Skip to content

Commit

Permalink
Merge pull request #539 from wso2/4.1.x
Browse files Browse the repository at this point in the history
Merge 4.1.x to master
  • Loading branch information
RakhithaRR authored Apr 11, 2022
2 parents f551a7c + 453a35c commit 65209e2
Show file tree
Hide file tree
Showing 64 changed files with 522 additions and 366 deletions.
21 changes: 9 additions & 12 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,23 +1,20 @@
# Changelog

All notable changes to Kubernetes and Helm resources for WSO2 API Management version `4.0.x` in each resource release,
All notable changes to Kubernetes and Helm resources for WSO2 API Management version `4.1.x` in each resource release,
will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)

## [v4.0.0.1] - 2021-05-07
## [v4.1.0.1] - 2022-03-31

### Added

- Helm resources for API Manager Single Node Deployment (refer to [issue](https://github.com/wso2/kubernetes-apim/issues/498)).
- Helm resources for API Manager Advanced deployment patterns (refer to [issue](https://github.com/wso2/kubernetes-apim/issues/499)).
- Helm resources for MySQL (refer to [issue](https://github.com/wso2/kubernetes-apim/issues/504)).
- Configurations for Choreo Analytics (refer to [issue](https://github.com/wso2/kubernetes-apim/issues/500)).
- Helm resources for API Manager Single Node Deployment.
- Helm resources for API Manager Advanced deployment patterns.
- Helm resources for MySQL.
- Parameter configurations for ingress resources.

### Removed
### Modified

- Helm resources for API Manager Analytics.
- Script based K8s deployment to API Manager Simple deployment.

For detailed information on the tasks carried out during this release, please see the GitHub milestone
[v4.0.0.1](https://github.com/wso2/kubernetes-apim/milestone/22)
- Ingress API version to networking.k8s.io/v1.
- Readiness and liveness probe endpoints.
13 changes: 13 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,19 @@
* [Deployment Pattern 3](advanced/am-pattern-3/README.md)
* [Deployment Pattern 4](advanced/am-pattern-4/README.md)

### Update the JWKS Endpoint

The JWKS endpoint of the API Manager has the external facing hostname by default. This is not routable. To resolve this, you can alter the JWKS endpoint in the API Manager to use the API Manager's internal service name in Kubernetes.

1. Log into Admin portal - https://am.wso2.com/admin/
2. Navigate to Key Managers section and select the Resident Key Manager.
3. Change the JWKS URL in the Certificates section to https://<cp-lb-service-name>:9443/oauth2/jwks.


### Update certificate domain names

To verify connecting peers API Manager use wso2carbon certificate. By default this only allows peers from localhost domain to connect. To allow connections from different domains you need to create a certificate with the allowed domain name list and add it to API Manager keystores. This can be done by mounting a volume with the modified keystores. You can find the APIM Manager keystores inside the *~/wso2am-4.1.0/repository/resources/security/* directory.

## Reporting issues

We encourage you to report any issues and documentation faults regarding Kubernetes and Helm resources
Expand Down
4 changes: 2 additions & 2 deletions advanced/am-pattern-1/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@
# limitations under the License.

apiVersion: v1
appVersion: "4.0.0"
appVersion: "4.1.0"
description: A Helm chart for the deployment of WSO2 API Manager Pattern 1 (HA All-In-One Deployment)
name: am-pattern-1
version: 4.0.0-2
version: 4.1.0-1
icon: https://wso2.cachefly.net/wso2/sites/all/images/wso2logo.svg
31 changes: 17 additions & 14 deletions advanced/am-pattern-1/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@

This deployment consists of an API-M cluster with two nodes of the API-M runtime and two nodes each of the integration runtimes (Micro Integrator/Streaming Integrator). You can use this pattern if you expect to receive low traffic to your deployment.

![WSO2 API Manager pattern 1 deployment](https://apim.docs.wso2.com/en/4.0.0/assets/img/setup-and-install/basic-ha-deployment.png)
![WSO2 API Manager pattern 1 deployment](https://apim.docs.wso2.com/en/4.1.0/assets/img/setup-and-install/basic-ha-deployment.png)

For advanced details on the deployment pattern, please refer to the official
[documentation](https://apim.docs.wso2.com/en/4.0.0/install-and-setup/setup/deployment-overview/#standard-ha-deployment).
[documentation](https://apim.docs.wso2.com/en/4.1.0/install-and-setup/setup/deployment-overview/#standard-ha-deployment).

## Contents

Expand Down Expand Up @@ -59,13 +59,13 @@ Deploy the Kubernetes resources using the Helm Chart
- Helm version 2
```
helm install --name <RELEASE_NAME> wso2/am-pattern-1 --version 4.0.0-1 --namespace <NAMESPACE>
helm install --name <RELEASE_NAME> wso2/am-pattern-1 --version 4.1.0-1 --namespace <NAMESPACE>
```
- Helm version 3
```
helm install <RELEASE_NAME> wso2/am-pattern-1 --version 4.0.0-1 --namespace <NAMESPACE> --create-namespace
helm install <RELEASE_NAME> wso2/am-pattern-1 --version 4.1.0-1 --namespace <NAMESPACE> --create-namespace
```
The above steps will deploy the deployment pattern using WSO2 product Docker images available at DockerHub.
Expand All @@ -76,7 +76,7 @@ please provide your WSO2 Subscription credentials via input values (using `--set
Please see the following example.
```
helm install --name <RELEASE_NAME> wso2/am-pattern-1 --version 4.0.0-1 --namespace <NAMESPACE> --set wso2.subscription.username=<SUBSCRIPTION_USERNAME> --set wso2.subscription.password=<SUBSCRIPTION_PASSWORD>
helm install --name <RELEASE_NAME> wso2/am-pattern-1 --version 4.1.0-1 --namespace <NAMESPACE> --set wso2.subscription.username=<SUBSCRIPTION_USERNAME> --set wso2.subscription.password=<SUBSCRIPTION_PASSWORD>
```
#### Install Chart From Source
Expand All @@ -99,13 +99,13 @@ Deploy the Kubernetes resources using the Helm Chart
- Helm version 2
```
helm install --dep-up --name <RELEASE_NAME> <HELM_HOME>/am-pattern-1 --version 4.0.0-1 --namespace <NAMESPACE>
helm install --dep-up --name <RELEASE_NAME> <HELM_HOME>/am-pattern-1 --version 4.1.0-1 --namespace <NAMESPACE>
```
- Helm version 3
```
helm install <RELEASE_NAME> <HELM_HOME>/am-pattern-1 --version 4.0.0-1 --namespace <NAMESPACE> --dependency-update --create-namespace
helm install <RELEASE_NAME> <HELM_HOME>/am-pattern-1 --version 4.1.0-1 --namespace <NAMESPACE> --dependency-update --create-namespace
```
The above steps will deploy the deployment pattern using WSO2 product Docker images available at DockerHub.
Expand All @@ -116,7 +116,7 @@ please provide your WSO2 Subscription credentials via input values (using `--set
Please see the following example.
```
helm install --name <RELEASE_NAME> <HELM_HOME>/am-pattern-1 --version 4.0.0-1 --namespace <NAMESPACE> --set wso2.subscription.username=<SUBSCRIPTION_USERNAME> --set wso2.subscription.password=<SUBSCRIPTION_PASSWORD>
helm install --name <RELEASE_NAME> <HELM_HOME>/am-pattern-1 --version 4.1.0-1 --namespace <NAMESPACE> --set wso2.subscription.username=<SUBSCRIPTION_USERNAME> --set wso2.subscription.password=<SUBSCRIPTION_PASSWORD>
```
Or else, you can configure the default configurations inside the am-pattern-1 helm chart [values.yaml](https://github.com/wso2/kubernetes-apim/blob/master/advanced/am-pattern-1/values.yaml) file. Refer [this](https://helm.sh/docs/chart_template_guide/values_files/) for to learn more details about the `values.yaml` file.
Expand All @@ -132,7 +132,7 @@ From the above Helm commands, base image of a Micro Integrator is deployed (with
- `IMAGE_PULL_SECRET` will refer to the created image pull secret <br><br>
>3. Deploy the helm resource using following command.<br><br>
> ```
> helm install <RELEASE_NAME> wso2/am-pattern-1 --version 4.0.0-1 --namespace <NAMESPACE> --set wso2.deployment.mi.dockerRegistry=<INTEGRATION_IMAGE_REGISTRY> --set wso2.deployment.mi.imageName=<INTEGRATION_IMAGE_NAME> --set wso2.deployment.mi.imageTag=<INTEGRATION_IMAGE_TAG> --set wso2.deployment.mi.imagePullSecrets=<IMAGE_PULL_SECRET>
> helm install <RELEASE_NAME> wso2/am-pattern-1 --version 4.1.0-1 --namespace <NAMESPACE> --set wso2.deployment.mi.dockerRegistry=<INTEGRATION_IMAGE_REGISTRY> --set wso2.deployment.mi.imageName=<INTEGRATION_IMAGE_NAME> --set wso2.deployment.mi.imageTag=<INTEGRATION_IMAGE_TAG> --set wso2.deployment.mi.imagePullSecrets=<IMAGE_PULL_SECRET>
> ```
### Choreo Analytics
Expand All @@ -144,13 +144,13 @@ The following example shows how to enable Analytics with the helm charts.
Helm v2
```
helm install --name <RELEASE_NAME> wso2/am-pattern-1 --version 4.0.0-1 --namespace <NAMESPACE> --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint=<CHOREO_ANALYTICS_ENDPOINT> --set wso2.choreoAnalytics.onpremKey=<ONPREM_KEY>
helm install --name <RELEASE_NAME> wso2/am-pattern-1 --version 4.1.0-1 --namespace <NAMESPACE> --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint=<CHOREO_ANALYTICS_ENDPOINT> --set wso2.choreoAnalytics.onpremKey=<ONPREM_KEY>
```
Helm v3
```
helm install <RELEASE_NAME> wso2/am-pattern-1 --version 4.0.0-1 --namespace <NAMESPACE> --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint=<CHOREO_ANALYTICS_ENDPOINT> --set wso2.choreoAnalytics.onpremKey=<ONPREM_KEY> --create-namespace
helm install <RELEASE_NAME> wso2/am-pattern-1 --version 4.1.0-1 --namespace <NAMESPACE> --set wso2.choreoAnalytics.enabled=true --set wso2.choreoAnalytics.endpoint=<CHOREO_ANALYTICS_ENDPOINT> --set wso2.choreoAnalytics.onpremKey=<ONPREM_KEY> --create-namespace
```
You will be able to see the Analytics data when you log into Choreo Analytics Portal.
Expand Down Expand Up @@ -250,7 +250,7 @@ If you do not have an active WSO2 subscription, **do not change** the parameters
|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------|
| `wso2.deployment.am.dockerRegistry` | Registry location of the Docker image to be used to create API Manager instances | - |
| `wso2.deployment.am.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2am` |
| `wso2.deployment.am.imageTag` | Tag of the image used to create API Manager instances | 4.0.0 |
| `wso2.deployment.am.imageTag` | Tag of the image used to create API Manager instances | 4.1.0 |
| `wso2.deployment.am.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` |
| `wso2.deployment.am.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for API Manager node | 180 |
| `wso2.deployment.am.livenessProbe.periodSeconds` | Period of the live-ness probe for API Manager node | 10 |
Expand All @@ -261,10 +261,13 @@ If you do not have an active WSO2 subscription, **do not change** the parameters
| `wso2.deployment.am.resources.limits.memory` | The maximum amount of memory that should be allocated for a Pod | 3Gi |
| `wso2.deployment.am.resources.limits.cpu` | The maximum amount of CPU that should be allocated for a Pod | 3000m |
| `wso2.deployment.am.config` | Custom deployment configuration file (`<WSO2AM>/repository/conf/deployment.toml`) | - |
| `wso2.deployment.am.ingress.management.enabled` | If enabled, create ingress resource for API Manager management consoles | true |
| `wso2.deployment.am.ingress.management.hostname` | Hostname for API Manager Admin Portal, Publisher, DevPortal and Carbon Management Console | `am.wso2.com` |
| `wso2.deployment.am.ingress.management.annotations` | Ingress resource annotations for API Manager management consoles | Community NGINX Ingress controller annotations |
| `wso2.deployment.am.ingress.gateway.enabled` | If enabled, create ingress resource for API Manager Gateway | true |
| `wso2.deployment.am.ingress.gateway.hostname` | Hostname for API Manager Gateway | `gateway.am.wso2.com` |
| `wso2.deployment.am.ingress.gateway.annotations` | Ingress resource annotations for API Manager Gateway | Community NGINX Ingress controller annotations |
| `wso2.deployment.am.ingress.websub.enabled` | If enabled, create ingress resource for WebSub service | true |
| `wso2.deployment.am.ingress.websub.hostname` | Hostname for API Manager Websub services | `websub.am.wso2.com` |
| `wso2.deployment.am.ingress.websub.annotations` | Ingress resource annotations for API Manager Websub | Community NGINX Ingress controller annotations |
Expand All @@ -274,7 +277,7 @@ If you do not have an active WSO2 subscription, **do not change** the parameters
|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-----------------------------|
| `wso2.deployment.mi.dockerRegistry` | Registry location of the Docker image to be used to create Micro Integrator instances | - |
| `wso2.deployment.mi.imageName` | Name of the Docker image to be used to create API Manager instances | `wso2mi` |
| `wso2.deployment.mi.imageTag` | Tag of the image used to create API Manager instances | 4.0.0 |
| `wso2.deployment.mi.imageTag` | Tag of the image used to create API Manager instances | 4.1.0 |
| `wso2.deployment.mi.imagePullPolicy` | Refer to [doc](https://kubernetes.io/docs/concepts/containers/images#updating-images) | `Always` |
| `wso2.deployment.mi.livenessProbe.initialDelaySeconds` | Initial delay for the live-ness probe for Micro Integrator node | 35 |
| `wso2.deployment.mi.livenessProbe.periodSeconds` | Period of the live-ness probe for Micro Integrator node | 10 |
Expand Down Expand Up @@ -335,5 +338,5 @@ If you want to setup API Manager only without Micro Integrator, you have to inst
* Deploy Helm charts
```helm
helm install <RELEASE_NAME> <HELM_HOME>/am-pattern-1 --version 4.0.0-1 --namespace <NAMESPACE> --dependency-update --create-namespace
helm install <RELEASE_NAME> <HELM_HOME>/am-pattern-1 --version 4.1.0-1 --namespace <NAMESPACE> --dependency-update --create-namespace
```
2 changes: 1 addition & 1 deletion advanced/am-pattern-1/requirements.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

dependencies:
- name: mysql-am
version: "4.0.0-1"
version: "4.1.0-1"
repository: "https://helm.wso2.com"
condition: wso2.deployment.dependencies.mysql
- name: nfs-server-provisioner
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ metadata:
{{ if .Values.wso2.deployment.am.config }}
data:
{{- range $index, $content := .Values.wso2.deployment.am.config }}
{{ $index }}: |-
{{ tpl $content $ | indent 4 }}
{{- end }}
{{ $index }}: |-
{{ tpl $content $ | indent 4 }}
{{- end }}

{{ else }}
{{ else }}
data:
deployment.toml: |-
[server]
Expand Down Expand Up @@ -63,6 +63,9 @@ data:
alias = "wso2carbon"
key_password = "wso2carbon"
#[keystore.listener_profile]
#bind_address = "0.0.0.0"
#[keystore.primary]
#file_name = "wso2carbon.jks"
#type = "JKS"
Expand All @@ -80,6 +83,7 @@ data:
[[apim.gateway.environment]]
name = "Default"
type = "hybrid"
provider = "wso2"
display_in_api_console = true
description = "This is a hybrid gateway that handles both production and sandbox token traffic."
show_as_token_endpoint_url = true
Expand Down Expand Up @@ -215,14 +219,14 @@ data:
#port = 10005
[[apim.throttling.url_group]]
traffic_manager_urls = ["tcp://localhost:9611"]
traffic_manager_auth_urls = ["ssl://localhost:9711"]
traffic_manager_urls = ["tcp://{{ template "am-pattern-1.resource.prefix" . }}-am-1-service:9611"]
traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-1.resource.prefix" . }}-am-1-service:9711"]
type = "loadbalance"
[[apim.throttling.url_group]]
traffic_manager_urls = ["tcp://{{ template "am-pattern-1.resource.prefix" . }}-am-2-service:9611"]
traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-1.resource.prefix" . }}-am-2-service:9711"]
type = "failover"
type = "loadbalance"
#[apim.workflow]
#enable = false
Expand Down Expand Up @@ -289,6 +293,11 @@ data:
[transport.https.properties]
proxyPort = 443
[oauth.grant_type.token_exchange]
enable = true
allow_refresh_tokens = true
iat_validity_period = "1h"
[transport.passthru_https.sender.parameters]
HostnameVerifier = "AllowAll"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,19 +56,15 @@ spec:
{{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.am) | indent 10 }}
imagePullPolicy: {{ .Values.wso2.deployment.am.imagePullPolicy }}
livenessProbe:
exec:
command:
- /bin/sh
- -c
- nc -z localhost 9443
httpGet:
path: /services/Version
port: 9763
initialDelaySeconds: {{ .Values.wso2.deployment.am.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.wso2.deployment.am.livenessProbe.periodSeconds }}
readinessProbe:
exec:
command:
- /bin/sh
- -c
- nc -z localhost 9443
httpGet:
path: /services/Version
port: 9763
initialDelaySeconds: {{ .Values.wso2.deployment.am.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.wso2.deployment.am.readinessProbe.periodSeconds }}
lifecycle:
Expand Down
Loading

0 comments on commit 65209e2

Please sign in to comment.