caapim / apim-charts Goto Github PK
View Code? Open in Web Editor NEWHelm Charts for Layer7 API Management components.
License: MIT License
Helm Charts for Layer7 API Management components.
License: MIT License
Which chart:
gateway
Is your feature request related to a problem? Please describe.
When Using the gateway in Solution like Kubernetes, we have found the problem that if we have more than one Gateway Policy Manager is not keeping the connection stable as the Load balancer start to jump into the available gateway.
Describe the solution you'd like
A sticky session that will keep the gateway connect to the same gateway when Using Policy manager, o any other solution that keep us connected to the Gateway with Policy manager
Describe alternatives you've considered
Create a second load balancer or tagging in Kubernetes
.
it looks like the timeout is short and the pod fail to start,
The time has been increase and the pod works fine
Which chart:
Portal and Gateway
Is your feature request related to a problem? Please describe.
No
Describe the solution you'd like
A line that is something like "certManager: true" in the chart
If true, there can be a specific secret name in the tls section that uses the cert-manager output. Additionally, the service should generate all certs using cert-manager if certManager is true and useSignedCertificates is set to false for all self-signed. You could add additional capabilities to add things where the deployer creates their own issuer (cluster or namespace scoped) that the chart uses to create any certs. The internal vs external should continue to be separated based on that as well
Describe alternatives you've considered
Alternative is manual process like today
Additional context
None other than cert-manager is becoming a highly used option.
Guys maybe is me only but when I put the value none for tls.job.rotate the certificate for pssg still getting change..
after we introduce the the none value in the rotation of the cert.
6. Stop portal for ( stop all pods or removed the deplyment, I got external db)
7. change the value in the repo for Rotate = none
8. redeploy Portal.. the portal start ok but the gateways enrolled still can't sync with the portal due a another new cert was create.
to reassure I was maybe going to get the none from this time.
9. Stop portal for ( stop all pods or removed the deplyment, I got external db)
10. check the value in the repo for Rotate = none
11. redeploy Portal.. the portal start ok but the gateways enrolled still can't sync with the portal due a another new cert was create. .. I also check that the value non was passed during deployment, and was there,, but the pssg cert change..
if you have test this let me know..
Thank you
Hello !
I'm receving the error below when I try deploy the Gateway Chart
logs apim-gateway-796f98fbd-q4x2r -f
Using MySQL database
SSG_DATABASE_WAIT_TIMEOUT set to 300 seconds.
SSG_JVM_HEAP will be 2g
SSG_CLUSTER_HOST will be my.localdomain
SSG_GC_ARGS will be -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=20M -Xloggc:/opt/SecureSpan/Gateway/node/default/var/logs/ssg_gc.log -XX:+PrintTenuringDistribution
Waiting for one of the databases to come up...
Liquibase 'status' Successful
Unexpected error running Liquibase: Error executing SQL CREATE TABLE ssg.resource_entry (goid BINARY(16) NOT NULL, version INT(10) NOT NULL, description VARCHAR(2048) NULL, uri VARCHAR(4096) NOT NULL, uri_hash VARCHAR(128) NOT NULL, type VARCHAR(32) NOT NULL, content_type VARCHAR(1024) NOT NULL, content MEDIUMTEXT NOT NULL, resource_key1 VARCHAR(4096) NULL, resource_key2 VARCHAR(4096) NULL, resource_key3 VARCHAR(4096) NULL, security_zone_goid BINARY(16) NULL): Row size too large. The maximum row size for the used table type, not counting BLOBs, is 65535. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs
ERROR - Failed to create or update the Gateway's database
I have MYSQL 8 on GCP with the flags below
Is a blank DB
Regards
Which chart:
portal
Describe the bug
Portal chart does not work with kubernetes 1.19 due to v1beta1 in templates/ingress/ingress.yaml
To Reproduce
kind create cluster --name layer7 --image kindest/node:v1.19.1
helm repo add layer7 https://caapim.github.io/apim-charts/
helm repo update
helm install my-portal --set-file "portal.registryCredentials=/home/mau/Downloads/docker-secret.yaml" layer7/portal
Expected behavior
It should succeed and I should have all the pods running, but none are pulled
Version of Helm and Kubernetes:
kubernetes 1.19.1
helm version
:version.BuildInfo{Version:"v3.5.4", GitCommit:"1b5edb69df3d3a08df77c9902dc17af864ff05d1", GitTreeState:"clean", GoVersion:"go1.15.11"}
kubectl version
:Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0", GitCommit:"cb303e613a121a29364f75cc67d3d580833a7479", GitTreeState:"clean", BuildDate:"2021-04-16T18:16:59Z", GoVersion:"go1.16.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.1", GitCommit:"206bcadf021e76c27513500ca24182692aabd17e", GitTreeState:"clean", BuildDate:"2020-09-14T07:30:52Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
WARNING: version difference between client (1.21) and server (1.19) exceeds the supported minor version skew of +/-1
Additional context
Add any other context about the problem here.
Which chart: Gateway version 2.0.4
The name (and version) of the affected chart.
Is your feature request related to a problem? Please describe.
We are unable to edit the /opt/SecureSpan/Gateway/runtime/etc/ssg.policy which is required for us.
See the following knowledge base article
https://knowledge.broadcom.com/external/article/129740/can-not-get-json-data-from-message-targe.html
Describe the solution you'd like
A way to configure the /opt/SecureSpan/Gateway/runtime/etc/ssg.policy
Describe alternatives you've considered
I don't see any way unless feature request my other feature request (#138) is implemented However I think that would be unnecessary if configuration is added to the charts similar as done for the system.properties
Which chart: Gateway version 2.0.4
The name (and version) of the affected chart.
Is your feature request related to a problem? Please describe.
We need to inject some jar files (com.ibm.mq.allclient.jar , com.ibm.mq.traceControl.jar , fscontext.jar , jms.jar , providerutil.jar )in the gateway pod for the MQ Native queues. These libraries need to be placed in /opt/SecureSpan/Gateway/runtime/lib/ext/ where jms-1-1.jar already resides and need to be present before the gateway starts.
We are trying to load these files using an initcontainer . However we run into multiple issues.
The com.ibm.mq.allclient.jar is about 7MB. So we can't use configmaps since these are limited to 1MB.
We also can't use secrets since 4MB is the limit there for a file.
The init container also only seems to support emptydir as volume (based on the deployment.yaml).
Testing with the other smaller files using secrets or configmap does not work. The volume remains empty.
example initcontainer statement as we used for secrets :
initContainers:
Using the emptydir as volume we are able to get the files into the pod. However this is not viable since we need to place them inside and already existing directory with an existing file. The existing file then disappears. We would need to use subpath in the volumeMounts but since we start with emptyDir this is not possible. The files do not exist there yet when mounting so they end up as directories.
Describe the solution you'd like
A way to inject files in any existing directory (or at least the /opt/SecureSpan/Gateway/runtime/lib/ext/ directory) which already contain files. A possible solution would be to support PersistantVolumeClaims and subPath in the volumeMounts in the initcontainer and gateway container. We could then load files from there and mount them using the subPath statement
Describe alternatives you've considered
Currently I am out of options here. I see no way to get these files in the proper location before the gateway starts.
This is preventing is from migrating our workloads from the virtual appliance gateways to containers gateways.
Which chart:
Portal
Is your feature request related to a problem? Please describe.
no
Describe the solution you'd like
in the README.md file, could you please have a simple table listing the pods required for the Portal to work?
We are working in a very secure environment and we need to allow only specific repositories and have to pull the images manually to then push them to an internal repository.
It would be great to have a ready list of such pods so that we can quickly verify that we have all the components required
Describe alternatives you've considered
we have to grep the list from the latest chart and make sure that all required images are listed.
Additional context
Add any other context or screenshots about the feature request here.
I am trying to set a HA per AZ, I have tree zones, while with this confugration It will try to check from 0 - 3, whci becuase I am putting afinity to zones. ( 3 zones) one pod for mino will be pending and the pod running will restarting becuase it can find the pod pending..
now if I put my replicas to 3 on minio. it will create 3 pods as required but will still trying to reach the minio missing. and then the pods start to restart..
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.