diff --git a/all-in-one/confs/instance-1/deployment.toml b/all-in-one/confs/instance-1/deployment.toml index a64ce338..428788ad 100644 --- a/all-in-one/confs/instance-1/deployment.toml +++ b/all-in-one/confs/instance-1/deployment.toml @@ -181,6 +181,8 @@ enable = false enable = true token = {{ .Values.wso2.apim.configurations.ai.token | quote }} endpoint = {{ .Values.wso2.apim.configurations.ai.endpoint | quote }} +token_endpoint = {{ .Values.wso2.apim.configurations.ai.token_endpoint | quote }} +key = {{ .Values.wso2.apim.configurations.ai.key | quote }} {{- else }} enable = false {{- end }} diff --git a/all-in-one/confs/instance-2/deployment.toml b/all-in-one/confs/instance-2/deployment.toml index 9df3e4c8..a9308576 100644 --- a/all-in-one/confs/instance-2/deployment.toml +++ b/all-in-one/confs/instance-2/deployment.toml @@ -181,6 +181,8 @@ enable = false enable = true token = {{ .Values.wso2.apim.configurations.ai.token | quote }} endpoint = {{ .Values.wso2.apim.configurations.ai.endpoint | quote }} +token_endpoint = {{ .Values.wso2.apim.configurations.ai.token_endpoint | quote }} +key = {{ .Values.wso2.apim.configurations.ai.key | quote }} {{- else }} enable = false {{- end }} diff --git a/all-in-one/values.yaml b/all-in-one/values.yaml index 5792ae57..82ad31af 100644 --- a/all-in-one/values.yaml +++ b/all-in-one/values.yaml @@ -589,7 +589,7 @@ wso2: organization_id_local_claim: "http://wso2.org/claims/organizationId" deployment: - # Confgiure High Availability + # Configure High Availability highAvailability: false # Container image configurations image: diff --git a/distributed/gateway/README.md b/distributed/gateway/README.md index 6f03f287..534332b5 100644 --- a/distributed/gateway/README.md +++ b/distributed/gateway/README.md @@ -1,6 +1,6 @@ # wso2am-universal-gw -![version: 4.5.0-3](https://img.shields.io/badge/Version-4.5.0--1-informational?style=flat-square) ![AppVersion: 4.5.0](https://img.shields.io/badge/AppVersion-4.5.0-informational?style=flat-square) +![Version: 4.5.0-3](https://img.shields.io/badge/Version-4.5.0--3-informational?style=flat-square) ![AppVersion: 4.5.0](https://img.shields.io/badge/AppVersion-4.5.0-informational?style=flat-square) A Helm chart for the deployment of WSO2 API Management Universal Gateway profile @@ -8,7 +8,7 @@ A Helm chart for the deployment of WSO2 API Management Universal Gateway profile | Key | Type | Default | Description | |-----|------|---------|-------------| -| aws.enabled | bool | `true` | If AWS is used as the cloud provider | +| aws.enabled | bool | `false` | If AWS is used as the cloud provider | | aws.region | string | `""` | AWS region | | aws.secretsManager.secretIdentifiers.internalKeystorePassword | object | `{"secretKey":"","secretName":""}` | Internal keystore password identifier in secrets manager | | aws.secretsManager.secretIdentifiers.internalKeystorePassword.secretKey | string | `""` | AWS Secrets Manager secret key | @@ -34,6 +34,7 @@ A Helm chart for the deployment of WSO2 API Management Universal Gateway profile | gcp.secretsManager.secret.secretVersion | string | `""` | Version of the secret | | gcp.secretsManager.secretProviderClass | string | `""` | Secret provider class | | gcp.serviceAccountName | string | `""` | Service Account with access to read secrets | +| kubernetes.configMaps | object | `{"scripts":{"defaultMode":"0407"}}` | Set UNIX permissions over the executable scripts | | kubernetes.enableAppArmor | bool | `false` | Enable AppArmor profiles for the deployment | | kubernetes.ingress.gateway.annotations | object | `{"nginx.ingress.kubernetes.io/backend-protocol":"HTTPS","nginx.ingress.kubernetes.io/proxy-buffer-size":"8k","nginx.ingress.kubernetes.io/proxy-buffering":"on"}` | Ingress annotations for Gateway pass-through | | kubernetes.ingress.gateway.hostname | string | `"gw.wso2.com"` | Ingress hostname for Gateway pass-through | @@ -47,6 +48,9 @@ A Helm chart for the deployment of WSO2 API Management Universal Gateway profile | kubernetes.ingress.websub.hostname | string | `"websub.wso2.com"` | Ingress hostname for Websub | | kubernetes.ingressClass | string | `"nginx"` | Ingress class to be used for the ingress resource | | kubernetes.securityContext.runAsUser | int | `10001` | User ID of the container | +| kubernetes.securityContext.seLinux | object | `{"enabled":false,"level":""}` | SELinux context for the container | +| kubernetes.securityContext.seccompProfile | object | `{"localhostProfile":"","type":"RuntimeDefault"}` | Seccomp profile for the container | +| kubernetes.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | Seccomp profile type(RuntimeDefault, Unconfined or Localhost) | | wso2.ELKAnalytics | object | `{"enabled":false}` | ELK Analytics Parameters | | wso2.apim.configurations.adminPassword | string | `""` | Super admin password | | wso2.apim.configurations.adminUsername | string | `""` | Super admin username | @@ -64,9 +68,9 @@ A Helm chart for the deployment of WSO2 API Management Universal Gateway profile | wso2.apim.configurations.cors.enableForWS | bool | `false` | Enable CORS for Websockets | | wso2.apim.configurations.cors.enabled | bool | `true` | CORS configuration enabled | | wso2.apim.configurations.databases.jdbc.driver | string | `""` | JDBC driver class name | -| wso2.apim.configurations.databases.shared_db | object | `{"password":"","poolParameters":{"defaultAutoCommit":false,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000},"url":"","username":""}` | APIM SharedDB configurations. This is required for gateway only in a multi-tenancy scenario | +| wso2.apim.configurations.databases.shared_db | object | `{"password":"","poolParameters":{"defaultAutoCommit":true,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000},"url":"","username":""}` | APIM SharedDB configurations. This is required for gateway only in a multi-tenancy scenario | | wso2.apim.configurations.databases.shared_db.password | string | `""` | APIM SharedDB password | -| wso2.apim.configurations.databases.shared_db.poolParameters | object | `{"defaultAutoCommit":false,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000}` | APIM database JDBC pool parameters | +| wso2.apim.configurations.databases.shared_db.poolParameters | object | `{"defaultAutoCommit":true,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000}` | APIM database JDBC pool parameters | | wso2.apim.configurations.databases.shared_db.url | string | `""` | APIM SharedDB URL | | wso2.apim.configurations.databases.shared_db.username | string | `""` | APIM SharedDB username | | wso2.apim.configurations.databases.type | string | `""` | Database type. eg: mysql, oracle, mssql, postgres | @@ -84,6 +88,7 @@ A Helm chart for the deployment of WSO2 API Management Universal Gateway profile | wso2.apim.configurations.jwt.generatorImpl | string | `"org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"` | | | wso2.apim.configurations.jwt.header | string | `"X-JWT-Assertion"` | | | wso2.apim.configurations.jwt.signingAlgorithm | string | `"SHA256withRSA"` | | +| wso2.apim.configurations.km.servicePort | int | `9443` | Key Manager service port | | wso2.apim.configurations.km.serviceUrl | string | `"wso2am-cp-service"` | Key manager service name if default Resident KM is used | | wso2.apim.configurations.oauth_config.authHeader | string | `"Authorization"` | OAuth authorization header name | | wso2.apim.configurations.oauth_config.enableTokenEncryption | bool | `false` | Enable token encryption | diff --git a/distributed/gateway/values.yaml b/distributed/gateway/values.yaml index 4b2f4890..720caeb3 100644 --- a/distributed/gateway/values.yaml +++ b/distributed/gateway/values.yaml @@ -247,6 +247,8 @@ wso2: km: # -- Key manager service name if default Resident KM is used serviceUrl: "wso2am-cp-service" + # -- Key Manager service port + servicePort: 9443 iskm: # If Identity Server is used as the Resident KM diff --git a/distributed/traffic-manager/README.md b/distributed/traffic-manager/README.md index 1bfc5427..a4db2974 100644 --- a/distributed/traffic-manager/README.md +++ b/distributed/traffic-manager/README.md @@ -1,6 +1,6 @@ # wso2am-tm -![version: 4.5.0-3](https://img.shields.io/badge/Version-4.5.0--1-informational?style=flat-square) ![AppVersion: 4.5.0](https://img.shields.io/badge/AppVersion-4.5.0-informational?style=flat-square) +![Version: 4.5.0-3](https://img.shields.io/badge/Version-4.5.0--3-informational?style=flat-square) ![AppVersion: 4.5.0](https://img.shields.io/badge/AppVersion-4.5.0-informational?style=flat-square) A Helm chart for the deployment of WSO2 API Management Traffic Manager profile @@ -9,7 +9,7 @@ A Helm chart for the deployment of WSO2 API Management Traffic Manager profile | Key | Type | Default | Description | |-----|------|---------|-------------| | aws.ecr.registry | string | `""` | AWS Elastic Container Registry name | -| aws.enabled | bool | `true` | If AWS is used as the cloud provider | +| aws.enabled | bool | `false` | If AWS is used as the cloud provider | | aws.region | string | `""` | AWS region | | aws.secretsManager.secretIdentifiers.internalKeystorePassword | object | `{"secretKey":"","secretName":""}` | Internal keystore password identifier in secrets manager | | aws.secretsManager.secretIdentifiers.internalKeystorePassword.secretKey | string | `""` | AWS Secrets Manager secret key | @@ -36,19 +36,23 @@ A Helm chart for the deployment of WSO2 API Management Traffic Manager profile | gcp.secretsManager.secret.secretVersion | string | `""` | Version of the secret | | gcp.secretsManager.secretProviderClass | string | `""` | Secret provider class | | gcp.serviceAccountName | string | `""` | Service Account with access to read secrets | +| kubernetes.configMaps | object | `{"scripts":{"defaultMode":"0407"}}` | Set UNIX permissions over the executable scripts | | kubernetes.enableAppArmor | bool | `false` | Enable AppArmor profiles for the deployment | | kubernetes.securityContext.runAsUser | int | `10001` | User ID of the container | +| kubernetes.securityContext.seLinux | object | `{"enabled":false,"level":""}` | SELinux context for the container | +| kubernetes.securityContext.seccompProfile | object | `{"localhostProfile":"","type":"RuntimeDefault"}` | Seccomp profile for the container | +| kubernetes.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | Seccomp profile type(RuntimeDefault, Unconfined or Localhost) | | wso2.apim.configurations.adminPassword | string | `""` | Super admin password | | wso2.apim.configurations.adminUsername | string | `""` | Super admin username | -| wso2.apim.configurations.databases.apim_db | object | `{"password":"","poolParameters":{"defaultAutoCommit":false,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000},"url":"","username":""}` | APIM AM_DB configurations. | +| wso2.apim.configurations.databases.apim_db | object | `{"password":"","poolParameters":{"defaultAutoCommit":true,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000},"url":"","username":""}` | APIM AM_DB configurations. | | wso2.apim.configurations.databases.apim_db.password | string | `""` | APIM AM_DB password | -| wso2.apim.configurations.databases.apim_db.poolParameters | object | `{"defaultAutoCommit":false,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000}` | APIM database JDBC pool parameters | +| wso2.apim.configurations.databases.apim_db.poolParameters | object | `{"defaultAutoCommit":true,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000}` | APIM database JDBC pool parameters | | wso2.apim.configurations.databases.apim_db.url | string | `""` | APIM AM_DB URL | | wso2.apim.configurations.databases.apim_db.username | string | `""` | APIM AM_DB username | | wso2.apim.configurations.databases.jdbc.driver | string | `""` | JDBC driver class name | -| wso2.apim.configurations.databases.shared_db | object | `{"password":"","poolParameters":{"defaultAutoCommit":false,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000},"url":"","username":""}` | APIM SharedDB configurations. | +| wso2.apim.configurations.databases.shared_db | object | `{"password":"","poolParameters":{"defaultAutoCommit":true,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000},"url":"","username":""}` | APIM SharedDB configurations. | | wso2.apim.configurations.databases.shared_db.password | string | `""` | APIM SharedDB password | -| wso2.apim.configurations.databases.shared_db.poolParameters | object | `{"defaultAutoCommit":false,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000}` | APIM shared database JDBC pool parameters | +| wso2.apim.configurations.databases.shared_db.poolParameters | object | `{"defaultAutoCommit":true,"maxActive":100,"maxWait":60000,"minIdle":5,"testOnBorrow":true,"testWhileIdle":true,"validationInterval":30000}` | APIM shared database JDBC pool parameters | | wso2.apim.configurations.databases.shared_db.url | string | `""` | APIM SharedDB URL | | wso2.apim.configurations.databases.shared_db.username | string | `""` | APIM SharedDB username | | wso2.apim.configurations.databases.type | string | `""` | Database type. eg: mysql, oracle, mssql, postgres | @@ -56,6 +60,7 @@ A Helm chart for the deployment of WSO2 API Management Traffic Manager profile | wso2.apim.configurations.eventhub.urls | list | `["wso2am-cp-1-service","wso2am-cp-2-service"]` | Event hub service urls | | wso2.apim.configurations.iskm.enabled | bool | `false` | | | wso2.apim.configurations.iskm.serviceName | string | `""` | | +| wso2.apim.configurations.km.servicePort | int | `9443` | Key Manager service port | | wso2.apim.configurations.km.serviceUrl | string | `"wso2am-cp-service"` | Key manager service name if default Resident KM is used | | wso2.apim.configurations.oauth_config.enableTokenEncryption | bool | `false` | Enable token encryption | | wso2.apim.configurations.oauth_config.enableTokenHashing | bool | `false` | Enable token hashing | diff --git a/distributed/traffic-manager/values.yaml b/distributed/traffic-manager/values.yaml index 3add0782..2158010a 100644 --- a/distributed/traffic-manager/values.yaml +++ b/distributed/traffic-manager/values.yaml @@ -216,6 +216,8 @@ wso2: km: # -- Key manager service name if default Resident KM is used serviceUrl: "wso2am-cp-service" + # -- Key Manager service port + servicePort: 9443 iskm: # If Identity Server is used as the Resident KM diff --git a/docs/am-pattern-0-all-in-one/README.md b/docs/am-pattern-0-all-in-one/README.md index fbe0ca29..5a472678 100644 --- a/docs/am-pattern-0-all-in-one/README.md +++ b/docs/am-pattern-0-all-in-one/README.md @@ -54,7 +54,7 @@ For advanced details on the deployment pattern, please refer to the official If you want to try WSO2 API Manager with minimal configuration, you do not need to follow all the steps described above. You can simply use the default values provided in the default_values.yaml, which includes the H2 database and the default keystore and truststore. Once the service is up and running, deploy the NGINX Ingress Controller by following the steps outlined [here](#2-add-ingress-controller). ```bash -helm install apim wso2/wso2am-all-in-one --version 4.5.0-2 -f default_values.yaml +helm install apim wso2/wso2am-all-in-one --version 4.5.0-3 -f default_values.yaml ``` ## Configuration @@ -103,7 +103,7 @@ In addition to the primary, internal keystores and truststore files, you can als - Refer the following sample command to create the secret and use it in the APIM. ``` - kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n + kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n ``` > By default, this deployment uses the default keystores and truststores provided by the relevant WSO2 product. > For advanced details with regards to managing custom Java keystores and truststores in a container based WSO2 product deployment @@ -248,7 +248,7 @@ Now deploy the Helm Chart using the following command after creating a namespace ```bash kubectl create namespace - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` diff --git a/docs/am-pattern-0-all-in-one/default_values.yaml b/docs/am-pattern-0-all-in-one/default_values.yaml index d877bbe7..c7cf0287 100644 --- a/docs/am-pattern-0-all-in-one/default_values.yaml +++ b/docs/am-pattern-0-all-in-one/default_values.yaml @@ -482,15 +482,6 @@ wso2: eventManagement: hostname: port: - highAvailability: - # -- Enable high availability. - enabled: false - eventDuplicateUrl: "apim-2-wso2am-all-in-one-am-service" - portOffset: 0 - # -- Traffic manager service urls. You only need to define one if the TM is not in HA. - urls: - - "apim-1-wso2am-all-in-one-am-service" - - "apim-2-wso2am-all-in-one-am-service" workflow: enable: false @@ -584,6 +575,8 @@ wso2: organization_id_local_claim: "http://wso2.org/claims/organizationId" deployment: + # Configure High Availability + highAvailability: true # Container image configurations image: # -- Container registry credentials. diff --git a/docs/am-pattern-1-all-in-one-HA/README.md b/docs/am-pattern-1-all-in-one-HA/README.md index a065d34f..61bc4d11 100644 --- a/docs/am-pattern-1-all-in-one-HA/README.md +++ b/docs/am-pattern-1-all-in-one-HA/README.md @@ -116,7 +116,7 @@ For advanced details on this deployment pattern, please refer to the official 1. Deploy All-in-One HA: ```bash -helm install apim wso2/wso2am-all-in-one --version 4.5.0-2 -f default_values.yaml +helm install apim wso2/wso2am-all-in-one --version 4.5.0-3 -f default_values.yaml ``` @@ -168,7 +168,7 @@ It is recommended to use the [**NGINX Ingress Controller**](https://kubernetes.g - Refer to the following sample command to create the secret and use it in the APIM: ``` - kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n + kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n ``` > By default, this deployment uses the default keystores and truststores provided by the relevant WSO2 product. > For advanced details regarding managing custom Java keystores and truststores in a container-based WSO2 product deployment, @@ -315,7 +315,7 @@ Now deploy the Helm chart using the following command after creating a namespace ```bash kubectl create namespace - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` #### 2.6 Enable High Availability diff --git a/docs/am-pattern-1-all-in-one-HA/default_values.yaml b/docs/am-pattern-1-all-in-one-HA/default_values.yaml index 84a0bd88..87ab76da 100644 --- a/docs/am-pattern-1-all-in-one-HA/default_values.yaml +++ b/docs/am-pattern-1-all-in-one-HA/default_values.yaml @@ -590,7 +590,7 @@ wso2: organization_id_local_claim: "http://wso2.org/claims/organizationId" deployment: - # Confgiure High Availability + # Configure High Availability highAvailability: true # Container image configurations image: diff --git a/docs/am-pattern-2-all-in-one_GW/README.md b/docs/am-pattern-2-all-in-one_GW/README.md index 8827c1a7..04576bed 100644 --- a/docs/am-pattern-2-all-in-one_GW/README.md +++ b/docs/am-pattern-2-all-in-one_GW/README.md @@ -138,19 +138,19 @@ This document provides comprehensive instructions for deploying WSO2 API Manager - We have provided pre-configured YAML files to help you quickly start the deployment. You can use these files as a starting point to deploy this pattern. This deployment requires separate databases. Therefore, follow the steps in [2. Build Docker Images](#2-build-docker-images) to build the Docker images with JDBC drivers, and refer to [3. Configure Database](#3-configure-database) to set up the database. - Follow the steps in [1.2 Mount Keystore and Truststore](#12-mount-keystore-and-truststore) to create the truststore and keystore. If you want to use the WSO2 default keystore and truststore, you can find them in the `repository/resources/security` directory of the product pack. Navigate to this location and run the following command to create the secret: ```bash -kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks +kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks ``` - Run the following command to deploy the Helm charts: > **Important:** Naming conventions are important. If you want to change them, ensure consistency. 1. Deploy All-in-one ```bash -helm install apim wso2/wso2am-all-in-one --version 4.5.0-2 -f default_values.yaml +helm install apim wso2/wso2am-all-in-one --version 4.5.0-3 -f default_values.yaml ``` 2. Deploy GW ```bash -helm install apim-gw wso2/wso2am-gw --version 4.5.0-2 -f default_gw_values.yaml +helm install apim-gw wso2/wso2am-gw --version 4.5.0-3 -f default_gw_values.yaml ``` - Once the service is up and running, deploy the NGINX Ingress Controller by following the steps outlined in [1.1 Add Ingress Controller](#11-add-ingress-controller). @@ -201,7 +201,7 @@ In addition to the primary, internal keystores and truststore files, you can als - Refer to the following sample command to create the secret and use it in the APIM. ``` - kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n + kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n ``` > By default, this deployment uses the default keystores and truststores provided by the relevant WSO2 product. > For advanced details regarding managing custom Java keystores and truststores in a container-based WSO2 product deployment, @@ -344,7 +344,7 @@ Now deploy the Helm Chart using the following command after creating a namespace ```bash kubectl create namespace - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` #### 2.6 Enable High Availability @@ -365,6 +365,7 @@ wso2: km: # -- Key manager service name if default Resident KM is used serviceUrl: "" + servicePort: 9443 ``` - Configure eventhub ```yaml @@ -400,7 +401,7 @@ wso2: Replace and with appropriate values. Replace with the path to the Helm deployment. ```bash - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` ### 4. Add a DNS Record Mapping the Hostnames and the External IP diff --git a/docs/am-pattern-2-all-in-one_GW/default_gw_values.yaml b/docs/am-pattern-2-all-in-one_GW/default_gw_values.yaml index 53d23a4f..e047600d 100644 --- a/docs/am-pattern-2-all-in-one_GW/default_gw_values.yaml +++ b/docs/am-pattern-2-all-in-one_GW/default_gw_values.yaml @@ -234,6 +234,8 @@ wso2: km: # -- Key manager service name if default Resident KM is used serviceUrl: "apim-wso2am-all-in-one-am-service" + # -- Key Manager service port + servicePort: 9443 iskm: # If Identity Server is used as the Resident KM @@ -449,7 +451,7 @@ wso2: # -- Minimum replicas for HPA minReplicas: 1 # -- Maximum replicas for HPA - maxReplicas: 1 + maxReplicas: 3 # -- Target CPU utilization percentage for HPA cpuUtilizationPercentage: 75 # -- Target memory utilization percentage for HPA diff --git a/docs/am-pattern-2-all-in-one_GW/default_values.yaml b/docs/am-pattern-2-all-in-one_GW/default_values.yaml index 78c781ee..b2cbc325 100644 --- a/docs/am-pattern-2-all-in-one_GW/default_values.yaml +++ b/docs/am-pattern-2-all-in-one_GW/default_values.yaml @@ -278,7 +278,7 @@ wso2: security: # -- Kubernetes secret containing the keystores and truststore - jksSecretName: "jks-secret" + jksSecretName: "apim-keystore-secret" keystores: primary: # -- Primary keystore enabled diff --git a/docs/am-pattern-3-ACP_TM_GW/README.md b/docs/am-pattern-3-ACP_TM_GW/README.md index 49d9756c..03b4c366 100644 --- a/docs/am-pattern-3-ACP_TM_GW/README.md +++ b/docs/am-pattern-3-ACP_TM_GW/README.md @@ -152,24 +152,24 @@ This document provides comprehensive instructions for deploying WSO2 API Manager - We have provided pre-configured YAML files to help you quickly start the deployment. You can use these files as a starting point to deploy this pattern. This deployment requires separate databases. Therefore, follow the steps in [2. Build Docker Images](#2-build-docker-images) to build the Docker images with JDBC drivers, and refer to [3. Configure Database](#3-configure-database) to set up the database. - Follow the steps in [1.2 Mount Keystore and Truststore](#12-mount-keystore-and-truststore) to create the truststore and keystore. If you want to use the WSO2 default keystore and truststore, you can find them in the `repository/resources/security` directory of the product pack. Navigate to this location and run the following command to create the secret: ```bash -kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks +kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks ``` - Run the following command to deploy the Helm charts: > **Important:** Naming conventions are important. If you want to change them, ensure consistency. 1. Deploy ACP ```bash -helm install apim-acp wso2/wso2am-acp --version 4.5.0-2 -f default_acp_values.yaml +helm install apim-acp wso2/wso2am-acp --version 4.5.0-3 -f default_acp_values.yaml ``` 2. Deploy TM ```bash -helm install apim-tm wso2/wso2am-tm --version 4.5.0-2 -f default_tm_values.yaml +helm install apim-tm wso2/wso2am-tm --version 4.5.0-3 -f default_tm_values.yaml ``` 3. Deploy GW ```bash -helm install apim-gw wso2/wso2am-gw --version 4.5.0-2 -f default_gw_values.yaml +helm install apim-gw wso2/wso2am-gw --version 4.5.0-3 -f default_gw_values.yaml ``` - Once the service is up and running, deploy the NGINX Ingress Controller by following the steps outlined in [1.1 Add Ingress Controller](#11-add-ingress-controller). @@ -220,7 +220,7 @@ The recommendation is to use the [**NGINX Ingress Controller**](https://kubernet - Refer to the following sample command to create the secret and use it in the APIM. ``` - kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n + kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n ``` > By default, this deployment uses the default keystores and truststores provided by the relevant WSO2 product. > For advanced details regarding managing custom Java keystores and truststores in a container-based WSO2 product deployment, @@ -363,7 +363,7 @@ Now deploy the Helm Chart using the following command after creating a namespace ```bash kubectl create namespace - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` ### 3. Traffic Manager Configurations @@ -375,6 +375,7 @@ Now deploy the Helm Chart using the following command after creating a namespace km: # -- Key manager service name if default Resident KM is used serviceUrl: "" + servicePort: 9443 ``` - Configure eventhub ```yaml @@ -392,7 +393,7 @@ Now deploy the Helm Chart using the following command after creating a namespace Replace and with appropriate values. Replace with the path to the Helm Deployment. ```bash - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` ### 4. Universal Gateway Configuration @@ -403,6 +404,7 @@ Replace and with appropriate values. Replace " + servicePort: 9443 ``` - Configure eventhub ```yaml @@ -440,7 +442,7 @@ Replace and with appropriate values. Replace and with appropriate values. Replace with the path to the Helm Deployment. ```bash - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` ### 5. Add a DNS Record Mapping the Hostnames and the External IP diff --git a/docs/am-pattern-3-ACP_TM_GW/default_acp_values.yaml b/docs/am-pattern-3-ACP_TM_GW/default_acp_values.yaml index cc6f40bf..0b020862 100644 --- a/docs/am-pattern-3-ACP_TM_GW/default_acp_values.yaml +++ b/docs/am-pattern-3-ACP_TM_GW/default_acp_values.yaml @@ -254,7 +254,7 @@ wso2: security: # -- Kubernetes secret containing the keystores and truststore - jksSecretName: "jks-secret" + jksSecretName: "apim-keystore-secret" keystores: primary: # -- Primary keystore enabled diff --git a/docs/am-pattern-3-ACP_TM_GW/default_gw_values.yaml b/docs/am-pattern-3-ACP_TM_GW/default_gw_values.yaml index ef332098..1645f73c 100644 --- a/docs/am-pattern-3-ACP_TM_GW/default_gw_values.yaml +++ b/docs/am-pattern-3-ACP_TM_GW/default_gw_values.yaml @@ -190,7 +190,7 @@ wso2: security: # -- Kubernetes secret containing the keystores and truststore - jksSecretName: "jks-secret" + jksSecretName: "apim-keystore-secret" keystores: primary: # -- Primary keystore enabled @@ -234,6 +234,8 @@ wso2: km: # -- Key manager service name if default Resident KM is used serviceUrl: "apim-acp-wso2am-acp-service" + # -- Key Manager service port + servicePort: 9443 iskm: # If Identity Server is used as the Resident KM diff --git a/docs/am-pattern-3-ACP_TM_GW/default_tm_values.yaml b/docs/am-pattern-3-ACP_TM_GW/default_tm_values.yaml index 168b9270..1d154f93 100644 --- a/docs/am-pattern-3-ACP_TM_GW/default_tm_values.yaml +++ b/docs/am-pattern-3-ACP_TM_GW/default_tm_values.yaml @@ -159,7 +159,7 @@ wso2: security: # -- Kubernetes secret containing the keystores and truststore - jksSecretName: "jks-secret" + jksSecretName: "apim-keystore-secret" keystores: primary: # -- Primary keystore enabled @@ -203,6 +203,8 @@ wso2: km: # -- Key manager service name if default Resident KM is used serviceUrl: "apim-acp-wso2am-acp-service" + # -- Key Manager service port + servicePort: 9443 iskm: # If Identity Server is used as the Resident KM diff --git a/docs/am-pattern-4-ACP_TM_GW_KM/README.md b/docs/am-pattern-4-ACP_TM_GW_KM/README.md index c9a5bfe5..374270a4 100644 --- a/docs/am-pattern-4-ACP_TM_GW_KM/README.md +++ b/docs/am-pattern-4-ACP_TM_GW_KM/README.md @@ -164,29 +164,29 @@ This document provides comprehensive instructions for deploying WSO2 API Manager - We have provided pre-configured YAML files to help you quickly start the deployment. You can use this file as a starting point to deploy this pattern. This deployment requires separate databases. Therefore, follow the steps in [2. Build Docker Images](#2-build-docker-images) to build the Docker images with JDBC drivers, and refer to [3. Configure Database](#3-configure-database) to set up the database. - Follow the steps in [1.2 Mount Keystore and Truststore](#12-mount-keystore-and-truststore) to create the truststore and keystore. If you want to use the WSO2 default keystore and truststore, you can find them in the `repository/resources/security` directory of the product pack. Navigate to this location and run the following command to create the secret: ```bash -kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks +kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks ``` - Run the following command to deploy the Helm charts: > **Important:** Naming conventions are important. If you want to change them, ensure consistency. 1. Deploy ACP ```bash -helm install apim-acp wso2/wso2am-acp --version 4.5.0-2 -f default_acp_values.yaml +helm install apim-acp wso2/wso2am-acp --version 4.5.0-3 -f default_acp_values.yaml ``` 2. Deploy KM ```bash -helm install apim-km wso2/wso2am-km --version 4.5.0-2 -f default_km_values.yaml +helm install apim-km wso2/wso2am-km --version 4.5.0-3 -f default_km_values.yaml ``` 3. Deploy TM ```bash -helm install apim-tm wso2/wso2am-tm --version 4.5.0-2 -f default_tm_values.yaml +helm install apim-tm wso2/wso2am-tm --version 4.5.0-3 -f default_tm_values.yaml ``` 4. Deploy GW ```bash -helm install apim-gw wso2/wso2-gw --version 4.5.0-2 -f default_gw_values.yaml +helm install apim-gw wso2/wso2-gw --version 4.5.0-3 -f default_gw_values.yaml ``` - Once the service is up and running, deploy the NGINX Ingress Controller by following the steps outlined in [1.1 Add ingress controller](#11-add-ingress-controller). @@ -238,7 +238,7 @@ In addition to the primary, internal keystores and truststore files, you can als - Refer to the following sample command to create the secret and use it in the APIM. ``` - kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n + kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n ``` > By default, this deployment uses the default keystores and truststores provided by the relevant WSO2 product. > For advanced details with regards to managing custom Java keystores and truststores in a container-based WSO2 product deployment @@ -384,7 +384,7 @@ Now deploy the Helm Chart using the following command after creating a namespace ```bash kubectl create namespace - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` @@ -397,6 +397,7 @@ Now deploy the Helm Chart using the following command after creating a namespace km: # -- Key manager service name if default Resident KM is used serviceUrl: "" + servicePort: 9443 ``` - Configure eventhub ```yaml @@ -414,7 +415,7 @@ Now deploy the Helm Chart using the following command after creating a namespace Replace and with appropriate values. Replace with the path to the Helm Deployment. ```bash - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` ### 4. Universal Gateway Configuration @@ -425,6 +426,7 @@ Replace and with appropriate values. Replace " + servicePort: 9443 ``` - Configure eventhub ```yaml @@ -462,7 +464,7 @@ Replace and with appropriate values. Replace and with appropriate values. Replace with the path to the Helm Deployment. ```bash - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` ### 5. Key Manager Configuration @@ -484,7 +486,7 @@ Replace and with appropriate values. Replace and with appropriate values. Replace with the path to the Helm Deployment. ```bash - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` ### 6. Add a DNS record mapping the hostnames and the external IP diff --git a/docs/am-pattern-4-ACP_TM_GW_KM/default_acp_values.yaml b/docs/am-pattern-4-ACP_TM_GW_KM/default_acp_values.yaml index 341f9a3d..b78693ab 100644 --- a/docs/am-pattern-4-ACP_TM_GW_KM/default_acp_values.yaml +++ b/docs/am-pattern-4-ACP_TM_GW_KM/default_acp_values.yaml @@ -254,7 +254,7 @@ wso2: security: # -- Kubernetes secret containing the keystores and truststore - jksSecretName: "jks-secret" + jksSecretName: "apim-keystore-secret" keystores: primary: # -- Primary keystore enabled diff --git a/docs/am-pattern-4-ACP_TM_GW_KM/default_gw_values.yaml b/docs/am-pattern-4-ACP_TM_GW_KM/default_gw_values.yaml index c7d8a665..18cde03e 100644 --- a/docs/am-pattern-4-ACP_TM_GW_KM/default_gw_values.yaml +++ b/docs/am-pattern-4-ACP_TM_GW_KM/default_gw_values.yaml @@ -190,7 +190,7 @@ wso2: security: # -- Kubernetes secret containing the keystores and truststore - jksSecretName: "jks-secret" + jksSecretName: "apim-keystore-secret" keystores: primary: # -- Primary keystore enabled @@ -234,6 +234,8 @@ wso2: km: # -- Key manager service name if default Resident KM is used serviceUrl: "apim-km-wso2am-km-service" + # -- Key Manager service port + servicePort: 9443 iskm: # If Identity Server is used as the Resident KM diff --git a/docs/am-pattern-4-ACP_TM_GW_KM/default_km_values.yaml b/docs/am-pattern-4-ACP_TM_GW_KM/default_km_values.yaml index 158ece58..6c1469a8 100644 --- a/docs/am-pattern-4-ACP_TM_GW_KM/default_km_values.yaml +++ b/docs/am-pattern-4-ACP_TM_GW_KM/default_km_values.yaml @@ -181,7 +181,7 @@ wso2: security: # -- Kubernetes secret containing the keystores and truststore - jksSecretName: "jks-secret" + jksSecretName: "apim-keystore-secret" keystores: primary: # -- Primary keystore enabled diff --git a/docs/am-pattern-4-ACP_TM_GW_KM/default_tm_values.yaml b/docs/am-pattern-4-ACP_TM_GW_KM/default_tm_values.yaml index 880482f9..608a88b5 100644 --- a/docs/am-pattern-4-ACP_TM_GW_KM/default_tm_values.yaml +++ b/docs/am-pattern-4-ACP_TM_GW_KM/default_tm_values.yaml @@ -159,7 +159,7 @@ wso2: security: # -- Kubernetes secret containing the keystores and truststore - jksSecretName: "jks-secret" + jksSecretName: "apim-keystore-secret" keystores: primary: # -- Primary keystore enabled @@ -203,6 +203,8 @@ wso2: km: # -- Key manager service name if default Resident KM is used serviceUrl: "apim-km-wso2am-km-service" + # -- Key Manager service port + servicePort: 9443 iskm: # If Identity Server is used as the Resident KM diff --git a/docs/am-pattern-5-all-in-one_GW_KM/README.md b/docs/am-pattern-5-all-in-one_GW_KM/README.md index 7ce25fbf..f67efbb2 100644 --- a/docs/am-pattern-5-all-in-one_GW_KM/README.md +++ b/docs/am-pattern-5-all-in-one_GW_KM/README.md @@ -155,24 +155,24 @@ This document provides comprehensive instructions for deploying WSO2 API Manager - We have provided pre-configured YAML files to help you quickly start the deployment. You can use these files as a starting point to deploy this pattern. This deployment requires separate databases. Therefore, follow the steps in [2. Build Docker Images](#2-build-docker-images) to build the Docker images with JDBC drivers, and refer to [3. Configure Database](#3-configure-database) to set up the database. - Follow the steps in [1.2 Mount Keystore and Truststore](#12-mount-keystore-and-truststore) to create the truststore and keystore. If you want to use the WSO2 default keystore and truststore, you can find them in the `repository/resources/security` directory of the product pack. Navigate to this location and run the following command to create the secret: ```bash -kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks +kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks ``` - Run the following command to deploy the Helm charts: > **Important:** Naming conventions are important. If you want to change them, ensure consistency. 1. Deploy All-in-one ```bash -helm install apim wso2/wso2am-all-in-one --version 4.5.0-2 -f default_values.yaml +helm install apim wso2/wso2am-all-in-one --version 4.5.0-3 -f default_values.yaml ``` 2. Deploy KM ```bash -helm install apim wso2/wso2am-acp --version 4.5.0-2 -f default_km_values.yaml +helm install apim wso2/wso2am-acp --version 4.5.0-3 -f default_km_values.yaml ``` 3. Deploy GW ```bash -helm install apim-gw wso2/wso2am-gw --version 4.5.0-2 -f default_gw_values.yaml +helm install apim-gw wso2/wso2am-gw --version 4.5.0-3 -f default_gw_values.yaml ``` - Once the service is up and running, deploy the NGINX Ingress Controller by following the steps outlined in [1.1 Add Ingress Controller](#11-add-ingress-controller). @@ -223,7 +223,7 @@ In addition to the primary, internal keystores and truststore files, you can als - Refer to the following sample command to create the secret and use it in the APIM. ``` - kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n + kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks --from-file=wso2internal.jks -n ``` > By default, this deployment uses the default keystores and truststores provided by the relevant WSO2 product. > For advanced details regarding managing custom Java keystores and truststores in a container-based WSO2 product deployment, @@ -366,7 +366,7 @@ Now deploy the Helm Chart using the following command after creating a namespace ```bash kubectl create namespace - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` ### 3. Key Manager Configuration @@ -388,7 +388,7 @@ Now deploy the Helm Chart using the following command after creating a namespace Replace and with appropriate values. Replace with the path to the Helm Deployment. ```bash - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` ### 4. Universal Gateway Configuration @@ -400,6 +400,7 @@ Replace and with appropriate values. Replace " + servicePort: 9443 ``` - Configure eventhub ```yaml @@ -435,7 +436,7 @@ Replace and with appropriate values. Replace and with appropriate values. Replace with the path to the Helm deployment. ```bash - helm install --version 4.5.0-2 --namespace --dependency-update -f values.yaml --create-namespace + helm install --version 4.5.0-3 --namespace --dependency-update -f values.yaml --create-namespace ``` ### 5. Add a DNS Record Mapping the Hostnames and the External IP diff --git a/docs/am-pattern-5-all-in-one_GW_KM/default_gw_values.yaml b/docs/am-pattern-5-all-in-one_GW_KM/default_gw_values.yaml index 96479895..712a62ab 100644 --- a/docs/am-pattern-5-all-in-one_GW_KM/default_gw_values.yaml +++ b/docs/am-pattern-5-all-in-one_GW_KM/default_gw_values.yaml @@ -234,6 +234,8 @@ wso2: km: # -- Key manager service name if default Resident KM is used serviceUrl: "apim-km-wso2am-km-service" + # -- Key Manager service port + servicePort: 9443 iskm: # If Identity Server is used as the Resident KM diff --git a/docs/am-pattern-5-all-in-one_GW_KM/default_km_values.yaml b/docs/am-pattern-5-all-in-one_GW_KM/default_km_values.yaml index ad962d57..c672935e 100644 --- a/docs/am-pattern-5-all-in-one_GW_KM/default_km_values.yaml +++ b/docs/am-pattern-5-all-in-one_GW_KM/default_km_values.yaml @@ -181,7 +181,7 @@ wso2: security: # -- Kubernetes secret containing the keystores and truststore - jksSecretName: "jks-secret" + jksSecretName: "apim-keystore-secret" keystores: primary: # -- Primary keystore enabled diff --git a/docs/am-pattern-5-all-in-one_GW_KM/default_values.yaml b/docs/am-pattern-5-all-in-one_GW_KM/default_values.yaml index c7f4eb29..4ffca980 100644 --- a/docs/am-pattern-5-all-in-one_GW_KM/default_values.yaml +++ b/docs/am-pattern-5-all-in-one_GW_KM/default_values.yaml @@ -278,7 +278,7 @@ wso2: security: # -- Kubernetes secret containing the keystores and truststore - jksSecretName: "jks-secret" + jksSecretName: "apim-keystore-secret" keystores: primary: # -- Primary keystore enabled @@ -583,6 +583,8 @@ wso2: organization_id_local_claim: "http://wso2.org/claims/organizationId" deployment: + # Configure High Availability + highAvailability: true # Container image configurations image: # -- Container registry credentials. diff --git a/docs/openshift_deployment.md b/docs/openshift_deployment.md index f775cefe..d0d962fc 100644 --- a/docs/openshift_deployment.md +++ b/docs/openshift_deployment.md @@ -69,7 +69,7 @@ oc login -u -p 1. Before deploying the Helm chart, we need to create a Kubernetes secret containing the keystores and truststore. 2. You can find the default keystore and truststore in the following location within any of the APIM packs: `repository/resources/security/` ```bash -kubectl create secret generic jks-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks +kubectl create secret generic apim-keystore-secret --from-file=wso2carbon.jks --from-file=client-truststore.jks ``` #### Clone helm-apim