TOKEN_TYPE VARCHAR(45) NULL, - EXTERNAL_REFERENCE_ID VARCHAR(100) NULL, - PRIMARY KEY (UUID), - UNIQUE (NAME,ORGANIZATION) - ); - - -- AM_GW_PUBLISHED_API_DETAILS & AM_GW_API_ARTIFACTS are independent tables for Artifact synchronizer feature which -- - -- should not have any referential integrity constraints with other tables in AM database-- - CREATE TABLE IF NOT EXISTS AM_GW_PUBLISHED_API_DETAILS ( - API_ID varchar(255) NOT NULL, - TENANT_DOMAIN varchar(255), - API_PROVIDER varchar(255), - API_NAME varchar(255), - API_VERSION varchar(255), - API_TYPE varchar(50), - PRIMARY KEY (API_ID) - )ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_GW_API_ARTIFACTS ( - API_ID VARCHAR(255) NOT NULL, - REVISION_ID VARCHAR(255) NOT NULL, - ARTIFACT MEDIUMBLOB, - TIME_STAMP TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - PRIMARY KEY (REVISION_ID, API_ID), - FOREIGN KEY (API_ID) REFERENCES AM_GW_PUBLISHED_API_DETAILS(API_ID) ON UPDATE CASCADE ON DELETE CASCADE - )ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_GW_API_DEPLOYMENTS ( - API_ID VARCHAR(255) NOT NULL, - REVISION_ID VARCHAR(255) NOT NULL, - LABEL VARCHAR(255) NOT NULL, - VHOST VARCHAR(255) NULL, - PRIMARY KEY (REVISION_ID, API_ID,LABEL), - FOREIGN KEY (API_ID) REFERENCES AM_GW_PUBLISHED_API_DETAILS(API_ID) ON UPDATE CASCADE ON DELETE CASCADE - ) ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_SCOPE ( - SCOPE_ID INTEGER NOT NULL AUTO_INCREMENT, - NAME VARCHAR(255) NOT NULL, - DISPLAY_NAME VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(512), - TENANT_ID INTEGER NOT NULL DEFAULT -1, - SCOPE_TYPE VARCHAR(255) NOT NULL, - PRIMARY KEY (SCOPE_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_SCOPE_BINDING ( - SCOPE_ID INTEGER NOT NULL, - SCOPE_BINDING VARCHAR(255) NOT NULL, - BINDING_TYPE VARCHAR(255) NOT NULL, - FOREIGN KEY (SCOPE_ID) REFERENCES AM_SCOPE (SCOPE_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_REVISION ( - ID INTEGER NOT NULL, - API_UUID VARCHAR(256) NOT NULL, - REVISION_UUID VARCHAR(255) NOT NULL, - DESCRIPTION VARCHAR(255), - CREATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - CREATED_BY VARCHAR(255), - PRIMARY KEY (ID, API_UUID), - UNIQUE(REVISION_UUID), - FOREIGN KEY (API_UUID) REFERENCES AM_API(API_UUID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_REVISION_METADATA ( - API_UUID VARCHAR(64), - REVISION_UUID VARCHAR(255), - API_TIER VARCHAR(128), - UNIQUE (API_UUID,REVISION_UUID), - FOREIGN KEY(REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_DEPLOYMENT_REVISION_MAPPING ( - NAME VARCHAR(255) NOT NULL, - VHOST VARCHAR(255) NULL, - REVISION_UUID VARCHAR(255) NOT NULL, - DISPLAY_ON_DEVPORTAL BOOLEAN DEFAULT 0, - DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (NAME, REVISION_UUID), - FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON UPDATE CASCADE ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_DEPLOYED_REVISION ( - NAME VARCHAR(255) NOT NULL, - VHOST VARCHAR(255) NULL, - REVISION_UUID VARCHAR(255) NOT NULL, - DEPLOYED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (NAME, REVISION_UUID), - FOREIGN KEY (REVISION_UUID) REFERENCES AM_REVISION(REVISION_UUID) ON UPDATE CASCADE ON DELETE CASCADE - )ENGINE INNODB; - - -- Gateway Environments Table -- - CREATE TABLE IF NOT EXISTS AM_GATEWAY_ENVIRONMENT ( - ID INTEGER NOT NULL AUTO_INCREMENT, - UUID VARCHAR(45) NOT NULL, - NAME VARCHAR(255) NOT NULL, - DISPLAY_NAME VARCHAR(255) NULL, - DESCRIPTION VARCHAR(1023) NULL, - PROVIDER VARCHAR(255) NOT NULL, - ORGANIZATION VARCHAR(255) NOT NULL, - UNIQUE (NAME, ORGANIZATION), - UNIQUE (UUID), - PRIMARY KEY (ID) - ); - - -- Virtual Hosts Table -- - CREATE TABLE IF NOT EXISTS AM_GW_VHOST ( - GATEWAY_ENV_ID INTEGER NOT NULL, - HOST VARCHAR(255) NOT NULL, - HTTP_CONTEXT VARCHAR(255) NULL, - HTTP_PORT VARCHAR(5) NOT NULL, - HTTPS_PORT VARCHAR(5) NOT NULL, - WS_PORT VARCHAR(5) NOT NULL, - WSS_PORT VARCHAR(5) NOT NULL, - FOREIGN KEY (GATEWAY_ENV_ID) REFERENCES AM_GATEWAY_ENVIRONMENT(ID) ON UPDATE CASCADE ON DELETE CASCADE, - PRIMARY KEY (GATEWAY_ENV_ID, HOST) - ); - - -- Service Catalog -- - CREATE TABLE IF NOT EXISTS AM_SERVICE_CATALOG ( - UUID VARCHAR(36) NOT NULL, - SERVICE_KEY VARCHAR(512) NOT NULL, - MD5 VARCHAR(100) NOT NULL, - SERVICE_NAME VARCHAR(255) NOT NULL, - SERVICE_VERSION VARCHAR(30) NOT NULL, - TENANT_ID INTEGER NOT NULL, - SERVICE_URL VARCHAR(2048) NOT NULL, - DEFINITION_TYPE VARCHAR(20), - DEFINITION_URL VARCHAR(2048), - DESCRIPTION VARCHAR(1024), - SECURITY_TYPE VARCHAR(50), - MUTUAL_SSL_ENABLED BOOLEAN DEFAULT 0, - CREATED_TIME TIMESTAMP NULL, - LAST_UPDATED_TIME TIMESTAMP NULL, - CREATED_BY VARCHAR(255), - UPDATED_BY VARCHAR(255), - SERVICE_DEFINITION BLOB NOT NULL, - PRIMARY KEY (UUID), - UNIQUE (SERVICE_NAME, SERVICE_VERSION, TENANT_ID), - UNIQUE (SERVICE_KEY, TENANT_ID) - )ENGINE=InnoDB; - - CREATE TABLE IF NOT EXISTS AM_API_SERVICE_MAPPING ( - API_ID INTEGER NOT NULL, - SERVICE_KEY VARCHAR(256) NOT NULL, - MD5 VARCHAR(100), - TENANT_ID INTEGER NOT NULL, - PRIMARY KEY (API_ID, SERVICE_KEY), - FOREIGN KEY (API_ID) REFERENCES AM_API(API_ID) ON DELETE CASCADE - )ENGINE=InnoDB; - - -- Webhooks -- - CREATE TABLE IF NOT EXISTS AM_WEBHOOKS_SUBSCRIPTION ( - WH_SUBSCRIPTION_ID INTEGER NOT NULL AUTO_INCREMENT, - API_UUID VARCHAR(255) NOT NULL, - APPLICATION_ID VARCHAR(20) NOT NULL, - TENANT_DOMAIN VARCHAR(255) NOT NULL, - HUB_CALLBACK_URL VARCHAR(1024) NOT NULL, - HUB_TOPIC VARCHAR(255) NOT NULL, - HUB_SECRET VARCHAR(2048), - HUB_LEASE_SECONDS INTEGER, - UPDATED_AT TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - EXPIRY_AT BIGINT, - DELIVERED_AT TIMESTAMP NULL, - DELIVERY_STATE INTEGER NOT NULL DEFAULT 0, - PRIMARY KEY (WH_SUBSCRIPTION_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_WEBHOOKS_UNSUBSCRIPTION ( - API_UUID VARCHAR(255) NOT NULL, - APPLICATION_ID VARCHAR(20) NOT NULL, - TENANT_DOMAIN VARCHAR(255) NOT NULL, - HUB_CALLBACK_URL VARCHAR(1024) NOT NULL, - HUB_TOPIC VARCHAR(255) NOT NULL, - HUB_SECRET VARCHAR(2048), - HUB_LEASE_SECONDS INTEGER, - ADDED_AT TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_ENVIRONMENT_KEYS - ( - UUID VARCHAR(45) NOT NULL, - ENVIRONMENT_ID VARCHAR(45) NOT NULL, - API_UUID VARCHAR(256) NOT NULL, - PROPERTY_CONFIG BLOB DEFAULT NULL, - UNIQUE (ENVIRONMENT_ID, API_UUID), - FOREIGN KEY (API_UUID) REFERENCES AM_API(API_UUID) ON DELETE CASCADE, - PRIMARY KEY (UUID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_OPERATION_POLICY ( - POLICY_UUID VARCHAR(45) NOT NULL, - POLICY_NAME VARCHAR(300) NOT NULL, - POLICY_VERSION VARCHAR(45) DEFAULT 'v1', - DISPLAY_NAME VARCHAR(300) NOT NULL, - POLICY_DESCRIPTION VARCHAR(1024), - APPLICABLE_FLOWS VARCHAR(45) NOT NULL, - GATEWAY_TYPES VARCHAR(45) NOT NULL, - API_TYPES VARCHAR(45) NOT NULL, - POLICY_PARAMETERS blob, - ORGANIZATION VARCHAR(100), - POLICY_CATEGORY VARCHAR(45) NOT NULL, - POLICY_MD5 VARCHAR(45) NOT NULL, - PRIMARY KEY(POLICY_UUID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_OPERATION_POLICY_DEFINITION ( - DEFINITION_ID INTEGER AUTO_INCREMENT, - POLICY_UUID VARCHAR(45) NOT NULL, - POLICY_DEFINITION blob NOT NULL, - GATEWAY_TYPE VARCHAR(20) NOT NULL, - DEFINITION_MD5 VARCHAR(45) NOT NULL, - UNIQUE (POLICY_UUID, GATEWAY_TYPE), - FOREIGN KEY (POLICY_UUID) REFERENCES AM_OPERATION_POLICY(POLICY_UUID) ON DELETE CASCADE, - PRIMARY KEY(DEFINITION_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_COMMON_OPERATION_POLICY ( - COMMON_POLICY_ID INTEGER AUTO_INCREMENT, - POLICY_UUID VARCHAR(45) NOT NULL, - FOREIGN KEY (POLICY_UUID) REFERENCES AM_OPERATION_POLICY(POLICY_UUID) ON DELETE CASCADE, - PRIMARY KEY(COMMON_POLICY_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_OPERATION_POLICY ( - API_SPECIFIC_POLICY_ID INTEGER AUTO_INCREMENT, - POLICY_UUID VARCHAR(45) NOT NULL, - API_UUID VARCHAR(45) NOT NULL, - REVISION_UUID VARCHAR(45), - CLONED_POLICY_UUID VARCHAR(45), - FOREIGN KEY (POLICY_UUID) REFERENCES AM_OPERATION_POLICY(POLICY_UUID) ON DELETE CASCADE, - PRIMARY KEY(API_SPECIFIC_POLICY_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_API_OPERATION_POLICY_MAPPING ( - OPERATION_POLICY_MAPPING_ID INTEGER AUTO_INCREMENT, - URL_MAPPING_ID INTEGER NOT NULL, - POLICY_UUID VARCHAR(45) NOT NULL, - POLICY_ORDER INTEGER NOT NULL, - DIRECTION VARCHAR(10) NOT NULL, - PARAMETERS VARCHAR(1024) NOT NULL, - FOREIGN KEY (URL_MAPPING_ID) REFERENCES AM_API_URL_MAPPING(URL_MAPPING_ID) ON DELETE CASCADE, - FOREIGN KEY (POLICY_UUID) REFERENCES AM_OPERATION_POLICY(POLICY_UUID) ON DELETE CASCADE, - PRIMARY KEY(OPERATION_POLICY_MAPPING_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_SYSTEM_CONFIGS - ( - ORGANIZATION VARCHAR(100) NOT NULL, - CONFIG_TYPE VARCHAR(100) NOT NULL, - CONFIGURATION BLOB NOT NULL, - PRIMARY KEY (ORGANIZATION,CONFIG_TYPE) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_CORRELATION_CONFIGS ( - COMPONENT_NAME VARCHAR(45) NOT NULL, - ENABLED VARCHAR(45) NOT NULL, - PRIMARY KEY (COMPONENT_NAME) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS AM_CORRELATION_PROPERTIES( - PROPERTY_NAME VARCHAR(45) NOT NULL, - COMPONENT_NAME VARCHAR(45) NOT NULL, - PROPERTY_VALUE VARCHAR(1023) NOT NULL, - PRIMARY KEY (PROPERTY_NAME, COMPONENT_NAME), - FOREIGN KEY (COMPONENT_NAME) REFERENCES AM_CORRELATION_CONFIGS(COMPONENT_NAME) ON DELETE CASCADE - )ENGINE INNODB; - - - - -- Performance indexes start-- - - create index IDX_ITS_LMT on IDN_THRIFT_SESSION (LAST_MODIFIED_TIME); - create index IDX_IOAT_UT on IDN_OAUTH2_ACCESS_TOKEN (USER_TYPE); - create index IDX_AAI_CTX on AM_API (CONTEXT); - create index IDX_AAI_ORG on AM_API (ORGANIZATION); - create index IDX_AAKM_CK on AM_APPLICATION_KEY_MAPPING (CONSUMER_KEY); - create index IDX_AAUM_AI on AM_API_URL_MAPPING (API_ID); - create index IDX_AAPM_AI on AM_API_PRODUCT_MAPPING (API_ID); - create index IDX_AAUM_TT on AM_API_URL_MAPPING (THROTTLING_TIER); - create index IDX_AATP_DQT on AM_API_THROTTLE_POLICY (DEFAULT_QUOTA_TYPE); - create index IDX_ACG_QT on AM_CONDITION_GROUP (QUOTA_TYPE); - create index IDX_APS_QT on AM_POLICY_SUBSCRIPTION (QUOTA_TYPE); - create index IDX_AS_AITIAI on AM_SUBSCRIPTION (API_ID,TIER_ID,APPLICATION_ID); - create index IDX_APA_QT on AM_POLICY_APPLICATION (QUOTA_TYPE); - create index IDX_AA_AT_CB on AM_APPLICATION (APPLICATION_TIER,CREATED_BY); - CREATE INDEX IDX_IOAT_TSH_TS on IDN_OAUTH2_ACCESS_TOKEN(TOKEN_SCOPE_HASH, TOKEN_STATE); - - -- Performance indexes end-- - mysql_shared.sql: |- - DROP DATABASE IF EXISTS WSO2AM_SHARED_DB; - CREATE DATABASE WSO2AM_SHARED_DB; - GRANT ALL ON WSO2AM_SHARED_DB.* TO 'wso2carbon'@'%' IDENTIFIED BY 'wso2carbon'; - - USE WSO2AM_SHARED_DB DEFAULT CHARACTER SET latin1; - - CREATE TABLE IF NOT EXISTS REG_CLUSTER_LOCK ( - REG_LOCK_NAME VARCHAR (20), - REG_LOCK_STATUS VARCHAR (20), - REG_LOCKED_TIME TIMESTAMP, - REG_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (REG_LOCK_NAME) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS REG_LOG ( - REG_LOG_ID INTEGER AUTO_INCREMENT, - REG_PATH VARCHAR (750), - REG_USER_ID VARCHAR (255) NOT NULL, - REG_LOGGED_TIME TIMESTAMP NOT NULL, - REG_ACTION INTEGER NOT NULL, - REG_ACTION_DATA VARCHAR (500), - REG_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (REG_LOG_ID, REG_TENANT_ID) - )ENGINE INNODB; - - CREATE INDEX REG_LOG_IND_BY_REGLOG USING HASH ON REG_LOG(REG_LOGGED_TIME, REG_TENANT_ID); - - -- The REG_PATH_VALUE should be less than 767 bytes, and hence was fixed at 750. - -- See CARBON-5917. - - CREATE TABLE IF NOT EXISTS REG_PATH( - REG_PATH_ID INTEGER NOT NULL AUTO_INCREMENT, - REG_PATH_VALUE VARCHAR(750) CHARACTER SET latin1 COLLATE latin1_general_cs NOT NULL, - REG_PATH_PARENT_ID INTEGER, - REG_TENANT_ID INTEGER DEFAULT 0, - CONSTRAINT PK_REG_PATH PRIMARY KEY(REG_PATH_ID, REG_TENANT_ID), - CONSTRAINT UNIQUE_REG_PATH_TENANT_ID UNIQUE (REG_PATH_VALUE,REG_TENANT_ID) - )ENGINE INNODB; - - CREATE INDEX REG_PATH_IND_BY_PATH_PARENT_ID USING HASH ON REG_PATH(REG_PATH_PARENT_ID, REG_TENANT_ID); - - CREATE TABLE IF NOT EXISTS REG_CONTENT ( - REG_CONTENT_ID INTEGER NOT NULL AUTO_INCREMENT, - REG_CONTENT_DATA LONGBLOB, - REG_TENANT_ID INTEGER DEFAULT 0, - CONSTRAINT PK_REG_CONTENT PRIMARY KEY(REG_CONTENT_ID, REG_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS REG_CONTENT_HISTORY ( - REG_CONTENT_ID INTEGER NOT NULL, - REG_CONTENT_DATA LONGBLOB, - REG_DELETED SMALLINT, - REG_TENANT_ID INTEGER DEFAULT 0, - CONSTRAINT PK_REG_CONTENT_HISTORY PRIMARY KEY(REG_CONTENT_ID, REG_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS REG_RESOURCE ( - REG_PATH_ID INTEGER NOT NULL, - REG_NAME VARCHAR(256), - REG_VERSION INTEGER NOT NULL AUTO_INCREMENT, - REG_MEDIA_TYPE VARCHAR(500), - REG_CREATOR VARCHAR(255) NOT NULL, - REG_CREATED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - REG_LAST_UPDATOR VARCHAR(255), - REG_LAST_UPDATED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - REG_DESCRIPTION VARCHAR(1000), - REG_CONTENT_ID INTEGER, - REG_TENANT_ID INTEGER DEFAULT 0, - REG_UUID VARCHAR(100) NOT NULL, - CONSTRAINT PK_REG_RESOURCE PRIMARY KEY(REG_VERSION, REG_TENANT_ID) - )ENGINE INNODB; - - ALTER TABLE REG_RESOURCE ADD CONSTRAINT REG_RESOURCE_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); - ALTER TABLE REG_RESOURCE ADD CONSTRAINT REG_RESOURCE_FK_BY_CONTENT_ID FOREIGN KEY (REG_CONTENT_ID, REG_TENANT_ID) REFERENCES REG_CONTENT (REG_CONTENT_ID, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_IND_BY_NAME USING HASH ON REG_RESOURCE(REG_NAME, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_IND_BY_PATH_ID_NAME USING HASH ON REG_RESOURCE(REG_PATH_ID, REG_NAME, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_IND_BY_UUID USING HASH ON REG_RESOURCE(REG_UUID); - CREATE INDEX REG_RESOURCE_IND_BY_TENAN USING HASH ON REG_RESOURCE(REG_TENANT_ID, REG_UUID); - CREATE INDEX REG_RESOURCE_IND_BY_TYPE USING HASH ON REG_RESOURCE(REG_TENANT_ID, REG_MEDIA_TYPE); - - CREATE TABLE IF NOT EXISTS REG_RESOURCE_HISTORY ( - REG_PATH_ID INTEGER NOT NULL, - REG_NAME VARCHAR(256), - REG_VERSION INTEGER NOT NULL, - REG_MEDIA_TYPE VARCHAR(500), - REG_CREATOR VARCHAR(255) NOT NULL, - REG_CREATED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - REG_LAST_UPDATOR VARCHAR(255), - REG_LAST_UPDATED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - REG_DESCRIPTION VARCHAR(1000), - REG_CONTENT_ID INTEGER, - REG_DELETED SMALLINT, - REG_TENANT_ID INTEGER DEFAULT 0, - REG_UUID VARCHAR(100) NOT NULL, - CONSTRAINT PK_REG_RESOURCE_HISTORY PRIMARY KEY(REG_VERSION, REG_TENANT_ID) - )ENGINE INNODB; - - ALTER TABLE REG_RESOURCE_HISTORY ADD CONSTRAINT REG_RESOURCE_HIST_FK_BY_PATHID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); - ALTER TABLE REG_RESOURCE_HISTORY ADD CONSTRAINT REG_RESOURCE_HIST_FK_BY_CONTENT_ID FOREIGN KEY (REG_CONTENT_ID, REG_TENANT_ID) REFERENCES REG_CONTENT_HISTORY (REG_CONTENT_ID, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_HISTORY_IND_BY_NAME USING HASH ON REG_RESOURCE_HISTORY(REG_NAME, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_HISTORY_IND_BY_PATH_ID_NAME USING HASH ON REG_RESOURCE(REG_PATH_ID, REG_NAME, REG_TENANT_ID); - - CREATE TABLE IF NOT EXISTS REG_COMMENT ( - REG_ID INTEGER NOT NULL AUTO_INCREMENT, - REG_COMMENT_TEXT VARCHAR(500) NOT NULL, - REG_USER_ID VARCHAR(255) NOT NULL, - REG_COMMENTED_TIME TIMESTAMP NOT NULL, - REG_TENANT_ID INTEGER DEFAULT 0, - CONSTRAINT PK_REG_COMMENT PRIMARY KEY(REG_ID, REG_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS REG_RESOURCE_COMMENT ( - ID INTEGER NOT NULL AUTO_INCREMENT, - REG_COMMENT_ID INTEGER NOT NULL, - REG_VERSION INTEGER, - REG_PATH_ID INTEGER, - REG_RESOURCE_NAME VARCHAR(256), - REG_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY(ID) - )ENGINE INNODB; - - ALTER TABLE REG_RESOURCE_COMMENT ADD CONSTRAINT REG_RESOURCE_COMMENT_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); - ALTER TABLE REG_RESOURCE_COMMENT ADD CONSTRAINT REG_RESOURCE_COMMENT_FK_BY_COMMENT_ID FOREIGN KEY (REG_COMMENT_ID, REG_TENANT_ID) REFERENCES REG_COMMENT (REG_ID, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_COMMENT_IND_BY_PATH_ID_AND_RESOURCE_NAME USING HASH ON REG_RESOURCE_COMMENT(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_COMMENT_IND_BY_VERSION USING HASH ON REG_RESOURCE_COMMENT(REG_VERSION, REG_TENANT_ID); - - CREATE TABLE IF NOT EXISTS REG_RATING ( - REG_ID INTEGER NOT NULL AUTO_INCREMENT, - REG_RATING INTEGER NOT NULL, - REG_USER_ID VARCHAR(255) NOT NULL, - REG_RATED_TIME TIMESTAMP NOT NULL, - REG_TENANT_ID INTEGER DEFAULT 0, - CONSTRAINT PK_REG_RATING PRIMARY KEY(REG_ID, REG_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS REG_RESOURCE_RATING ( - ID INTEGER NOT NULL AUTO_INCREMENT, - REG_RATING_ID INTEGER NOT NULL, - REG_VERSION INTEGER, - REG_PATH_ID INTEGER, - REG_RESOURCE_NAME VARCHAR(256), - REG_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY(ID) - )ENGINE INNODB; - - ALTER TABLE REG_RESOURCE_RATING ADD CONSTRAINT REG_RESOURCE_RATING_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); - ALTER TABLE REG_RESOURCE_RATING ADD CONSTRAINT REG_RESOURCE_RATING_FK_BY_RATING_ID FOREIGN KEY (REG_RATING_ID, REG_TENANT_ID) REFERENCES REG_RATING (REG_ID, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_RATING_IND_BY_PATH_ID_AND_RESOURCE_NAME USING HASH ON REG_RESOURCE_RATING(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_RATING_IND_BY_VERSION USING HASH ON REG_RESOURCE_RATING(REG_VERSION, REG_TENANT_ID); - - - CREATE TABLE IF NOT EXISTS REG_TAG ( - REG_ID INTEGER NOT NULL AUTO_INCREMENT, - REG_TAG_NAME VARCHAR(500) NOT NULL, - REG_USER_ID VARCHAR(255) NOT NULL, - REG_TAGGED_TIME TIMESTAMP NOT NULL, - REG_TENANT_ID INTEGER DEFAULT 0, - CONSTRAINT PK_REG_TAG PRIMARY KEY(REG_ID, REG_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS REG_RESOURCE_TAG ( - ID INTEGER NOT NULL AUTO_INCREMENT, - REG_TAG_ID INTEGER NOT NULL, - REG_VERSION INTEGER, - REG_PATH_ID INTEGER, - REG_RESOURCE_NAME VARCHAR(256), - REG_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY(ID) - )ENGINE INNODB; - - ALTER TABLE REG_RESOURCE_TAG ADD CONSTRAINT REG_RESOURCE_TAG_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); - ALTER TABLE REG_RESOURCE_TAG ADD CONSTRAINT REG_RESOURCE_TAG_FK_BY_TAG_ID FOREIGN KEY (REG_TAG_ID, REG_TENANT_ID) REFERENCES REG_TAG (REG_ID, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_TAG_IND_BY_PATH_ID_AND_RESOURCE_NAME USING HASH ON REG_RESOURCE_TAG(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_TAG_IND_BY_VERSION USING HASH ON REG_RESOURCE_TAG(REG_VERSION, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_TAG_IND_BY_REG_TAG_ID USING HASH ON REG_RESOURCE_TAG(REG_TAG_ID, REG_TENANT_ID); - - CREATE TABLE IF NOT EXISTS REG_PROPERTY ( - REG_ID INTEGER NOT NULL AUTO_INCREMENT, - REG_NAME VARCHAR(100) NOT NULL, - REG_VALUE VARCHAR(1000), - REG_TENANT_ID INTEGER DEFAULT 0, - CONSTRAINT PK_REG_PROPERTY PRIMARY KEY(REG_ID, REG_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS REG_RESOURCE_PROPERTY ( - ID INTEGER NOT NULL AUTO_INCREMENT, - REG_PROPERTY_ID INTEGER NOT NULL, - REG_VERSION INTEGER, - REG_PATH_ID INTEGER, - REG_RESOURCE_NAME VARCHAR(256), - REG_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY(ID) - )ENGINE INNODB; - - ALTER TABLE REG_RESOURCE_PROPERTY ADD CONSTRAINT REG_RESOURCE_PROPERTY_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); - ALTER TABLE REG_RESOURCE_PROPERTY ADD CONSTRAINT REG_RESOURCE_PROPERTY_FK_BY_TAG_ID FOREIGN KEY (REG_PROPERTY_ID, REG_TENANT_ID) REFERENCES REG_PROPERTY (REG_ID, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_PROPERTY_IND_BY_PATH_ID_AND_RESOURCE_NAME USING HASH ON REG_RESOURCE_PROPERTY(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_PROPERTY_IND_BY_VERSION USING HASH ON REG_RESOURCE_PROPERTY(REG_VERSION, REG_TENANT_ID); - CREATE INDEX REG_RESOURCE_PROPERTY_IND_BY_REG_PROP_ID ON REG_RESOURCE_PROPERTY(REG_TENANT_ID, REG_PROPERTY_ID); - - -- CREATE TABLE IF NOT EXISTS REG_ASSOCIATIONS ( - -- SRC_PATH_ID INTEGER, - -- SRC_RESOURCE_NAME VARCHAR(256), - -- SRC_VERSION INTEGER, - -- TGT_PATH_ID INTEGER, - -- TGT_RESOURCE_NAME VARCHAR(256), - -- TGT_VERSION INTEGER - -- )ENGINE INNODB; - -- - -- ALTER TABLE REG_ASSOCIATIONS ADD CONSTRAINT REG_ASSOCIATIONS_FK_BY_SRC_PATH_ID FOREIGN KEY (SRC_PATH_ID) REFERENCES REG_PATH (PATH_ID); - -- ALTER TABLE REG_ASSOCIATIONS ADD CONSTRAINT REG_ASSOCIATIONS_FK_BY_TGT_PATH_ID FOREIGN KEY (TGT_PATH_ID) REFERENCES REG_PATH (PATH_ID); - -- CREATE INDEX REG_ASSOCIATIONS_IND_BY_SRC_VERSION ON REG_ASSOCIATIONS(SRC_VERSION); - -- CREATE INDEX REG_ASSOCIATIONS_IND_BY_TGT_VERSION ON REG_ASSOCIATIONS(TGT_VERSION); - -- CREATE INDEX REG_ASSOCIATIONS_IND_BY_SRC_RESOURCE_NAME ON REG_ASSOCIATIONS(SRC_RESOURCE_NAME); - -- CREATE INDEX REG_ASSOCIATIONS_IND_BY_TGT_RESOURCE_NAME ON REG_ASSOCIATIONS(TGT_RESOURCE_NAME); - - - - CREATE TABLE IF NOT EXISTS REG_ASSOCIATION ( - REG_ASSOCIATION_ID INTEGER AUTO_INCREMENT, - REG_SOURCEPATH VARCHAR (750) NOT NULL, - REG_TARGETPATH VARCHAR (750) NOT NULL, - REG_ASSOCIATION_TYPE VARCHAR (2000) NOT NULL, - REG_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (REG_ASSOCIATION_ID, REG_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS REG_SNAPSHOT ( - REG_SNAPSHOT_ID INTEGER NOT NULL AUTO_INCREMENT, - REG_PATH_ID INTEGER NOT NULL, - REG_RESOURCE_NAME VARCHAR(255), - REG_RESOURCE_VIDS LONGBLOB NOT NULL, - REG_TENANT_ID INTEGER DEFAULT 0, - CONSTRAINT PK_REG_SNAPSHOT PRIMARY KEY(REG_SNAPSHOT_ID, REG_TENANT_ID) - )ENGINE INNODB; - - CREATE INDEX REG_SNAPSHOT_IND_BY_PATH_ID_AND_RESOURCE_NAME USING HASH ON REG_SNAPSHOT(REG_PATH_ID, REG_RESOURCE_NAME, REG_TENANT_ID); - - ALTER TABLE REG_SNAPSHOT ADD CONSTRAINT REG_SNAPSHOT_FK_BY_PATH_ID FOREIGN KEY (REG_PATH_ID, REG_TENANT_ID) REFERENCES REG_PATH (REG_PATH_ID, REG_TENANT_ID); - - - -- ################################ - -- USER MANAGER TABLES - -- ################################ - - CREATE TABLE UM_TENANT ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_TENANT_UUID VARCHAR(36) NOT NULL, - UM_DOMAIN_NAME VARCHAR(255) NOT NULL, - UM_EMAIL VARCHAR(255), - UM_ACTIVE BOOLEAN DEFAULT FALSE, - UM_CREATED_DATE TIMESTAMP NOT NULL, - UM_USER_CONFIG LONGBLOB, - UM_ORG_UUID VARCHAR(36) DEFAULT NULL, - PRIMARY KEY (UM_ID), - UNIQUE(UM_DOMAIN_NAME), - UNIQUE(UM_TENANT_UUID) - )ENGINE INNODB; - - CREATE TABLE UM_DOMAIN( - UM_DOMAIN_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_DOMAIN_NAME VARCHAR(255) NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (UM_DOMAIN_ID, UM_TENANT_ID), - UNIQUE(UM_DOMAIN_NAME,UM_TENANT_ID) - )ENGINE INNODB; - - CREATE UNIQUE INDEX INDEX_UM_TENANT_UM_DOMAIN_NAME - ON UM_TENANT (UM_DOMAIN_NAME); - - CREATE TABLE UM_USER ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_USER_ID VARCHAR(255) NOT NULL, - UM_USER_NAME VARCHAR(255) NOT NULL, - UM_USER_PASSWORD VARCHAR(255) NOT NULL, - UM_SALT_VALUE VARCHAR(31), - UM_REQUIRE_CHANGE BOOLEAN DEFAULT FALSE, - UM_CHANGED_TIME TIMESTAMP NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (UM_ID, UM_TENANT_ID), - UNIQUE(UM_USER_ID), - UNIQUE(UM_USER_NAME, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE UNIQUE INDEX INDEX_UM_USERNAME_UM_TENANT_ID ON UM_USER(UM_USER_NAME, UM_TENANT_ID); - - CREATE TABLE UM_SYSTEM_USER ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_USER_NAME VARCHAR(255) NOT NULL, - UM_USER_PASSWORD VARCHAR(255) NOT NULL, - UM_SALT_VALUE VARCHAR(31), - UM_REQUIRE_CHANGE BOOLEAN DEFAULT FALSE, - UM_CHANGED_TIME TIMESTAMP NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (UM_ID, UM_TENANT_ID), - UNIQUE(UM_USER_NAME, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE UM_ROLE ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_ROLE_NAME VARCHAR(255) NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - UM_SHARED_ROLE BOOLEAN DEFAULT FALSE, - PRIMARY KEY (UM_ID, UM_TENANT_ID), - UNIQUE(UM_ROLE_NAME, UM_TENANT_ID) - )ENGINE INNODB; - - - CREATE TABLE UM_MODULE( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_MODULE_NAME VARCHAR(100), - UNIQUE(UM_MODULE_NAME), - PRIMARY KEY(UM_ID) - )ENGINE INNODB; - - CREATE TABLE UM_MODULE_ACTIONS( - UM_ACTION VARCHAR(255) NOT NULL, - UM_MODULE_ID INTEGER NOT NULL, - PRIMARY KEY(UM_ACTION, UM_MODULE_ID), - FOREIGN KEY (UM_MODULE_ID) REFERENCES UM_MODULE(UM_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE UM_PERMISSION ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_RESOURCE_ID VARCHAR(255) NOT NULL, - UM_ACTION VARCHAR(255) NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - UM_MODULE_ID INTEGER DEFAULT 0, - UNIQUE(UM_RESOURCE_ID,UM_ACTION, UM_TENANT_ID), - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE INDEX INDEX_UM_PERMISSION_UM_RESOURCE_ID_UM_ACTION ON UM_PERMISSION (UM_RESOURCE_ID, UM_ACTION, UM_TENANT_ID); - - CREATE TABLE UM_ROLE_PERMISSION ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_PERMISSION_ID INTEGER NOT NULL, - UM_ROLE_NAME VARCHAR(255) NOT NULL, - UM_IS_ALLOWED SMALLINT NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - UM_DOMAIN_ID INTEGER, - UNIQUE (UM_PERMISSION_ID, UM_ROLE_NAME, UM_TENANT_ID, UM_DOMAIN_ID), - FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE, - FOREIGN KEY (UM_DOMAIN_ID, UM_TENANT_ID) REFERENCES UM_DOMAIN(UM_DOMAIN_ID, UM_TENANT_ID) ON DELETE CASCADE, - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - -- REMOVED UNIQUE (UM_PERMISSION_ID, UM_ROLE_ID) - CREATE TABLE UM_USER_PERMISSION ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_PERMISSION_ID INTEGER NOT NULL, - UM_USER_NAME VARCHAR(255) NOT NULL, - UM_IS_ALLOWED SMALLINT NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE, - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - -- REMOVED UNIQUE (UM_PERMISSION_ID, UM_USER_ID) - CREATE TABLE UM_USER_ROLE ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_ROLE_ID INTEGER NOT NULL, - UM_USER_ID INTEGER NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - UNIQUE (UM_USER_ID, UM_ROLE_ID, UM_TENANT_ID), - FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_ROLE(UM_ID, UM_TENANT_ID), - FOREIGN KEY (UM_USER_ID, UM_TENANT_ID) REFERENCES UM_USER(UM_ID, UM_TENANT_ID), - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE UM_SHARED_USER_ROLE( - ID INTEGER NOT NULL AUTO_INCREMENT, - UM_ROLE_ID INTEGER NOT NULL, - UM_USER_ID INTEGER NOT NULL, - UM_USER_TENANT_ID INTEGER NOT NULL, - UM_ROLE_TENANT_ID INTEGER NOT NULL, - UNIQUE(UM_USER_ID,UM_ROLE_ID,UM_USER_TENANT_ID, UM_ROLE_TENANT_ID), - FOREIGN KEY(UM_ROLE_ID,UM_ROLE_TENANT_ID) REFERENCES UM_ROLE(UM_ID,UM_TENANT_ID) ON DELETE CASCADE, - FOREIGN KEY(UM_USER_ID,UM_USER_TENANT_ID) REFERENCES UM_USER(UM_ID,UM_TENANT_ID) ON DELETE CASCADE, - PRIMARY KEY(ID) - )ENGINE INNODB; - - CREATE TABLE UM_ACCOUNT_MAPPING( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_USER_NAME VARCHAR(255) NOT NULL, - UM_TENANT_ID INTEGER NOT NULL, - UM_USER_STORE_DOMAIN VARCHAR(100), - UM_ACC_LINK_ID INTEGER NOT NULL, - UNIQUE(UM_USER_NAME, UM_TENANT_ID, UM_USER_STORE_DOMAIN, UM_ACC_LINK_ID), - FOREIGN KEY (UM_TENANT_ID) REFERENCES UM_TENANT(UM_ID) ON DELETE CASCADE, - PRIMARY KEY (UM_ID) - )ENGINE INNODB; - - - CREATE TABLE UM_USER_ATTRIBUTE ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_ATTR_NAME VARCHAR(255) NOT NULL, - UM_ATTR_VALUE VARCHAR(1024), - UM_PROFILE_ID VARCHAR(255), - UM_USER_ID INTEGER, - UM_TENANT_ID INTEGER DEFAULT 0, - FOREIGN KEY (UM_USER_ID, UM_TENANT_ID) REFERENCES UM_USER(UM_ID, UM_TENANT_ID), - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE INDEX UM_USER_ID_INDEX ON UM_USER_ATTRIBUTE(UM_USER_ID); - - CREATE INDEX UM_ATTR_NAME_VALUE_INDEX ON UM_USER_ATTRIBUTE(UM_ATTR_NAME, UM_ATTR_VALUE(512)); - - CREATE TABLE UM_DIALECT( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_DIALECT_URI VARCHAR(255) NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - UNIQUE(UM_DIALECT_URI, UM_TENANT_ID), - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE UM_CLAIM( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_DIALECT_ID INTEGER NOT NULL, - UM_CLAIM_URI VARCHAR(255) NOT NULL, - UM_DISPLAY_TAG VARCHAR(255), - UM_DESCRIPTION VARCHAR(255), - UM_MAPPED_ATTRIBUTE_DOMAIN VARCHAR(255), - UM_MAPPED_ATTRIBUTE VARCHAR(255), - UM_REG_EX VARCHAR(255), - UM_SUPPORTED SMALLINT, - UM_REQUIRED SMALLINT, - UM_DISPLAY_ORDER INTEGER, - UM_CHECKED_ATTRIBUTE SMALLINT, - UM_READ_ONLY SMALLINT, - UM_TENANT_ID INTEGER DEFAULT 0, - UNIQUE(UM_DIALECT_ID, UM_CLAIM_URI, UM_TENANT_ID,UM_MAPPED_ATTRIBUTE_DOMAIN), - FOREIGN KEY(UM_DIALECT_ID, UM_TENANT_ID) REFERENCES UM_DIALECT(UM_ID, UM_TENANT_ID), - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - - CREATE TABLE UM_PROFILE_CONFIG( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_DIALECT_ID INTEGER NOT NULL, - UM_PROFILE_NAME VARCHAR(255), - UM_TENANT_ID INTEGER DEFAULT 0, - FOREIGN KEY(UM_DIALECT_ID, UM_TENANT_ID) REFERENCES UM_DIALECT(UM_ID, UM_TENANT_ID), - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS UM_CLAIM_BEHAVIOR( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_PROFILE_ID INTEGER, - UM_CLAIM_ID INTEGER, - UM_BEHAVIOUR SMALLINT, - UM_TENANT_ID INTEGER DEFAULT 0, - FOREIGN KEY(UM_PROFILE_ID, UM_TENANT_ID) REFERENCES UM_PROFILE_CONFIG(UM_ID,UM_TENANT_ID), - FOREIGN KEY(UM_CLAIM_ID, UM_TENANT_ID) REFERENCES UM_CLAIM(UM_ID,UM_TENANT_ID), - PRIMARY KEY(UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE UM_HYBRID_ROLE( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_ROLE_NAME VARCHAR(255) NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (UM_ID, UM_TENANT_ID), - UNIQUE(UM_ROLE_NAME,UM_TENANT_ID) - )ENGINE INNODB; - - CREATE INDEX UM_ROLE_NAME_IND ON UM_HYBRID_ROLE(UM_ROLE_NAME); - - CREATE TABLE UM_HYBRID_USER_ROLE( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_USER_NAME VARCHAR(255), - UM_ROLE_ID INTEGER NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - UM_DOMAIN_ID INTEGER, - UNIQUE (UM_USER_NAME, UM_ROLE_ID, UM_TENANT_ID, UM_DOMAIN_ID), - FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID, UM_TENANT_ID) ON DELETE CASCADE, - FOREIGN KEY (UM_DOMAIN_ID, UM_TENANT_ID) REFERENCES UM_DOMAIN(UM_DOMAIN_ID, UM_TENANT_ID) ON DELETE CASCADE, - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE UM_HYBRID_GROUP_ROLE( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_GROUP_NAME VARCHAR(255), - UM_ROLE_ID INTEGER NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - UM_DOMAIN_ID INTEGER, - UNIQUE (UM_GROUP_NAME, UM_ROLE_ID, UM_TENANT_ID, UM_DOMAIN_ID), - FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID, UM_TENANT_ID) ON DELETE CASCADE, - FOREIGN KEY (UM_DOMAIN_ID, UM_TENANT_ID) REFERENCES UM_DOMAIN(UM_DOMAIN_ID, UM_TENANT_ID) ON DELETE CASCADE, - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE UM_SYSTEM_ROLE( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_ROLE_NAME VARCHAR(255) NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (UM_ID, UM_TENANT_ID), - UNIQUE(UM_ROLE_NAME,UM_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE UM_SYSTEM_USER_ROLE( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_USER_NAME VARCHAR(255), - UM_ROLE_ID INTEGER NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - UNIQUE (UM_USER_NAME, UM_ROLE_ID, UM_TENANT_ID), - FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_SYSTEM_ROLE(UM_ID, UM_TENANT_ID), - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - - CREATE TABLE UM_HYBRID_REMEMBER_ME( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_USER_NAME VARCHAR(255) NOT NULL, - UM_COOKIE_VALUE VARCHAR(1024), - UM_CREATED_TIME TIMESTAMP, - UM_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (UM_ID, UM_TENANT_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS UM_UUID_DOMAIN_MAPPER ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_USER_ID VARCHAR(255) NOT NULL, - UM_DOMAIN_ID INTEGER NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (UM_ID), - UNIQUE (UM_USER_ID), - FOREIGN KEY (UM_DOMAIN_ID, UM_TENANT_ID) REFERENCES UM_DOMAIN(UM_DOMAIN_ID, UM_TENANT_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE INDEX UUID_DM_UID_TID ON UM_UUID_DOMAIN_MAPPER(UM_USER_ID, UM_TENANT_ID); - - CREATE TABLE IF NOT EXISTS UM_GROUP_UUID_DOMAIN_MAPPER ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_GROUP_ID VARCHAR(255) NOT NULL, - UM_DOMAIN_ID INTEGER NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (UM_ID), - UNIQUE (UM_GROUP_ID), - FOREIGN KEY (UM_DOMAIN_ID, UM_TENANT_ID) REFERENCES UM_DOMAIN(UM_DOMAIN_ID, UM_TENANT_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE INDEX GRP_UUID_DM_GRP_ID_TID ON UM_GROUP_UUID_DOMAIN_MAPPER(UM_GROUP_ID, UM_TENANT_ID); - - -- ################################ - -- ORGANIZATION MANAGEMENT TABLES - -- ################################ - - CREATE TABLE IF NOT EXISTS UM_ORG ( - UM_ID VARCHAR(36) NOT NULL, - UM_ORG_NAME VARCHAR(255) NOT NULL, - UM_ORG_DESCRIPTION VARCHAR(1024), - UM_CREATED_TIME TIMESTAMP NOT NULL, - UM_LAST_MODIFIED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, - UM_STATUS VARCHAR(255) DEFAULT 'ACTIVE' NOT NULL, - UM_PARENT_ID VARCHAR(36), - UM_ORG_TYPE VARCHAR(100) NOT NULL, - PRIMARY KEY (UM_ID), - FOREIGN KEY (UM_PARENT_ID) REFERENCES UM_ORG(UM_ID) ON DELETE CASCADE - )ENGINE INNODB; - - INSERT IGNORE INTO UM_ORG (UM_ID, UM_ORG_NAME, UM_ORG_DESCRIPTION, UM_CREATED_TIME, UM_LAST_MODIFIED, UM_STATUS, UM_ORG_TYPE) - VALUES ('10084a8d-113f-4211-a0d5-efe36b082211', 'Super', 'This is the super organization.', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'ACTIVE', 'TENANT'); - - CREATE TABLE IF NOT EXISTS UM_ORG_ATTRIBUTE ( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_ORG_ID VARCHAR(36) NOT NULL, - UM_ATTRIBUTE_KEY VARCHAR(255) NOT NULL, - UM_ATTRIBUTE_VALUE VARCHAR(512), - PRIMARY KEY (UM_ID), - UNIQUE (UM_ORG_ID, UM_ATTRIBUTE_KEY), - FOREIGN KEY (UM_ORG_ID) REFERENCES UM_ORG(UM_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS UM_ORG_ROLE ( - UM_ROLE_ID VARCHAR(255) NOT NULL, - UM_ROLE_NAME VARCHAR(255) NOT NULL, - UM_ORG_ID VARCHAR(36) NOT NULL, - PRIMARY KEY(UM_ROLE_ID), - CONSTRAINT FK_UM_ORG_ROLE_UM_ORG FOREIGN KEY (UM_ORG_ID) REFERENCES UM_ORG (UM_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS UM_ORG_PERMISSION( - UM_ID INTEGER NOT NULL AUTO_INCREMENT, - UM_RESOURCE_ID VARCHAR(255) NOT NULL, - UM_ACTION VARCHAR(255) NOT NULL, - UM_TENANT_ID INTEGER DEFAULT 0, - PRIMARY KEY (UM_ID) - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS UM_ORG_ROLE_USER ( - UM_USER_ID VARCHAR(255) NOT NULL, - UM_ROLE_ID VARCHAR(255) NOT NULL, - CONSTRAINT FK_UM_ORG_ROLE_USER_UM_ORG_ROLE FOREIGN KEY (UM_ROLE_ID) REFERENCES UM_ORG_ROLE(UM_ROLE_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS UM_ORG_ROLE_GROUP( - UM_GROUP_ID VARCHAR(255) NOT NULL, - UM_ROLE_ID VARCHAR(255) NOT NULL, - CONSTRAINT FK_UM_ORG_ROLE_GROUP_UM_ORG_ROLE FOREIGN KEY (UM_ROLE_ID) REFERENCES UM_ORG_ROLE(UM_ROLE_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS UM_ORG_ROLE_PERMISSION( - UM_PERMISSION_ID INTEGER NOT NULL, - UM_ROLE_ID VARCHAR(255) NOT NULL, - CONSTRAINT FK_UM_ORG_ROLE_PERMISSION_UM_ORG_ROLE FOREIGN KEY (UM_ROLE_ID) REFERENCES UM_ORG_ROLE(UM_ROLE_ID) ON DELETE CASCADE, - CONSTRAINT FK_UM_ORG_ROLE_PERMISSION_UM_ORG_PERMISSION FOREIGN KEY (UM_PERMISSION_ID) REFERENCES UM_ORG_PERMISSION(UM_ID) ON DELETE CASCADE - )ENGINE INNODB; - - CREATE TABLE IF NOT EXISTS UM_ORG_HIERARCHY ( - UM_PARENT_ID VARCHAR(36) NOT NULL, - UM_ID VARCHAR(36) NOT NULL, - DEPTH INTEGER, - PRIMARY KEY (UM_PARENT_ID, UM_ID), - FOREIGN KEY (UM_PARENT_ID) REFERENCES UM_ORG(UM_ID) ON DELETE CASCADE, - FOREIGN KEY (UM_ID) REFERENCES UM_ORG(UM_ID) ON DELETE CASCADE - )ENGINE INNODB; - - INSERT IGNORE INTO UM_ORG_HIERARCHY (UM_PARENT_ID, UM_ID, DEPTH) - VALUES ('10084a8d-113f-4211-a0d5-efe36b082211', '10084a8d-113f-4211-a0d5-efe36b082211', 0); diff --git a/issue_template.md b/issue_template.md deleted file mode 100644 index 757e13ef..00000000 --- a/issue_template.md +++ /dev/null @@ -1,18 +0,0 @@ -**Description:** - - -**Suggested Labels:** - - -**Suggested Assignees:** - - -**Affected Product Version:** - -**OS, DB, other environment details and versions:** - -**Steps to reproduce:** - - -**Related Issues:** - \ No newline at end of file diff --git a/pull_request_template.md b/pull_request_template.md deleted file mode 100644 index 9b32185a..00000000 --- a/pull_request_template.md +++ /dev/null @@ -1,52 +0,0 @@ -## Purpose -> Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc. - -## Goals -> Describe the solutions that this feature/fix will introduce to resolve the problems described above - -## Approach -> Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here. - -## User stories -> Summary of user stories addressed by this change> - -## Release note -> Brief description of the new feature or bug fix as it will appear in the release notes - -## Documentation -> Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact - -## Training -> Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable - -## Certification -> Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why. - -## Marketing -> Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable - -## Automation tests - - Unit tests - > Code coverage information - - Integration tests - > Details about the test cases and coverage - -## Security checks - - Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no - - Ran FindSecurityBugs plugin and verified report? yes/no - - Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no - -## Samples -> Provide high-level details about the samples related to this feature - -## Related PRs -> List any other related PRs - -## Migrations (if applicable) -> Describe migration steps and platforms on which migration has been tested - -## Test environment -> List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested - -## Learning -> Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem. \ No newline at end of file diff --git a/simple/am-single/Chart.yaml b/simple/am-single/Chart.yaml deleted file mode 100644 index 9a162e21..00000000 --- a/simple/am-single/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -appVersion: "4.2.0" -description: A Helm chart for the deployment of WSO2 API Manager Single Node. -name: am-single-node -version: 4.2.0-2 -icon: https://wso2.cachefly.net/wso2/sites/all/images/wso2logo.svg diff --git a/simple/am-single/README.md b/simple/am-single/README.md deleted file mode 100644 index 27d4d3d7..00000000 --- a/simple/am-single/README.md +++ /dev/null @@ -1,282 +0,0 @@ -# Helm Chart for deployment of WSO2 API Manager - -Resources for building a Helm chart for deployment of [Single Node API Manager](https://apim.docs.wso2.com/en/4.2.0/install-and-setup/setup/single-node/all-in-one-deployment-overview/#single-node-deployment). - -![WSO2 API Manager Single Node deployment](https://apim.docs.wso2.com/en/4.2.0/assets/img/setup-and-install/single-node-apim-deployment.png) - -For advanced details on the deployment pattern, please refer to the official -[documentation](https://apim.docs.wso2.com/en/4.2.0/install-and-setup/setup/single-node/all-in-one-deployment-overview/#active-active-deployment). - -## Contents - -* [Prerequisites](#prerequisites) -* [Quick Start Guide](#quick-start-guide) -* [Configuration](#configuration) -* [Runtime Artifact Persistence and Sharing](#runtime-artifact-persistence-and-sharing) -* [Managing Java Keystores and Truststores](#managing-java-keystores-and-truststores) -* [Configuring SSL in Service Exposure](#configuring-ssl-in-service-exposure) - -## Prerequisites - -* WSO2 product Docker images used for the Kubernetes deployment. - - WSO2 product Docker images available at [DockerHub](https://hub.docker.com/u/wso2/) package General Availability (GA) - versions of WSO2 products with no [WSO2 Updates](https://wso2.com/updates). - - For a production grade deployment of the desired WSO2 product-version, it is highly recommended to use the relevant - Docker image which packages WSO2 Updates, available at [WSO2 Private Docker Registry](https://docker.wso2.com/). In order - to use these images, you need an active [WSO2 Subscription](https://wso2.com/subscription). -

- -* Install [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Helm](https://helm.sh/docs/intro/install/) - and [Kubernetes client](https://kubernetes.io/docs/tasks/tools/install-kubectl/) in order to run the steps provided in the - following quick start guide.

- -* An already setup [Kubernetes cluster](https://kubernetes.io/docs/setup).

- -* Install [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/deploy/).

- -* Add the WSO2 Helm chart repository. - - ``` - helm repo add wso2 https://helm.wso2.com && helm repo update - ``` - -## Quick Start Guide - -### 1. Install the Helm Chart - -You can install the relevant Helm chart either from [WSO2 Helm Chart Repository](https://hub.helm.sh/charts/wso2) or by source. - -**Note:** - -* `NAMESPACE` should be the Kubernetes Namespace in which the resources are deployed. - -#### Install Chart From [WSO2 Helm Chart Repository](https://hub.helm.sh/charts/wso2) - - Helm version 2 - - ``` - helm install --name wso2/am-single-node --version 4.2.0-1 --namespace - ``` - - Helm version 3 - - - Deploy the Kubernetes resources using the Helm Chart - - ``` - helm install wso2/am-single-node --version 4.2.0-1 --namespace --create-namespace - ``` - -The above steps will deploy the deployment pattern using WSO2 product Docker images available in WSO2 Private Docker Registry. Please provide your WSO2 Subscription credentials via input values (using `--set` argument). - -Please see the following example. - -``` - helm install --name wso2/am-single-node --version 4.2.0-1 --namespace --set wso2.subscription.username= --set wso2.subscription.password= -``` - -If you are using a custom WSO2 Docker images you will need to provide those information via the input values. Please refer [API Manager Server Configurations](#api-manager-server-configurations) - - -#### Install Chart From Source - ->In the context of this document,
->* `KUBERNETES_HOME` will refer to a local copy of the [`wso2/kubernetes-apim`](https://github.com/wso2/kubernetes-apim/) -Git repository.
->* `HELM_HOME` will refer to `/simple`.
- -##### Clone the Helm Resources for WSO2 API Manager Git repository. - -``` -git clone https://github.com/wso2/kubernetes-apim.git -``` - -##### Deploy Helm chart for WSO2 API Manager Single Node deployment. - - Helm version 2 - - ``` - helm install --dep-up --name /am-single --version 4.2.0-1 --namespace - ``` - - Helm version 3 - - - Deploy the Kubernetes resources using the Helm Chart - - ``` - helm install /am-single --version 4.2.0-1 --namespace --dependency-update --create-namespace - ``` - -The above steps will deploy the deployment pattern using WSO2 product Docker images available in WSO2 Private Docker Registry. Please provide your WSO2 Subscription credentials via input values (using `--set` argument). - -Please see the following example. - -``` - helm install --name /am-single --version 4.2.0-1 --namespace --set wso2.subscription.username= --set wso2.subscription.password= -``` - -If you are using a custom WSO2 Docker images you will need to provide those information via the input values. Please refer [API Manager Server Configurations](#api-manager-server-configurations) - -> **Note:** -> If you are using Rancher Desktop for the Kubernetes cluster, add the following changes. -> 1. Change `storageClass` to `local-path` in [`values.yaml`](https://github.com/wso2/kubernetes-apim/blob/master/simple/am-single/values.yaml#L43). -> 2. Change `accessModes` in [`Persistent Volume Claims`](https://github.com/wso2/kubernetes-apim/blob/master/simple/am-single/templates/am/wso2am-volume-claims.yaml) to `ReadWriteOnce`. - -### Choreo Analytics - -If you need to enable Choreo Analytics with WSO2 API Manager, please follow the documentation on [Register for Analytics](https://apim.docs.wso2.com/en/4.2.0/observe/api-manager-analytics/configure-analytics/register-for-analytics/) to obtain the on-prem key for Analytics. - -The following example shows how to enable Analytics with the helm charts. - -Helm v2 - -``` -helm install --name wso2/am-single-node --version 4.2.0-1 --namespace --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint= --set wso2.choreoAnalytics.onpremKey= -``` - -Helm v3 - -``` -helm install wso2/am-single-node --version 4.2.0-1 --namespace --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint= --set wso2.choreoAnalytics.onpremKey= --create-namespace -``` - -You will be able to see the Analytics data when you log into Choreo Analytics Portal. - -### 2. Obtain the external IP - -Obtain the external IP (`EXTERNAL-IP`) of the API Manager Ingress resources, by listing down the Kubernetes Ingresses. - -``` -kubectl get ing -n -``` - -The output under the relevant column stands for the following. - -API Manager Publisher-DevPortal - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-single-node-am-ingress`) -- HOSTS: Hostname of the WSO2 API Manager service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager service - -API Manager Gateway - -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-single-node-am-gateway-ingress`) -- HOSTS: Hostname of the WSO2 API Manager's Gateway service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Gateway service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager' Gateway service - -API Manager WebSub -- NAME: Metadata name of the Kubernetes Ingress resource (defaults to `wso2am-single-node-am-websub-ingress`) -- HOSTS: Hostname of the WSO2 API Manager's Gateway (WebSub) service (``) -- ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Gateway service to outside of the Kubernetes environment -- PORTS: Externally exposed service ports of the API Manager' Gateway (WebSub) service -### 3. Add a DNS record mapping the hostnames and the external IP - -If the defined hostnames (in the previous step) are backed by a DNS service, add a DNS record mapping the hostnames and -the external IP (`EXTERNAL-IP`) in the relevant DNS service. - -If the defined hostnames are not backed by a DNS service, for the purpose of evaluation you may add an entry mapping the -hostnames and the external IP in the `/etc/hosts` file at the client-side. - -``` - -``` - -### 4. Access Management Consoles - -- API Manager Publisher: `https:///publisher` - -- API Manager DevPortal: `https:///devportal` - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -###### WSO2 Subscription Configurations - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.subscription.username` | Your WSO2 Subscription username | - | -| `wso2.subscription.password` | Your WSO2 Subscription password | - | -| `wso2.choreoAnalytics.enabled` | Chorero Analytics enabled or not | false | -| `wso2.choreoAnalytics.endpoint` | Choreo Analytics endpoint | https://analytics-event-auth.choreo.dev/auth/v1 | -| `wso2.choreoAnalytics.onpremKey` | On-prem key for Choreo Analytics | - | - -If you do not have an active WSO2 subscription, **do not change** the parameters `wso2.subscription.username` and `wso2.subscription.password`. - -###### Chart Dependencies - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.dependencies.mysql` | Enable the deployment and usage of WSO2 API Management MySQL based Helm Chart | true | -| `wso2.deployment.dependencies.nfsProvisioner` | Enable the deployment and usage of NFS Server Provisioner (https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner) | true | - -###### Persistent Runtime Artifact Configurations - -| Parameter | Description | Default Value | -|---------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.persistentRuntimeArtifacts.storageClass` | Appropriate Kubernetes Storage Class | `nfs` | -| `wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled` | Indicates if persistence of the runtime artifacts for Apache Solr-based indexing is enabled | false | -| `wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.carbonDatabase` | Capacity for persisting the H2 based local Carbon database file | 50M | -| `wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.solrIndexedData` | Capacity for persisting the Apache Solr indexed data | 50M | - -###### API Manager Server Configurations - -| Parameter | Description | Default Value | -|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------| -| `wso2.deployment.am.dockerRegistry` | Registry location of the Docker image to be used to create API Manager instances | - | -| `wso2.deployment.am.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2am` | -| `wso2.deployment.am.imageTag` | Tag of the image used to create API Manager instances | 4.2.0 | -| `wso2.deployment.am.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` | -| `wso2.deployment.am.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for API Manager node | 180 | -| `wso2.deployment.am.livenessProbe.periodSeconds` | Period of the live-ness probe for API Manager node | 10 | -| `wso2.deployment.am.readinessProbe.initialDelaySeconds` | Initial delay for the readiness probe for API Manager node | 180 | -| `wso2.deployment.am.readinessProbe.periodSeconds` | Period of the readiness probe for API Manager node | 10 | -| `wso2.deployment.am.resources.requests.memory` | The minimum amount of memory that should be allocated for a Pod | 2Gi | -| `wso2.deployment.am.resources.requests.cpu` | The minimum amount of CPU that should be allocated for a Pod | 2000m | -| `wso2.deployment.am.resources.limits.memory` | The maximum amount of memory that should be allocated for a Pod | 3Gi | -| `wso2.deployment.am.resources.limits.cpu` | The maximum amount of CPU that should be allocated for a Pod | 3000m | -| `wso2.deployment.am.config` | Custom deployment configuration file (`/repository/conf/deployment.toml`) | - | -| `wso2.deployment.am.ingress.management.enabled` | If enabled, create ingress resource for API Manager management consoles | true | -| `wso2.deployment.am.ingress.management.hostname` | Hostname for API Manager Admin Portal, Publisher, DevPortal and Carbon Management Console | `am.wso2.com` | -| `wso2.deployment.am.ingress.management.annotations` | Ingress resource annotations for API Manager management consoles | Community NGINX Ingress controller annotations | -| `wso2.deployment.am.ingress.gateway.enabled` | If enabled, create ingress resource for API Manager Gateway | true | -| `wso2.deployment.am.ingress.gateway.hostname` | Hostname for API Manager Gateway | `gateway.am.wso2.com` | -| `wso2.deployment.am.ingress.gateway.annotations` | Ingress resource annotations for API Manager Gateway | Community NGINX Ingress controller annotations | -| `wso2.deployment.am.ingress.websub.enabled` | If enabled, create ingress resource for WebSub service | true | -| `wso2.deployment.am.ingress.websub.hostname` | Hostname for API Manager Gateway WebSub service | `gateway.am.wso2.com` | -| `wso2.deployment.am.ingress.websub.annotations` | Ingress resource annotations for API Manager Gateway WebSub | Community NGINX Ingress controller annotations | - -**Note**: The above mentioned default, minimum resource amounts for running WSO2 API Manager server profiles are based on its [official documentation](https://apim.docs.wso2.com/en/4.2.0/install-and-setup/install/installation-prerequisites/). - -## Kubernetes Specific Configurations - -| Parameter | Description | Default Value | -|---------------------------------------------------------------|-------------------------------------------------------------------------------------------|---------------------------------| -| `kubernetes.serviceAccount` | Name of the Kubernetes Service Account to which the Pods are to be bound | `wso2am-single-node-svc-account` | - -## Runtime Artifact Persistence and Sharing - -* It is **mandatory** to set an appropriate Kubernetes StorageClass in this deployment, for persistence and sharing. - -* By default, this deployment uses the `nfs` Kubernetes StorageClass created using the official, stable [NFS Server Provisioner](https://hub.helm.sh/charts/stable/nfs-server-provisioner). - -* Only persistent storage solutions supporting `ReadWriteMany` [access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) - are applicable for `wso2.deployment.persistentRuntimeArtifacts.storageClass`. - -* Please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/store/Persisting_And_Sharing.md#recommended-storage-options-for-wso2-products) - for advanced details with regards to WSO2 recommended, storage options. - -## Managing Java Keystores and Truststores - -* By default, this deployment uses the default keystores and truststores provided by the relevant WSO2 product. - -* For advanced details with regards to managing custom Java keystores and truststores in a container based WSO2 product deployment - please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/deploy/Managing_Keystores_And_Truststores.md). - -## Configuring SSL in Service Exposure - -* For WSO2 recommended best practices in configuring SSL when exposing the internal product services to outside of the Kubernetes cluster, - please refer to the [official WSO2 container guide](https://github.com/wso2/container-guide/blob/master/route/Routing.md#configuring-ssl). diff --git a/simple/am-single/auth.json b/simple/am-single/auth.json deleted file mode 100644 index 453e366c..00000000 --- a/simple/am-single/auth.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "auths": { - "reg.id": { - "username": "docker.wso2.com.username", - "password": "docker.wso2.com.password", - "email": "docker.wso2.com.email", - "auth": "docker.wso2.com.auth" - } - } -} \ No newline at end of file diff --git a/simple/am-single/requirements.yaml b/simple/am-single/requirements.yaml deleted file mode 100644 index e2aa0209..00000000 --- a/simple/am-single/requirements.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: mysql-am - version: "4.2.0-1" - repository: "https://helm.wso2.com" - condition: wso2.deployment.dependencies.cluster_mysql - - name: nfs-server-provisioner - version: "1.1.0" - repository: "https://helm.wso2.com" - condition: wso2.deployment.dependencies.nfsServerProvisioner diff --git a/simple/am-single/templates/NOTES.txt b/simple/am-single/templates/NOTES.txt deleted file mode 100644 index 63bb20c5..00000000 --- a/simple/am-single/templates/NOTES.txt +++ /dev/null @@ -1,41 +0,0 @@ -Thank you for installing WSO2 API Manager. - -Please follow these steps to access API Manager Publisher, DevPortal consoles. - -1. Obtain the external IP (`EXTERNAL-IP`) of the API Manager Ingress resources, by listing down the Kubernetes Ingresses. - - kubectl get ing -n {{ .Release.Namespace }} - - The output under the relevant column stands for the following. - - API Manager Publisher-DevPortal - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-single-node.resource.prefix" . }}-am-ingress) - - HOSTS: Hostname of the WSO2 API Manager service ({{ .Values.wso2.deployment.am.ingress.management.hostname }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the API Manager service - - API Manager Gateway - - - NAME: Metadata name of the Kubernetes Ingress resource (defaults to {{ template "am-single-node.resource.prefix" . }}-am-gateway-ingress) - - HOSTS: Hostname of the WSO2 API Manager's Gateway service ({{ .Values.wso2.deployment.am.ingress.gateway.hostname }}) - - ADDRESS: External IP (`EXTERNAL-IP`) exposing the API Manager's Gateway service to outside of the Kubernetes environment - - PORTS: Externally exposed service ports of the API Manager' Gateway service - - -2. Add a DNS record mapping the hostnames (in step 1) and the external IP. - - If the defined hostnames (in step 1) are backed by a DNS service, add a DNS record mapping the hostnames and - the external IP (`EXTERNAL-IP`) in the relevant DNS service. - - If the defined hostnames are not backed by a DNS service, for the purpose of evaluation you may add an entry mapping the - hostnames and the external IP in the `/etc/hosts` file at the client-side. - - {{ .Values.wso2.deployment.am.ingress.management.hostname }} {{ .Values.wso2.deployment.am.ingress.gateway.hostname }} - -3. Navigate to the consoles in your browser of choice. - - API Manager Publisher: https://{{ .Values.wso2.deployment.am.ingress.management.hostname }}/publisher - API Manager DevPortal: https://{{ .Values.wso2.deployment.am.ingress.management.hostname }}/devportal - -Please refer the official documentation at https://apim.docs.wso2.com/en/latest/ for additional information on WSO2 API Manager. diff --git a/simple/am-single/templates/_helpers.tpl b/simple/am-single/templates/_helpers.tpl deleted file mode 100644 index 6911c4c7..00000000 --- a/simple/am-single/templates/_helpers.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{/* -Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at -http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "am-single-node.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "am-single-node.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "am-single-node.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "am-single-node.labels" -}} -app.kubernetes.io/name: {{ include "am-single-node.name" . }} -helm.sh/chart: {{ include "am-single-node.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Common prefix prepended to Kubernetes resources of this chart -*/}} -{{- define "am-single-node.resource.prefix" -}} -{{- "wso2am-single-node" }} -{{- end -}} - -{{- define "image" }} -{{- $imageName := .deployment.imageName }} -{{- $imageTag := .deployment.imageTag | default "" }} -{{- if or (eq .Values.wso2.subscription.username "") (eq .Values.wso2.subscription.password "") -}} -{{- $dockerRegistry := .deployment.dockerRegistry | default "wso2" }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}{{- printf ":%s" $imageTag -}}{{- end }} -{{- else }} -{{- $dockerRegistry := .deployment.dockerRegistry | default "docker.wso2.com" }} -{{- $parts := len (split "." $imageTag) }} -{{- if eq $parts 3 }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}:{{ $imageTag }}.0{{- end }} -{{- else }} -image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}:{{ $imageTag }}{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/simple/am-single/templates/am/instance/wso2am-deployment.yaml b/simple/am-single/templates/am/instance/wso2am-deployment.yaml deleted file mode 100644 index 1c0d56d3..00000000 --- a/simple/am-single/templates/am/instance/wso2am-deployment.yaml +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-am-deployment - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - deployment: {{ template "am-single-node.resource.prefix" . }}-am - node: {{ template "am-single-node.resource.prefix" . }}-am - template: - metadata: - annotations: - checksum.am.conf: {{ include (print $.Template.BasePath "/am/instance/wso2am-single-node-am-conf.yaml") . | sha256sum }} - labels: - deployment: {{ template "am-single-node.resource.prefix" . }}-am - node: {{ template "am-single-node.resource.prefix" . }}-am - product: apim - spec: - initContainers: - - name: init-db - image: busybox:1.32 - command: ['sh', '-c', 'echo -e "Checking for the availability of DB Server deployment"; while ! nc -z "{{ .Values.wso2.deployment.am.db.hostname }}" {{ .Values.wso2.deployment.am.db.port }}; do sleep 1; printf "-"; done; echo -e " >> DB Server has started";'] - - name: init-db-connector-download - image: busybox:1.32 - command: - - /bin/sh - - "-c" - - | - set -e - connector_version=8.0.17 - wget "{{ .Values.wso2.deployment.am.db.driver_url }}" -P /db-connector-jar/ - volumeMounts: - - name: db-connector-jar - mountPath: /db-connector-jar - containers: - - name: wso2am -{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.am) | indent 10 }} - imagePullPolicy: {{ .Values.wso2.deployment.am.imagePullPolicy }} - livenessProbe: - httpGet: - path: /services/Version - port: 9763 - initialDelaySeconds: {{ .Values.wso2.deployment.am.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.livenessProbe.periodSeconds }} - readinessProbe: - httpGet: - path: /services/Version - port: 9763 - initialDelaySeconds: {{ .Values.wso2.deployment.am.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.wso2.deployment.am.readinessProbe.periodSeconds }} - lifecycle: - preStop: - exec: - command: ['sh', '-c', '${WSO2_SERVER_HOME}/bin/api-manager.sh stop'] - resources: - requests: - memory: {{ .Values.wso2.deployment.am.resources.requests.memory }} - cpu: {{ .Values.wso2.deployment.am.resources.requests.cpu }} - limits: - memory: {{ .Values.wso2.deployment.am.resources.limits.memory }} - cpu: {{ .Values.wso2.deployment.am.resources.limits.cpu }} - securityContext: - runAsUser: 802 - ports: - - containerPort: 8280 - protocol: "TCP" - - containerPort: 8243 - protocol: "TCP" - - containerPort: 9763 - protocol: "TCP" - - containerPort: 9443 - protocol: "TCP" - - containerPort: 9711 - protocol: "TCP" - - containerPort: 9611 - protocol: "TCP" - - containerPort: 5672 - protocol: "TCP" - env: - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: JVM_MEM_OPTS - value: "-Xms{{ .Values.wso2.deployment.am.resources.jvm.heap.memory.xms }} -Xmx{{ .Values.wso2.deployment.am.resources.jvm.heap.memory.xmx }}" - volumeMounts: - - name: wso2am-conf - mountPath: /home/wso2carbon/wso2-config-volume/repository/conf - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - - name: wso2am-local-carbon-database-storage - mountPath: /home/wso2carbon/solr/database - - name: wso2am-solr-indexed-data-storage - mountPath: /home/wso2carbon/solr/indexed-data - - name: wso2am-conf-entrypoint - mountPath: /home/wso2carbon/docker-entrypoint.sh - subPath: docker-entrypoint.sh - {{ end }} - - name: db-connector-jar - mountPath: /home/wso2carbon/wso2-artifact-volume/repository/components/lib - serviceAccountName: {{ .Values.kubernetes.serviceAccount }} - {{- if .Values.wso2.deployment.am.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.wso2.deployment.am.imagePullSecrets }} - {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} - imagePullSecrets: - - name: {{ template "am-single-node.resource.prefix" . }}-wso2-private-registry-creds - {{ end }} - volumes: - - name: wso2am-conf - configMap: - name: {{ template "am-single-node.resource.prefix" . }}-am-conf - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - - name: wso2am-local-carbon-database-storage - persistentVolumeClaim: - claimName: {{ template "am-single-node.resource.prefix" . }}-am-local-carbon-database-volume-claim - - name: wso2am-solr-indexed-data-storage - persistentVolumeClaim: - claimName: {{ template "am-single-node.resource.prefix" . }}-am-solr-indexed-data-volume-claim - - name: wso2am-conf-entrypoint - configMap: - name: {{ template "am-single-node.resource.prefix" . }}-am-conf-entrypoint - defaultMode: 0407 - {{ end }} - - name: db-connector-jar - emptyDir: {} diff --git a/simple/am-single/templates/am/instance/wso2am-service.yaml b/simple/am-single/templates/am/instance/wso2am-service.yaml deleted file mode 100644 index 51f75462..00000000 --- a/simple/am-single/templates/am/instance/wso2am-service.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-am-service - namespace : {{ .Release.Namespace }} -spec: - # label keys and values that must match in order to receive traffic for this service - selector: - deployment: {{ template "am-single-node.resource.prefix" . }}-am - node: {{ template "am-single-node.resource.prefix" . }}-am - ports: - # ports that this service should serve on - - name: pass-through-http - protocol: TCP - port: 8280 - - name: pass-through-https - protocol: TCP - port: 8243 - - name: binary - protocol: TCP - port: 9611 - - name: binary-secure - protocol: TCP - port: 9711 - - name: jms-tcp - protocol: TCP - port: 5672 - - name: servlet-https - protocol: TCP - port: 9443 - - name: websub-http - protocol: TCP - port: 9021 - - name: websub-https - protocol: TCP - port: 8021 diff --git a/simple/am-single/templates/am/instance/wso2am-single-node-am-conf.yaml b/simple/am-single/templates/am/instance/wso2am-single-node-am-conf.yaml deleted file mode 100644 index e438a7f2..00000000 --- a/simple/am-single/templates/am/instance/wso2am-single-node-am-conf.yaml +++ /dev/null @@ -1,311 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-am-conf - namespace : {{ .Release.Namespace }} - {{ if .Values.wso2.deployment.am.config }} -data: - {{- range $index, $content := .Values.wso2.deployment.am.config }} - {{ $index }}: |- -{{ tpl $content $ | indent 4 }} - {{- end }} - - {{ else }} -data: - deployment.toml: |- - [server] - hostname = "{{ .Values.wso2.deployment.am.ingress.management.hostname }}" - #offset=0 - base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}" - #discard_empty_caches = false - server_role = "default" - - [super_admin] - username = "admin" - password = "admin" - create_admin_account = true - - [user_store] - type = "database_unique_id" - - [database.apim_db] - type = "{{ .Values.wso2.deployment.am.db.type }}" - url = "{{ .Values.wso2.deployment.am.db.apim.url }}" - username = "{{ .Values.wso2.deployment.am.db.apim.username }}" - password = "{{ .Values.wso2.deployment.am.db.apim.password }}" - driver = "{{ .Values.wso2.deployment.am.db.driver }}" - - [database.shared_db] - type = "{{ .Values.wso2.deployment.am.db.type }}" - url = "{{ .Values.wso2.deployment.am.db.apim_shared.url }}" - username = "{{ .Values.wso2.deployment.am.db.apim_shared.username }}" - password = "{{ .Values.wso2.deployment.am.db.apim_shared.password }}" - driver = "{{ .Values.wso2.deployment.am.db.driver }}" - - [keystore.tls] - file_name = "wso2carbon.jks" - type = "JKS" - password = "wso2carbon" - alias = "wso2carbon" - key_password = "wso2carbon" - - #[keystore.listener_profile] - #bind_address = "0.0.0.0" - - #[keystore.primary] - #file_name = "wso2carbon.jks" - #type = "JKS" - #password = "wso2carbon" - #alias = "wso2carbon" - #key_password = "wso2carbon" - - #[keystore.internal] - #file_name = "wso2carbon.jks" - #type = "JKS" - #password = "wso2carbon" - #alias = "wso2carbon" - #key_password = "wso2carbon" - - [[apim.gateway.environment]] - name = "Default" - type = "hybrid" - provider = "wso2" - display_in_api_console = true - description = "This is a hybrid gateway that handles both production and sandbox token traffic." - show_as_token_endpoint_url = true - service_url = "https://localhost:${mgt.transport.https.port}/services/" - username= "${admin.username}" - password= "${admin.password}" - ws_endpoint = "ws://{{ .Values.wso2.deployment.am.ingress.websocket.hostname }}" - wss_endpoint = "wss://{{ .Values.wso2.deployment.am.ingress.websocket.hostname }}" - http_endpoint = "http://{{ .Values.wso2.deployment.am.ingress.gateway.hostname }}" - https_endpoint = "https://{{ .Values.wso2.deployment.am.ingress.gateway.hostname }}" - websub_event_receiver_http_endpoint = "http://{{ .Values.wso2.deployment.am.ingress.websub.hostname }}" - websub_event_receiver_https_endpoint = "https://{{ .Values.wso2.deployment.am.ingress.websub.hostname }}" - - [apim.sync_runtime_artifacts.gateway] - gateway_labels =["Default"] - - #[apim.cache.gateway_token] - #enable = true - #expiry_time = "900s" - - #[apim.cache.resource] - #enable = true - #expiry_time = "900s" - - #[apim.cache.km_token] - #enable = false - #expiry_time = "15m" - - #[apim.cache.recent_apis] - #enable = false - - #[apim.cache.scopes] - #enable = true - - #[apim.cache.publisher_roles] - #enable = true - - #[apim.cache.jwt_claim] - #enable = true - #expiry_time = "15m" - - #[apim.cache.tags] - #expiry_time = "2m" - - {{ if .Values.wso2.choreoAnalytics.enabled }} - [apim.analytics] - enable = true - config_endpoint = "{{ .Values.wso2.choreoAnalytics.endpoint }}" - auth_token = "{{ .Values.wso2.choreoAnalytics.onpremKey }}" - {{ else }} - [apim.analytics] - enable = false - config_endpoint = "https://analytics-event-auth.choreo.dev/auth/v1" - auth_token = "" - {{ end }} - - #[apim.key_manager] - #service_url = "https://localhost:${mgt.transport.https.port}/services/" - #username = "$ref{super_admin.username}" - #password = "$ref{super_admin.password}" - #pool.init_idle_capacity = 50 - #pool.max_idle = 100 - #key_validation_handler_type = "default" - #key_validation_handler_type = "custom" - #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" - - #[apim.idp] - #server_url = "https://localhost:${mgt.transport.https.port}" - #authorize_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/authorize" - #oidc_logout_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/logout" - #oidc_check_session_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/checksession" - - #[apim.jwt] - #enable = true - #encoding = "base64" # base64,base64url - #generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" - #claim_dialect = "http://wso2.org/claims" - #convert_dialect = false - #header = "X-JWT-Assertion" - #signing_algorithm = "SHA256withRSA" - #enable_user_claims = true - #claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever" - - #[apim.oauth_config] - #enable_outbound_auth_header = false - #auth_header = "Authorization" - #revoke_endpoint = "https://localhost:${https.nio.port}/revoke" - #enable_token_encryption = false - #enable_token_hashing = false - - [apim.devportal] - url = "https://{{ .Values.wso2.deployment.am.ingress.management.hostname }}/devportal" - #enable_application_sharing = false - #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl - #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api - #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" - #display_multiple_versions = false - #display_deprecated_apis = false - #enable_comments = true - #enable_ratings = true - #enable_forum = true - #enable_anonymous_mode=true - #enable_cross_tenant_subscriptions = true - #default_reserved_username = "apim_reserved_user" - - [apim.cors] - allow_origins = "*" - allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] - allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] - allow_credentials = false - - #[apim.throttling] - #enable_data_publishing = true - #enable_policy_deploy = true - #enable_blacklist_condition = true - #enable_persistence = true - #throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"] - - #[apim.throttling.blacklist_condition] - #start_delay = "5m" - #period = "1h" - - #[apim.throttling.jms] - #start_delay = "5m" - - #[apim.throttling.event_sync] - #hostName = "0.0.0.0" - #port = 11224 - - #[apim.throttling.event_management] - #hostName = "0.0.0.0" - #port = 10005 - - #[[apim.throttling.url_group]] - #traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] - #traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] - #type = "loadbalance" - - #[[apim.throttling.url_group]] - #traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] - #traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] - #type = "failover" - - #[apim.workflow] - #enable = false - #service_url = "https://localhost:9445/bpmn" - #username = "$ref{super_admin.username}" - #password = "$ref{super_admin.password}" - #callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status" - #token_endpoint = "https://localhost:${https.nio.port}/token" - #client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register" - #client_registration_username = "$ref{super_admin.username}" - #client_registration_password = "$ref{super_admin.password}" - - #data bridge config - #[transport.receiver] - #type = "binary" - #worker_threads = 10 - #session_timeout = "30m" - #keystore.file_name = "$ref{keystore.tls.file_name}" - #keystore.password = "$ref{keystore.tls.password}" - #tcp_port = 9611 - #ssl_port = 9711 - #ssl_receiver_thread_pool_size = 100 - #tcp_receiver_thread_pool_size = 100 - #ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"] - #ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"] - - #[apim.notification] - #from_address = "APIM.com" - #username = "APIM" - #password = "APIM+123" - #hostname = "localhost" - #port = 3025 - #enable_start_tls = false - #enable_authentication = true - - #[apim.token.revocation] - #notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl" - #enable_realtime_notifier = true - #realtime_notifier.ttl = 5000 - #enable_persistent_notifier = true - #persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/" - #persistent_notifier.ttl = 5000 - #persistent_notifier.username = "root" - #persistent_notifier.password = "root" - - [[event_handler]] - name="userPostSelfRegistration" - subscriptions=["POST_ADD_USER"] - - [service_provider] - sp_name_regex = "^[\\sa-zA-Z0-9._-]*$" - - [[event_listener]] - id = "token_revocation" - type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" - name = "org.wso2.is.notification.ApimOauthEventInterceptor" - order = 1 - [event_listener.properties] - notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" - username = "${admin.username}" - password = "${admin.password}" - 'header.X-WSO2-KEY-MANAGER' = "default" - - [transport.https.properties] - proxyPort = 443 - - [oauth.grant_type.token_exchange] - enable = true - allow_refresh_tokens = true - iat_validity_period = "1h" - - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - [database.local] - url = "jdbc:h2:/home/wso2carbon/solr/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" - - [indexing] - location = "/home/wso2carbon/solr/indexed-data" - {{ else }} - [database.local] - url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" - {{ end }} - - {{ end }} diff --git a/simple/am-single/templates/am/wso2am-conf-entrypoint.yaml b/simple/am-single/templates/am/wso2am-conf-entrypoint.yaml deleted file mode 100644 index 7179ef52..00000000 --- a/simple/am-single/templates/am/wso2am-conf-entrypoint.yaml +++ /dev/null @@ -1,67 +0,0 @@ - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} - -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-am-conf-entrypoint - namespace: {{ .Release.Namespace }} -data: - docker-entrypoint.sh: | - #!/bin/bash - set -e - - # volume mounts - config_volume=${WORKING_DIRECTORY}/wso2-config-volume - artifact_volume=${WORKING_DIRECTORY}/wso2-artifact-volume - - # check if the WSO2 non-root user home exists - test ! -d ${WORKING_DIRECTORY} && echo "WSO2 Docker non-root user home does not exist" && exit 1 - - # check if the WSO2 product home exists - test ! -d ${WSO2_SERVER_HOME} && echo "WSO2 Docker product home does not exist" && exit 1 - - # Copying carbon_db - if ! test -f /home/wso2carbon/solr/database/WSO2CARBON_DB.mv.db - then - echo "Copying WSO2CARBON_DB.mv.db" >&2 - cp ${WSO2_SERVER_HOME}/repository/database/WSO2CARBON_DB.mv.db /home/wso2carbon/solr/database/ - fi - - # optimize WSO2 Carbon Server, if the profile name is defined as an environment variable - if [[ ! -z "${PROFILE_NAME}" ]] - then - echo "Optimizing WSO2 Carbon Server" >&2 - sh ${WSO2_SERVER_HOME}/bin/profileSetup.sh -Dprofile=${PROFILE_NAME} - fi - - # copy any configuration changes mounted to config_volume - test -d ${config_volume} && [[ "$(ls -A ${config_volume})" ]] && cp -RL ${config_volume}/* ${WSO2_SERVER_HOME}/ - # copy any artifact changes mounted to artifact_volume - test -d ${artifact_volume} && [[ "$(ls -A ${artifact_volume})" ]] && cp -RL ${artifact_volume}/* ${WSO2_SERVER_HOME}/ - - # start WSO2 Carbon server - echo "Start WSO2 Carbon server" >&2 - if [[ -z "${PROFILE_NAME}" ]] - then - # start the server with the provided startup arguments - sh ${WSO2_SERVER_HOME}/bin/api-manager.sh "$@" - else - # start the server with the specified profile and provided startup arguments - sh ${WSO2_SERVER_HOME}/bin/api-manager.sh -Dprofile=${PROFILE_NAME} "$@" - fi - - {{ end }} diff --git a/simple/am-single/templates/am/wso2am-gateway-ingress.yaml b/simple/am-single/templates/am/wso2am-gateway-ingress.yaml deleted file mode 100644 index cc9eefea..00000000 --- a/simple/am-single/templates/am/wso2am-gateway-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2021 WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.ingress.gateway.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-am-gateway-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.ingress.gateway.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.ingress.gateway.annotations | indent 4 }} -{{- end }} -spec: - tls: - - hosts: - - {{ .Values.wso2.deployment.am.ingress.gateway.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.ingress.gateway.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-single-node.resource.prefix" . }}-am-service - port: - number: 8243 -{{- end -}} diff --git a/simple/am-single/templates/am/wso2am-ingress.yaml b/simple/am-single/templates/am/wso2am-ingress.yaml deleted file mode 100644 index afd562ce..00000000 --- a/simple/am-single/templates/am/wso2am-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.ingress.management.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-am-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.ingress.management.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.ingress.management.annotations | indent 4 }} -{{- end }} -spec: - tls: - - hosts: - - {{ .Values.wso2.deployment.am.ingress.management.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.ingress.management.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-single-node.resource.prefix" . }}-am-service - port: - number: 9443 -{{- end -}} diff --git a/simple/am-single/templates/am/wso2am-volume-claims.yaml b/simple/am-single/templates/am/wso2am-volume-claims.yaml deleted file mode 100644 index 8cfc6efc..00000000 --- a/simple/am-single/templates/am/wso2am-volume-claims.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-am-local-carbon-database-volume-claim - namespace : {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.carbonDatabase }} - storageClassName: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.storageClass }} - ---- - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-am-solr-indexed-data-volume-claim - namespace : {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.capacity.solrIndexedData }} - storageClassName: {{ .Values.wso2.deployment.persistentRuntimeArtifacts.storageClass }} - {{ end }} diff --git a/simple/am-single/templates/am/wso2am-websocket-ingress.yaml b/simple/am-single/templates/am/wso2am-websocket-ingress.yaml deleted file mode 100644 index ebcabfb2..00000000 --- a/simple/am-single/templates/am/wso2am-websocket-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.ingress.websocket.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-am-websocket-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.ingress.websocket.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.ingress.websocket.annotations | indent 4 }} -{{- end }} -spec: - tls: - - hosts: - - {{ .Values.wso2.deployment.am.ingress.websocket.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.ingress.websocket.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-single-node.resource.prefix" . }}-am-service - port: - number: 8099 -{{- end -}} diff --git a/simple/am-single/templates/am/wso2am-websub-ingress.yaml b/simple/am-single/templates/am/wso2am-websub-ingress.yaml deleted file mode 100644 index 4ff846d9..00000000 --- a/simple/am-single/templates/am/wso2am-websub-ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.wso2.deployment.am.ingress.websub.enabled }} - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-am-websub-ingress - namespace : {{ .Release.Namespace }} -{{- if .Values.wso2.deployment.am.ingress.websub.annotations }} - annotations: -{{ toYaml .Values.wso2.deployment.am.ingress.websub.annotations | indent 4 }} -{{- end }} -spec: - tls: - - hosts: - - {{ .Values.wso2.deployment.am.ingress.websub.hostname }} - rules: - - host: {{ .Values.wso2.deployment.am.ingress.websub.hostname }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "am-single-node.resource.prefix" . }}-am-service - port: - number: 8021 -{{- end -}} diff --git a/simple/am-single/templates/wso2am-secrets.yaml b/simple/am-single/templates/wso2am-secrets.yaml deleted file mode 100644 index 181bbdff..00000000 --- a/simple/am-single/templates/wso2am-secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- $username := .Values.wso2.subscription.username }} -{{- $password := .Values.wso2.subscription.password }} -{{- $email := .Values.wso2.subscription.username }} -{{- $regId := default "docker.wso2.com" .Values.wso2.dockerRegistry }} -{{- $auth := printf "%s:%s" $username $password | b64enc }} -{{- $files := .Files }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "am-single-node.resource.prefix" . }}-wso2-private-registry-creds - namespace: {{ .Release.Namespace }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ $files.Get "auth.json" | replace "reg.id" $regId | replace "docker.wso2.com.username" $username | replace "docker.wso2.com.password" $password | replace "docker.wso2.com.email" $email | replace "docker.wso2.com.auth" $auth | b64enc }} -{{ end }} diff --git a/simple/am-single/templates/wso2am-service-account.yaml b/simple/am-single/templates/wso2am-service-account.yaml deleted file mode 100644 index d91c4a4f..00000000 --- a/simple/am-single/templates/wso2am-service-account.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.kubernetes.serviceAccount }} - namespace : {{ .Release.Namespace }} diff --git a/simple/am-single/values.yaml b/simple/am-single/values.yaml deleted file mode 100644 index 158b650a..00000000 --- a/simple/am-single/values.yaml +++ /dev/null @@ -1,165 +0,0 @@ -# Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -wso2: - # WSO2 Subscription parameters (https://wso2.com/subscription/) - # If provided, these parameters will be used to obtain official WSO2 product Docker images available at WSO2 Private Docker Registry (https://docker.wso2.com/) - # for this deployment - subscription: - username: "" - password: "" - - # WSO2 Choreo Analytics Parameters - # If provided, these parameters will be used publish analytics data to Choreo Analytics environment (https://apim.docs.wso2.com/en/latest/observe/api-manager-analytics/configure-analytics/register-for-analytics/). - choreoAnalytics: - enabled: false - endpoint: "" - onpremKey: "" - - deployment: - dependencies: - # The configuration should be set to be 'true' if a MySQL database should be spawned as a pod within the cluster - cluster_mysql: true - # Enable NFS dynamic provisioner for Kubernetes - nfsServerProvisioner: true - - # Persisted and shared runtime artifacts for API Manager - # See official documentation (from https://apim.docs.wso2.com/en/latest/install-and-setup/setup/reference/common-runtime-and-configuration-artifacts/#persistent-runtime-artifacts) - persistentRuntimeArtifacts: - # Kubernetes Storage Class to be used to dynamically provision the relevant Persistent Volumes - # Only persistent storage solutions supporting ReadWriteMany access mode are applicable (https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) - # Defaults to Kubernetes Storage Class generated using the NFS Server Provisioner (https://github.com/helm/charts/tree/master/stable/nfs-server-provisioner) - storageClass: &storage_class "nfs" - - # Persistent runtime artifacts for Apache Solr-based indexing - apacheSolrIndexing: - # Indicates if persistence of the runtime artifacts for Apache Solr-based indexing is enabled - # By default, this is disabled - enabled: true - # Define capacities for persistent runtime artifact directories - capacity: - # For persisting the H2 based local Carbon database file - carbonDatabase: 50M - # For persisting the indexed data - solrIndexedData: 50M - - am: - # Container image configurations - # If a custom image must be used, uncomment 'dockerRegistry' and provide its value - dockerRegistry: "docker.wso2.com" - imageName: "wso2am" - imageTag: "4.2.0.0" - # Refer to the Kubernetes documentation on updating images (https://kubernetes.io/docs/concepts/containers/images/#updating-images) - imagePullPolicy: Always - - # Indicates whether the container is running - livenessProbe: - # Number of seconds after the container has started before liveness probes are initiated - initialDelaySeconds: 180 - # How often (in seconds) to perform the probe - periodSeconds: 10 - # Indicates whether the container is ready to service requests - readinessProbe: - # Number of seconds after the container has started before readiness probes are initiated - initialDelaySeconds: 180 - # How often (in seconds) to perform the probe - periodSeconds: 10 - - resources: - # These are the minimum resource recommendations for running WSO2 API Management product profiles - # as per official documentation (https://apim.docs.wso2.com/en/latest/install-and-setup/install/installation-prerequisites/) - requests: - memory: "2Gi" - cpu: "2000m" - limits: - memory: "3Gi" - cpu: "3000m" - # JVM settings - # These are the resource allocation configurations associated with the JVM - # Refer to the official documentation for advanced details (https://apim.docs.wso2.com/en/latest/install-and-setup/install/installation-prerequisites/) - jvm: - # Resource allocation for the Java Heap - heap: - memory: - # Initial and minimum Heap size - xms: "1024m" - # Maximum Heap size - xmx: "1024m" - - # If the deployment configurations for the WSO2 API Manager v4.0.0 (/repository/conf/deployment.toml), - # add the customized configuration file under (wso2 -> deployment -> am -> config -> deployment.toml) - # config: - # deployment.toml: |- - # # deployment configurations for the WSO2 API Manager v4.0.0 (/repository/conf/deployment.toml) - - # Configure Ingresses - ingress: - management: - enabled: true - # Hostname for API Manager Carbon Management Console, Publisher, DevPortal and Admin Portal - hostname: "am.wso2.com" - # Annotations for the API Manager Publisher-DevPortal services Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/session-cookie-name: "route" - nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" - gateway: - enabled: true - # Hostname for Gateway profile - hostname: "gateway.am.wso2.com" - # Annotations for the API Manager Gateway service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - websub: - enabled: true - hostname: "websub.am.wso2.com" - # Annotations for the API Manager WebSub service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - websocket: - enabled: true - hostname: "websocket.am.wso2.com" - # Annotations for the API Manager WebSocket service Ingress - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - db: - hostname: wso2am-mysql-db-service - port: 3306 - type: mysql - driver: com.mysql.cj.jdbc.Driver - driver_url: https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.29/mysql-connector-java-8.0.29.jar - apim: - username: wso2carbon - password: wso2carbon - url: jdbc:mysql://wso2am-mysql-db-service:3306/WSO2AM_DB?useSSL=false&autoReconnect=true&requireSSL=false&verifyServerCertificate=false - apim_shared: - username: wso2carbon - password: wso2carbon - url: jdbc:mysql://wso2am-mysql-db-service:3306/WSO2AM_SHARED_DB?useSSL=false&autoReconnect=true&requireSSL=false&verifyServerCertificate=false - - -kubernetes: - # Name of Kubernetes service account - serviceAccount: "wso2am-single-node-svc-account" - -# Override sub chart parameters -mysql-am: - mysql: - persistence: - storageClass: *storage_class