Skip to content

Instantly share code, notes, and snippets.

@renuka-fernando

renuka-fernando/api-operator-configs.yaml

Last active August 17, 2020 06:35
Show Gist options
  • Save renuka-fernando/b2bc66d936d6ae9abf795af3d63cfadd to your computer and use it in GitHub Desktop.
Save renuka-fernando/b2bc66d936d6ae9abf795af3d63cfadd to your computer and use it in GitHub Desktop.
Download ZIP
api-operator-configs.yaml for api-operator 1.2.0 pre-v6
Raw
api-operator-configs.yaml
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: controller-config
namespace: wso2-system
data:
#mgw toolkit image to initialize/setup the micro gw project
mgwToolkitImg: wso2am/wso2micro-gw-toolkit:3.2.0-rc1
#mgw runtime image to use in the mgw executable
mgwRuntimeImg: wso2/wso2micro-gw:3.2.0-rc1
#kaniko image for the kaniko pod which builds the mgw api runtime and pushes to the registry
kanikoImg: gcr.io/kaniko-project/executor:v0.24.0
#Required CPU usage for pods. Default-> resourceRequestCPU: "1000m"
resourceRequestCPU: "1000m"
#Required Memory usage pods can use. Default-> resourceRequestMemory: "512Mi"
resourceRequestMemory: "512Mi"
#Max CPU usage limit a pod can use. Default-> resourceLimitCPU: "2000m"
resourceLimitCPU: "2000m"
#Max Memory usage limit a pod can use. Default-> resourceLimitMemory: "512Mi"
resourceLimitMemory: "512Mi"
resourceRequestCPUTarget: "500m"
#Required Memory usage pods can use for TargetEndPoint. Default-> resourceRequestMemory: "512Mi"
resourceRequestMemoryTarget: "512Mi"
#Max CPU usage limit a pod can use for TargetEndPoint. Default-> resourceLimitCPU: "2000m"
resourceLimitCPUTarget: "500m"
#Max Memory usage limit a pod can use for TargetEndPoint. Default-> resourceLimitMemory: "512Mi"
resourceLimitMemoryTarget: "512Mi"
#Configure readiness probe initial delay for API pod
readinessProbeInitialDelaySeconds: "8"
#Configure readiness prob interval for API pod
readinessProbePeriodSeconds: "5"
#Configure liveness probe initial delay for API pod
livenessProbeInitialDelaySeconds: "10"
#Configure liveness probe interval for API pod
livenessProbePeriodSeconds: "30"
#Stop at docker image creation or continue to deploy kubernetes artifact.
#Default-> generatekubernbetesartifactsformgw: "true"
generatekubernbetesartifactsformgw: "true"
#Available modes - ingress, default , route and clusterIP, istio
operatorMode: "default"
#Expose custom metrics. Default-> observabilityEnabled: "false"
observabilityEnabled: "false"
---
apiVersion: v1
kind: Secret
metadata:
name: apim-secret
namespace: wso2-system
type: Opaque
data:
#Base64 encoded username and password for APIM
username: YWRtaW4=
password: YWRtaW4=
---
apiVersion: v1
kind: ConfigMap
metadata:
name: apim-config
namespace: wso2-system
data:
#By default hostname verification is disabled. In a production scenario, this has to be enabled.
verifyHostname: "false"
#Log level of the managed API (microgateway). Available levels: INFO, DEBUG, TRACE
logLevel: "INFO"
#Ports from which the managed API service is getting exposed
httpPort: "9090"
httpsPort: "9095"
#Enable distributed ratelimiting. Default value:false. If enabled please deploy API Portal
enabledGlobalTMEventPublishing: "false"
#The central traffic management solution URL (related to distributed ratelimiting)
#Format: hostname_of_API_Portal:Default_port
throttleEndpoint: "wso2apim.wso2:9443"
#Message broker connection URL (related to distributed ratelimiting and token revocation)
#Format: hostname_of_API_Portal:JMS_port
jmsConnectionProvider: "wso2apim.wso2:5672"
#Token revocation
#Enable real time notifier for token revocation
enableRealtimeMessageRetrieval: "false"
#Request and response validation
enableRequestValidation: "false"
enableResponseValidation: "false"
# Enable configurations for retrieving API and subscription data from API Manager.
enabledEventhub: "false"
#APIKey issuer configurations
#APIKey STS token configurations
enabledAPIKeyIssuer: "true"
apiKeyKeystorePath: "${mgw-runtime.home}/runtime/bre/security/ballerinaKeystore.p12"
apiKeyKeystorePassword: "ballerina"
apiKeyIssuerName: "https://localhost:9095/apikey"
apiKeyIssuerCertificateAlias: "ballerina"
validityTime: "-1"
#Provide the list of allowed APIs by the generated API Key
allowedAPIs: |
# - API name given in the API Definition: Allowed versions
#JWT header when forwarding the request to the backend
jwtHeader: "X-JWT-Assertion"
#JWT Generator configurations
#Enable jwt generator
enabledJwtGenerator: "false"
#Dialect prefix that can be added to the claims
jwtClaimDialect: "http://wso2.org/claims"
#Signature algorithm used to sign the JWT token (only SHA256withRSA and NONE is supported)
jwtSigningAlgorithm: "SHA256withRSA"
#Certificate alias from the keystore
jwtCertificateAlias: "ballerina"
#Private key alias from the keystore
jwtPrivateKeyAlias: "ballerina"
#JWT token expiry time - ms (valid only if the jwt generator caching mechanism is disabled)
jwtTokenExpiry: "900000"
#Restricted claims as a list that should not be included in the backend JWT token
jwtRestrictedClaims: |
# "claim1","claim2"
#Token issuer standard claim
jwtIssuer: "wso2.org/products/am"
#Token audience standard claim as a list
jwtAudience: |
# "http://org.wso2.apimgt/gateway"
#JWT token generator implementation
jwtGeneratorImpl: "org.wso2.micro.gateway.jwt.generator.MGWJWTGeneratorImpl"
#JWT Generator cache configurations
#Enable jwt generator token caching
jwtTokenCacheEnable: "true"
#Token cache expiry time (ms)
jwtTokenCacheExpiryTime: "900000"
#Token cache capacity
jwtTokenCacheCapacity: "10000"
#Token cache eviction factor
jwtTokenCacheEvictionFactor: "0.25"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: hpa-configs
namespace: wso2-system
data:
# Horizontal Pod Auto-Scaling for Micro-Gateways
# Maximum number of replicas for the Horizontal Pod Auto-scale. Default-> maxReplicas: "5"
mgwMaxReplicas: "5"
# Metrics configurations for v2beta2
mgwMetrics: |
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
# - type: Pods
# pods:
# metric:
# name: http_requests_total_value_per_second
# target:
# type: AverageValue
# averageValue: 100m
# - type: Object
# object:
# metric:
# name: requests-per-second
# describedObject:
# apiVersion: networking.k8s.io/v1beta1
# kind: Ingress
# name: main-route
# target:
# type: Value
# value: 10k
# Metrics Configurations for v2beta1
mgwMetricsV2beta1: |
- type: Resource
resource:
name: cpu
targetAverageUtilization: 50
# Horizontal Pod Auto-Scaling for Target-Endpoints
# Maximum number of replicas for the Horizontal Pod Auto-scale. Default-> maxReplicas: "5"
targetEndpointMaxReplicas: "5"
# Metrics configurations for v2beta2
targetEndpointMetrics: |
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
# Metrics Configurations for v2beta1
targetEndpointMetricsV2beta1: |
- type: Resource
resource:
name: cpu
targetAverageUtilization: 50
# HPA version. For custom metrics HPA version should be v2beta2. Default-> v2beta1
hpaVersion: "v2beta1"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-configs
namespace: wso2-system
data:
ingress.properties: |
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: false
nginx.ingress.kubernetes.io/enable-cors: true
nginx.ingress.kubernetes.io/cors-allow-origin: *
nginx.ingress.kubernetes.io/cors-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
nginx.ingress.kubernetes.io/cors-allow-headers: authorization, Access-Control-Allow-Origin, Content-Type, SOAPAction, apikey, Authorization
ingressResourceName: "api-operator-ingress"
#Define whether ingress to use http or https endpoint of operator deployment
ingressTransportMode: "https"
#Define the hostname of the ingress
ingressHostName : "mgw.ingress.wso2.com"
#Define the secret name for TLS certificate
#tlsSecretName: ""
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kaniko-arguments
namespace: wso2-system
data:
kanikoArguments: |
#kaniko additional flags should go here: Please refer https://github.com/GoogleContainerTools/kaniko#additional-flags
---
apiVersion: v1
kind: ConfigMap
metadata:
name: route-configs
namespace: wso2-system
data:
route.properties: |
openshift.io/host.generated: false
routeName: "api-operator-route"
#Define whether Route to use http or https endpoint of operator deployment
routeTransportMode: "http"
#Define the hostname of the Route
routeHost : "mgw.route.wso2.com"
# TLS termination - passthrough, edge, reencrypt
tlsTermination: ""
---
apiVersion: v1
kind: ConfigMap
metadata:
name: istio-configs
namespace: wso2-system
data:
#Gateway name
gatewayName: "wso2-gateway"
#Gateway host
host: "internal.wso2.com"
#TLS routes for Virtual Service
tls: |
enabled: false
port: 443
#CORS policy
corsPolicy: |
allowOrigins:
- exact: https://localhost:9443
allowMethods:
- GET
- POST
- PUT
- DELETE
allowCredentials: true
allowHeaders:
- authorization
- Access-Control-Allow-Origin
- Content-Type
- SOAPAction
- apikey
- Authorization
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mgw-deployment-configs
namespace: wso2-system
data:
mgwConfigMaps: |
# Config Maps to be added to mgw deployment. This is an example
# - name: test1cm
# mountLocation: /home/ballerina/test1cm
# subPath: test1cm
# namespace: micro
mgwSecrets: |
# Secrets to be added to mgw deployment. This is an example
# - name: test1secret
# mountLocation: /home/ballerina/test1secret
# subPath: test1secret
# namespace: micro
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: wso2.com/v1alpha1
kind: Security
metadata:
name: default-security-jwt
namespace: wso2-system
spec:
type: JWT
securityConfig:
- certificate: wso2am320-secret
issuer: https://wso2apim:32001/oauth2/token
validateSubscription: false
- certificate: wso2am320-secret
issuer: https://localhost:9443/oauth2/token
validateSubscription: false
---
apiVersion: v1
kind: Secret
metadata:
name: wso2am320-secret
namespace: wso2-system
data:
server.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlEcVRDQ0FwR2dBd0lCQWdJRVhiQUJvekFOQmdrcWhraUc5dzBCQVFzRkFEQmtNUXN3Q1FZRFZRUUdFd0pWDQpVekVMTUFrR0ExVUVDQXdDUTBFeEZqQVVCZ05WQkFjTURVMXZkVzUwWVdsdUlGWnBaWGN4RFRBTEJnTlZCQW9NDQpCRmRUVHpJeERUQUxCZ05WQkFzTUJGZFRUekl4RWpBUUJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERBZUZ3MHhPVEV3DQpNak13TnpNd05ETmFGdzB5TWpBeE1qVXdOek13TkROYU1HUXhDekFKQmdOVkJBWVRBbFZUTVFzd0NRWURWUVFJDQpEQUpEUVRFV01CUUdBMVVFQnd3TlRXOTFiblJoYVc0Z1ZtbGxkekVOTUFzR0ExVUVDZ3dFVjFOUE1qRU5NQXNHDQpBMVVFQ3d3RVYxTlBNakVTTUJBR0ExVUVBd3dKYkc5allXeG9iM04wTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGDQpBQU9DQVE4QU1JSUJDZ0tDQVFFQXhlcW9aWWJRL1NyOERPRlErL3FiRWJDcDZWemI1aHpIN29hM2hmMkZaeFJLDQpGMEg2YjhDT016ejgrMG12RWRZVnZiLzMxak1FTDJDSVFoa1FSb2wxSXJ1RDZuQk9ta2p1WEpTQmZpY2tsTWFKDQpaT1JodUNyQjRyb0h4em9HMTlhV21zY0EwZ25mQktvMm9HWFNqSm1uWnhJaCsyWDZzeUhDZnlNWlowMEx6RHlyDQpnb1hXUVh5RnZDQTJheDU0czdzS2lIT00zUDRBOVc0UVV3bW9FaTRIUW1QZ0pqSU00ZUdWUGgwR3RJQU5OK0JPDQpRMUtrVUk3T3p0ZUhDVEx1M1ZqeE0wc3c4UVJheVpkaG5pUEYrVTluM2ZhMW1PNEtMQnNXNG1ETGpnOFIvSnVBDQpHVFgvU0VFR2owQjVIV1FBUDZteXhLRnoyeHdEYUNHdlQrcmR2a2t0T3dJREFRQUJvMk13WVRBVUJnTlZIUkVFDQpEVEFMZ2dsc2IyTmhiR2h2YzNRd0hRWURWUjBPQkJZRUZFRHBMQjRQRGd6c2R4RDJGVjNyVm5Pci9BMERNQjBHDQpBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFMQmdOVkhROEVCQU1DQlBBd0RRWUpLb1pJDQpodmNOQVFFTEJRQURnZ0VCQUU4SC9heEFnWGp0OTNIR0NZR3VtVUxXMmxLa2dxRXZYcnlQMlFrUnBieVFTc1RZDQpjTDdaTFNWQjdNVlZIdElzSGg4ZjFDNFhxNlF1OE5VcnF1NVpMQzFwVUJ5YXFSMlpJemNqL09XTEdZUmpTVEhTDQpWbVZJcTlRcUJxMWo3cjZmM0JXcWFPSWlrbm1UekV1cUlWbE9UWTBnTytTSGRTNjJ2cjJGQ3o0eU9yQkV1bEdBDQp2b21zVThzcWc0UGhGbmtoeEk0TTkxMkx5KzJSZ045TDdBa2h6SytFelhZMS9RdGxJL1Z5c05mUzZ6ckhhc0t6DQo2Q3JLS0NHcVFuQm5TdlNUeUY5T1I1S0ZIbmtBd0U5OTVJWnJjU1FpY014c0xoVE1VSERMUS9nUnl5N1YvWnBEDQpNZkFXUis1T2VRaU5BcC9iRzRmakpvVGRvcWt1bDUxKzJiSEhWclU9DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo=
type: Opaque
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: docker-registry-config
namespace: wso2-system
data:
#docker registry type which the mgw image to be pushed. supported types: DOCKER_HUB, AMAZON_ECR, GCR, HTTP. Default-> registryType: DOCKER_HUB
registryType: DOCKER_HUB
#docker repository name which the mgw image to be pushed. eg-> repositoryName: docker.io/{USER_NAME of Docker Hub account}
repositoryName: REPOSITORY_NAME_OF_DOCKER_REGISTRY
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: dockerfile-template
namespace: wso2-system
data:
dockerFile.gotmpl: |
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#This image will be used by Kaniko pod to create the micro-gw image
# Custom image with java and toolkit has been build for stage1
FROM {{$.ToolkitImage}} as toolkit
#init the micro-gw project
RUN micro-gw init project
#copy swagger definitions (seperated in projects directories) to the project location
RUN cp /usr/wso2/swagger/project-*/* ./project/api_definitions/
#copy policy yaml to the project
RUN cp /usr/wso2/policy/* ./project/
#copy interceptors to the project
{{ if .BalInterceptorsFound }}
RUN cp usr/wso2/interceptors/project-*/* ./project/interceptors/
{{ end }}
#copy java interceptors to the project
{{ if .JavaInterceptorsFound }}
RUN cp usr/wso2/libs/project-*/* ./project/lib/
{{ end }}
#generate the executable
RUN micro-gw build project
#copy the executable to the home/exec location
RUN mkdir -p /home/exec
RUN cp ./project/target/*.jar /home/exec/
#Stage 2: Generated jar will be passed to the micro-gw runtime
FROM {{$.RuntimeImage}}
#change permission to create and copy the executable
USER root
RUN mkdir -p /home/exec
COPY --from=toolkit /home/exec /home/exec
#copy microgateway conf
RUN cp /usr/wso2/mgwconf/* /home/ballerina/conf
{{ if .CertFound }}
{{- range $alias, $certPath := .Certs }}
RUN echo yes | /home/ballerina/wso2/lib/jdk8*/bin/keytool -import -storepass {{ $.TruststorePassword }} -keystore /home/ballerina/wso2/runtime/bre/security/ballerinaTruststore.p12 -alias "{{ $alias }}" -file {{ $certPath }}
{{- end }}
{{ end }}
RUN chmod a+w /home/ballerina
USER ballerina
#project name has to be passed to the ballerina image as a env variable
ENV project="project"
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: mgw-conf-mustache
namespace: wso2-system
data:
mgwConf.gotmpl: |
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Transport listener Configurations
[listenerConfig]
# Microgateway exposed IP / Host
host = "0.0.0.0"
# HTTP port that is used to make APIs available to the outside.
httpPort = {{$.HttpPort}}
# HTTPs port that is used to make APIs available to the outside and for endpoints(/token, /authorize, /revoke/, userinfo) of Key Manager.
httpsPort = {{$.HttpsPort}}
# HTTP port for endpoints(/token, /authorize, /revoke/, userinfo) of Key Manager
tokenListenerPort = 9096
# Internal keystore
keyStorePath = "{{$.KeystorePath}}"
keyStorePassword = "{{$.KeystorePassword}}"
# Truststore
trustStorePath = "{{$.TruststorePath}}"
trustStorePassword = "{{$.TruststorePassword}}"
# API Authorization security for the gateway and the backend
[authConfig]
# Authorization header expected by the Microgateway. Can be overridden at API level using the extension
authorizationHeader = "Authorization"
# Remove authorization header from the backend request
removeAuthHeaderFromOutMessage = true
# API JWT Authorization security for backend
[jwtConfig]
# JWT header when forwarding the request to the backend
header = "{{$.JwtHeader}}"
# Key manager configurations
[keyManager]
# Connection URL of the Key Manager server
serverUrl = "{{$.KeyManagerServerUrl}}"
# The token endpoint context of the Key Manager server
tokenContext = "oauth2"
# timestamp skew in seconds which added when checking the token validity period
timestampSkew = 5000
# External Key Manager
external = false
# Basic security configurations
[keymanager.security.basic]
enabled = true
username = "{{$.KeyManagerUsername}}"
password = "{{$.KeyManagerPassword}}"
# Oauth2 security configurations
[keymanager.security.oauth2]
enabled = false
# Authentication credentials should be sent via (AUTH_HEADER_BEARER/POST_BODY_BEARER/NO_BEARER)?
credentialBearer = "AUTH_HEADER_BEARER"
# Token URL for the authorization endpoint
tokenUrl = ""
# Oauth2 security grants
[keymanager.security.oauth2.clientCredential]
enabled = false
clientId = ""
clientSecret = ""
scopes = ""
[keymanager.security.oauth2.password]
enabled = false
clientId = ""
clientSecret = ""
scopes = ""
username = ""
password = ""
[keymanager.security.oauth2.directToken]
enabled = false
accessToken = ""
[keymanager.security.oauth2.refresh]
enabled = false
refreshUrl = ""
scopes = ""
refreshToken = ""
clientId = ""
clientSecret = ""
# JWT token authorization configurations. You can provide multiple JWT issuers
{{range .JwtConfigs}}
[[jwtTokenConfig]]
issuer = "{{.Issuer}}"
{{ if .AudiencePresent }}
audience = "{{.Audience}}"
{{ end }}
certificateAlias = "{{.CertificateAlias}}"
# Validate subscribed APIs
validateSubscription = {{.ValidateSubscription}}
{{end}}
# JWT token revocation configurations
[tokenRevocationConfig]
# Real time revocation configurations
[tokenRevocationConfig.realtime]
enableRealtimeMessageRetrieval = {{$.EnableRealtimeMessageRetrieval}}
# The JMS Message Broker that identify messages related to revoked tokens
jmsConnectionTopic = "tokenRevocation"
# The message broker context factory
jmsConnectioninitialContextFactory = "wso2mbInitialContextFactory"
# The message broker connection URL
jmsConnectionProviderUrl= "amqp://admin:admin@carbon/carbon?brokerlist='tcp://{{$.JmsConnectionProvider}}"
# The username used to establish the message broker connection
jmsConnectionUsername = ""
# The password used to establish the message broker connection
jmsConnectionPassword = ""
# Persistent revocation configurations
[tokenRevocationConfig.persistent]
enablePersistentStorageRetrieval = false
# Use etcd as the default persistent storage
useDefault = true
# The hostname of your persistent storage server (e.g.: <etcd-server-access-URL>/<service>/keys/jti/)
hostname = "https://127.0.0.1:2379/v2/keys/jti/"
# The username of your persistent storage server
username = "root"
# The password of your persistent storage server
password = "root"
# token cache configurations
[caching]
# Expiry time of the cache in seconds
tokenCacheExpiryTime = 900000
# The size of the cache in MB
tokenCacheCapacity = 10000
# The factor of the cache that will be cleared when the cache is full.
tokenCacheEvictionFactor = 0.25
# Analytics configurations
[analytics]
# The configured API Manager analytics stream version
streamVersion = "3.2.0"
# Configurations for file upload analytics
[analytics.fileUpload]
enable = {{$.AnalyticsEnabled}}
# Time interval in milliseconds for file uploading task
uploadingTimeSpanInMillis = {{$.UploadingTimeSpanInMillis}}
# Initial time delay in milliseconds for file upload analytics
initialDelayInMillis = 5000
# Endpoint configured to accept file upload analytics
uploadingEndpoint = "https://{{$.AnalyticsHostname}}:{{$.AnalyticsPort}}/analytics/v1.0/usage/upload-file"
# File rotating period in milliseconds
rotatingPeriod = {{$.RotatingPeriod}}
# To enable file upload task
taskUploadFiles = {{$.UploadFiles}}
# Username used in analytics server
username = "{{$.AnalyticsUsername}}"
# Password used in in analytics server
password = "{{$.AnalyticsPassword}}"
[analytics.gRPCAnalytics]
enable = false
# APIM Analytics endpoint configured to accept gRPC analytics
endpointURL = "https://localhost:9806"
# Time interval in milliseconds for gRPC connection recovery task
reconnectTimeInMillies = 6000
# User configuration for Basic auth
[b7a.users]
[b7a.users.{{$.BasicUsername}}]
# password should be sha1 encrypted by default
password = "{{$.BasicPassword}}"
# Request and response validation configurations
[validationConfig]
enableRequestValidation = {{$.EnableRequestValidation}}
enableResponseValidation = {{$.EnableResponseValidation}}
# Enable http2
[http2]
enable = true
# HTTP client configuration
[httpClients]
# Hostname verification
verifyHostname={{$.VerifyHostname}}
# Mutual SSL configuration
[mutualSSLConfig]
# SSL Protocol to be used
protocolName = "TLS"
# SSL/TLS protocols to be enabled
protocolVersions = "TLSv1.2,TLSv1.1"
# List of ciphers to be used
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 ,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
# The type of client certificate verification. (e.g.: "require" or "optional")
sslVerifyClient = "optional"
# API Key authentication configurations
{{range .APIKeyConfigs}}
[apikey.tokenConfigs]
issuer = "{{.APIKeyIssuer}}"
certificateAlias = "{{.APIKeyCertificateAlias}}"
audience = "{{.APIKeyAudience}}"
# Validate Allowed/subscribed APIs
validateAllowedAPIs = {{.ValidateAllowedAPIs}}
{{end}}
[apikey.issuer]
# API Key STS token configurations
[apikey.issuer.tokenConfig]
enabled = {{$.EnabledAPIKeyIssuer}}
keyStorePath = "{{$.APIKeyKeystorePath}}"
keyStorePassword = "{{$.APIKeyKeystorePassword}}"
issuer = "{{$.APIKeyIssuerName}}"
certificateAlias = "{{$.APIKeyIssuerCertificateAlias}}"
validityTime = {{$.ValidityTime}}
{{range $allowedAPI := .APIKeyAllowedAPIs}}
{{range $allowedAPIName, $allowedAPIVersions := $allowedAPI}}
[[apikey.issuer.api]]
name = "{{$allowedAPIName}}"
versions = "{{$allowedAPIVersions}}"
{{end}}
{{end}}
# JWT Generator configurations
[jwtGeneratorConfig]
# Enable jwt generator
jwtGeneratorEnabled = {{$.EnabledJwtGenerator}}
# Dialect prefix that can be added to the claims
claimDialect = "{{$.JwtClaimDialect}}"
# Signature algorithm used to sign the JWT token (only SHA256withRSA and NONE is supported)
signingAlgorithm = "{{$.JwtSigningAlgorithm}}"
# Certificate alias from the keystore
certificateAlias = "{{$.JwtCertificateAlias}}"
# Private key alias from the keystore
privateKeyAlias = "{{$.JwtPrivateKeyAlias}}"
# JWT token expiry time - ms (valid only if the jwt generator caching mechanism is disabled)
tokenExpiry = {{$.JwtTokenExpiry}}
# Restricted claims as an array that should not be included in the backend JWT token
# Example: restrictedClaims=["claim1","claim2","claim3"]
restrictedClaims = {{$.JwtRestrictedClaims}}
# Token issuer standard claim
issuer = "{{$.JwtIssuer}}"
# Token audience standard claim
audience = {{$.JwtAudience}}
# JWT token generator implementation
generatorImpl = "{{$.JwtGeneratorImpl}}"
# JWT Generator cache configurations
[jwtGeneratorConfig.jwtGeneratorCaching]
# Enable jwt generator token caching
tokenCacheEnable = {{$.JwtTokenCacheEnable}}
# Token cache expiry time (ms)
tokenCacheExpiryTime = {{$.JwtTokenCacheExpiryTime}}
# Token cache capacity
tokenCacheCapacity = {{$.JwtTokenCacheCapacity}}
# Token cache eviction factor
tokenCacheEvictionFactor = {{$.JwtTokenCacheEvictionFactor}}
# Throttling configurations
[throttlingConfig]
# Connect with the central traffic manager
enabledGlobalTMEventPublishing = {{$.EnabledGlobalTMEventPublishing}}
# The message broker context factory
jmsConnectioninitialContextFactory = "wso2mbInitialContextFactory"
# The message broker connection URL
jmsConnectionProviderUrl = "amqp://admin:admin@carbon/carbon?brokerlist='tcp://{{$.JmsConnectionProvider}}?retries='100'&connectdelay='10000''"
# The username used to establish the message broker connection
jmsConnectionUsername = ""
# The password used to establish the message broker connection
jmsConnectionPassword = ""
# The central traffic management solution URL
throttleEndpointUrl = "https://{{$.ThrottleEndpoint}}/endpoints"
# username:password to create the connection to the central traffic manager
throttleEndpointbase64Header = "{{$.ApimUsername}}:{{$.ApimPassword}}"
#Configurations related to retrieve custom throttle policy related key templates from traffic manager or key manager.
[throttlingConfig.dataRetriever]
serverUrl = "https://{{$.ThrottleEndpoint}}/internal/data/v1"
username = "{{$.ApimUsername}}"
password = "{{$.ApimPassword}}"
[throttlingConfig.binary]
enabled = true
# Credentials required to establish connection between Traffic Manager
username = "{{$.ApimUsername}}"
password = "{{$.ApimPassword}}"
# Receiver URL and the authentication URL of the Traffic manager node/nodes
[[throttlingConfig.binary.URLGroup]]
receiverURL = "tcp://wso2apim.wso2:9611"
authURL = "ssl://wso2apim.wso2:9711"
# Data publisher object pool configurations
[throttlingConfig.binary.publisherPool]
maxIdle = 1000
initIdleCapacity = 200
# Data publisher thread pool configurations
[throttlingConfig.binary.publisherThreadPool]
corePoolSize = 200
maxPoolSize = 1000
keepAliveTime = 200
[throttlingConfig.binary.agent]
# SSL Protocols
sslEnabledProtocols = "TLSv1,TLSv1.1,TLSv1.2"
# ciphers
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 ,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
# The size of the queue event disruptor which handles events before they are published.
# The value specified should always be the result of an exponent with 2 as the base.
queueSize = 32768
# The maximum number of events in a batch sent to the queue event disruptor at a given time
batchSize = 200
# The number of threads that will be reserved to handle events at the time you start
corePoolSize = 1
# Socket timeout
socketTimeoutMS = 30000
# The maximum number of threads that should be reserved at any given time to handle events
maxPoolSize = 1
# The amount of time which threads in excess of the core pool size may remain idle before being terminated.
keepAliveTimeInPool = 20
# The time interval between reconnection
reconnectionInterval = 30
# TCP connection pool configurations (for data publishing)
maxTransportPoolSize = 250
maxIdleConnections = 250
evictionTimePeriod = 5500
minIdleTimeInPool = 5000
# SSL connection pool configurations (for authentication)
secureMaxIdleTransportPoolSize = 250
secureMaxIdleConnections = 250
secureEvictionTimePeriod = 5500
secureMinIdleTimeInPool = 5000
# Configurations related to node local throttling.
[throttlingConfig.nodeLocal]
# Core number of threads in the thread pool.
processThreadPoolCoreSize = 200
# Maximum number of threads in the thread pool.
processThreadPoolMaximumSize = 1000
# Keep alive time of the threads in seconds
processThreadPoolKeepAliveTime = 200
# Throttle data cleanup task frequency in seconds.
cleanUpFrequency = 3600
# Configurations for retrieving API and subscription data from API Manager.
[apim.eventHub]
# Enable/ Disable the feature
enable = {{$.EnabledEventhub}}
# The API Manager URL
serviceUrl = "https://{{$.ThrottleEndpoint}}"
# The internal data REST API context.
internalDataContext="/internal/data/v1/"
# User name and password of the internal data api.
username = "{{$.ApimUsername}}"
password = "{{$.ApimPassword}}"
# The message broker connection URL.
eventListeningEndpoints = "amqp://admin:admin@carbon/carbon?brokerlist='tcp://{{$.JmsConnectionProvider}}'"
# ballerina logs
[b7a.log]
level="{{$.LogLevel}}"
{{ if .ObservabilityEnabled }}
# ballerina metrics
[b7a.observability.metrics]
# Flag to enable Metrics
enabled = true
reporter = "prometheus"
# ballerina metrics for prometheus
[b7a.observability.metrics.prometheus]
port=9797
{{ end }}
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
kind: Namespace
apiVersion: v1
metadata:
name: wso2-system
labels:
name: wso2-system
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-operator
namespace: wso2-system
spec:
replicas: 1
selector:
matchLabels:
name: api-operator
template:
metadata:
labels:
name: api-operator
spec:
serviceAccountName: api-operator
containers:
- name: api-operator
# Replace this with the built image name
image: renukafernando/k8s-api-operator:1.2.0-v6
command:
- api-operator
imagePullPolicy: Always
env:
- name: WATCH_NAMESPACE
value: ""
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "api-operator"
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: api-operator
namespace: wso2-system
rules:
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- ingresses
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- api-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- wso2.com
resources:
- '*'
- ratelimitings
- targetendpoints
- securities
verbs:
- '*'
- apiGroups:
- batch
resources:
- '*'
verbs:
- '*'
- apiGroups:
- autoscaling
resources:
- '*'
verbs:
- '*'
- apiGroups:
- "extensions"
resources:
- ingresses
- ingress
verbs:
- '*'
- apiGroups:
- serving.knative.dev
resources:
- '*'
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- route.openshift.io
resources:
- "*"
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- networking.istio.io
resources:
- "*"
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: api-operator
namespace: wso2-system
subjects:
- kind: ServiceAccount
name: api-operator
# Replace this with the namespace the operator is deployed in.
namespace: wso2-system
roleRef:
kind: ClusterRole
name: api-operator
apiGroup: rbac.authorization.k8s.io
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: api-operator
namespace: wso2-system
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: apis.wso2.com
spec:
additionalPrinterColumns:
- JSONPath: .spec.replicas
name: INITIAL-REPLICAS
type: integer
- JSONPath: .spec.mode
name: Mode
type: string
- JSONPath: .spec.apiEndPoint
name: ENDPOINT
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: wso2.com
names:
kind: API
listKind: APIList
plural: apis
singular: api
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: API is the Schema for the apis API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APISpec defines the desired state of API
properties:
apiEndPoint:
type: string
definition:
description: Definition of the API.
properties:
interceptors:
description: Interceptors for API. Default value "<empty>".
properties:
ballerina:
description: Ballerina interceptors. Default value "<empty>".
items:
type: string
type: array
java:
description: Java interceptors. Default value "<empty>".
items:
type: string
type: array
type: object
swaggerConfigmapNames:
description: Array of config map names of swagger definitions for
the API.
items:
type: string
type: array
type:
type: string
required:
- swaggerConfigmapNames
type: object
environmentVariables:
description: Environment variables to be added to the API deployment.
Default value "<empty>".
items:
type: string
type: array
image:
description: Docker image of the API to be deployed. If specified, ignores
the values of `UpdateTimeStamp`, `Override`. Uses the given image
for the deployment. Default value "<empty>".
type: string
ingressHostname:
description: Ingress Hostname that the API is being exposed. Default
value "<empty>".
type: string
mode:
description: Mode of the API. The mode from the swagger definition will
be overridden by this value. Supports "privateJet", "sidecar", "<empty>".
Default value "<empty>".
type: string
override:
description: Override the exiting API docker image. Default value "false".
type: boolean
replicas:
description: Replica count of the API.
type: integer
updateTimeStamp:
description: Update API definition creating a new docker image. Make
a rolling update to the existing API. with prefixing the timestamp
value. Default value "<empty>".
type: string
version:
description: Version of the API. The version from the swagger definition
will be overridden by this value. Default value "<empty>".
type: string
required:
- definition
- replicas
type: object
status:
description: APIStatus defines the observed state of API
properties:
replicas:
description: replicas field in the status sub-resource will define the
initial replica count allocated to the API.This will be the minimum
replica count for a single API
type: integer
required:
- replicas
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ratelimitings.wso2.com
spec:
group: wso2.com
names:
kind: RateLimiting
listKind: RateLimitingList
plural: ratelimitings
singular: ratelimiting
scope: Namespaced
validation:
openAPIV3Schema:
description: RateLimiting is the Schema for the ratelimitings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: RateLimitingSpec defines the desired state of RateLimiting
properties:
bandwidth:
description: Bandwidth is exported type in Ratelimiting Spec
properties:
dataAmount:
type: string
dataUnit:
type: string
required:
- dataAmount
- dataUnit
type: object
conditions:
description: Conditions is exported type in Ratelimiting Spec
properties:
headerCondition:
description: HeaderCondition is exported type in Ratelimiting Spec
properties:
headerName:
type: string
headerValue:
type: string
required:
- headerName
- headerValue
type: object
ipCondition:
description: IPCondition is exported type in Ratelimiting Spec
properties:
endIp:
type: string
negation:
type: boolean
specificIp:
type: string
startIp:
type: string
type:
type: string
required:
- endIp
- negation
- specificIp
- startIp
- type
type: object
required:
- headerCondition
- ipCondition
type: object
description:
type: string
requestCount:
description: RequestCount is exported type in Ratelimiting Spec
properties:
limit:
type: integer
required:
- limit
type: object
stopOnQuotaReach:
type: boolean
timeUnit:
type: string
type:
type: string
unitTime:
type: integer
required:
- requestCount
- timeUnit
- type
- unitTime
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: securities.wso2.com
spec:
additionalPrinterColumns:
- JSONPath: .spec.type
name: SECURITY_TYPE
type: string
- JSONPath: .metadata.creationTimestamp
name: AGE
type: date
group: wso2.com
names:
kind: Security
listKind: SecurityList
plural: securities
singular: security
scope: Namespaced
validation:
openAPIV3Schema:
description: Security is the Schema for the securities API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SecuritySpec defines the desired state of Security
properties:
securityConfig:
items:
properties:
alias:
type: string
audience:
type: string
certificate:
type: string
credentials:
type: string
endpoint:
type: string
issuer:
type: string
validateAllowedAPIs:
type: boolean
validateSubscription:
type: boolean
type: object
type: array
type:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "operator-sdk generate k8s" to regenerate code after
modifying this file Add custom validation using kubebuilder tags:
https://book.kubebuilder.io/beyond_basics/generating_crd.html'
type: string
required:
- type
type: object
status:
description: SecurityStatus defines the observed state of Security
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
#Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# WSO2 Inc. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: targetendpoints.wso2.com
spec:
group: wso2.com
names:
kind: TargetEndpoint
listKind: TargetEndpointList
plural: targetendpoints
singular: targetendpoint
scope: Namespaced
validation:
openAPIV3Schema:
description: TargetEndpoint is the Schema for the targetendpoints API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TargetEndpointSpec defines the desired state of TargetEndpoint
properties:
applicationProtocol:
description: Protocol of the application. Supports "http" and "https".
type: string
deploy:
description: Deployment details.
properties:
cpuLimit:
type: string
dockerImage:
type: string
maxReplicas:
format: int32
type: integer
memoryLimit:
type: string
minReplicas:
format: int32
type: integer
name:
type: string
reqMemory:
type: string
requestCPU:
type: string
required:
- dockerImage
- name
type: object
mode:
description: Mode of the Target Endpoint. Supports "privateJet", "sidecar",
"serverless". Default value "privateJet"
type: string
ports:
description: List of optional ports of the target endpoint. First port
should be the port of the target endpoint which is referred in swagger
definition.
items:
description: Port represents ports of the Target Endpoint
properties:
name:
description: The name of this port within the service. This must
be a DNS_LABEL. All ports within a ServiceSpec must have unique
names.
type: string
port:
description: The port that will be exposed by this service.
format: int32
type: integer
targetPort:
description: Port that is targeted to expose.
format: int32
type: integer
required:
- name
- port
- targetPort
type: object
type: array
required:
- applicationProtocol
- deploy
- ports
type: object
status:
description: TargetEndpointStatus defines the observed state of TargetEndpoint
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment