5.0CR1 release (#39)

* added CI folder gateway-otk

* charts/portal added additional config options for dispatcher, charts/gateway settable cluster-wide-properties

* charts/gateway updated values.yaml

* US725489: initial changes to use mysql 8.0.22

* Portal + Gateway documentation updates

* bumping versions

* cleaning up the configuration for mysql
Removing comments and config params to keep the configuration minimal

* incorporated review comments
updated image tags
corrected configuration for mysql

* incorporating review comment
Making root & replication passwords settable.

* Add troubleshooting for helm upgrade failure.

* Update image tags

* Removing options of old MySQL chart

* making it consistent with other components' settings

* correcting formatting

* incorporating review feedback

Co-authored-by: Gary Vermeulen <[email protected]>
Co-authored-by: Gazza7205 <[email protected]>
Co-authored-by: Mohsin Khan <[email protected]>
Co-authored-by: Ashwin Kumar <[email protected]>
Co-authored-by: as666499 <[email protected]>

.gitignore

@@ -1,4 +1,4 @@
-gateway/my-values.yaml
+*my-values.yaml
 /examples/gateway/edge-gateway/*-replaced.yaml
 /examples/sts-gateway/*-replaced.yaml
 

charts/gateway-otk/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: gateway-otk
-version: 0.0.1
+version: 0.0.2
 appVersion: "10.0.00"
 description: This alpha Helm Chart deploys the Layer7 Gateway with OTK in Kubernetes.
 dependencies:

charts/gateway-otk/ci/ci-values.yaml

@@ -0,0 +1,3 @@
+license:
+  value: SSG_LICENSE
+  accept: true

charts/gateway-otk/templates/_helpers.tpl

@@ -31,6 +31,18 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+
+{{/*
+ Set the service account name for the Gateway
+ */}}
+{{- define "gateway.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "gateway.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Create java args to apply.
 */}}

charts/gateway-otk/templates/deployment.yaml

@@ -20,14 +20,15 @@ spec:
         app: {{ template "gateway.fullname" . }}
         release: {{ .Release.Name }}
     spec:
+      serviceAccountName: {{ include "gateway.serviceAccountName" . }}      
 {{ if .Values.image.secretName }}
       imagePullSecrets:
         - name: {{ .Values.image.secretName | quote }}
 {{ end }}
       containers:
         - name: {{ .Chart.Name }}
           image: {{.Values.image.registry}}/{{.Values.image.repository}}:{{.Values.image.tag}}
-          imagePullPolicy: {{ .Values.pullPolicy }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{- if .Values.installSolutionKits.enabled}}
           lifecycle:
             postStart:

charts/gateway-otk/templates/service-account.yaml

@@ -0,0 +1,14 @@
+{{ if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "gateway.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "gateway.name" . }}
+    chart: {{ template "gateway.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+secrets:
+  - name: {{ include "gateway.fullname" . }}
+{{ end }}

charts/gateway-otk/values.yaml

@@ -206,9 +206,9 @@ resources:
   #   cpu: 1000m
   #   memory: 2Gi
 
-#serviceAccount:
-
-
+serviceAccount:
+  # name:
+  create: true
 
 ###############################################################################################
 ##                                                                                           ##

charts/gateway/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "10.0.00"
 description: This Helm Chart deploys the Layer7 Gateway in Kubernetes.
 name: gateway
-version: 1.0.8
+version: 1.0.9
 type: application
 home: https://github.com/CAAPIM/apim-charts
 maintainers:

charts/gateway/README.md

@@ -6,21 +6,21 @@ It's targeted at Gateway v10.x onward.
 
 # Install the Chart
 ```
-> $ helm repo add layer7 https://caapim.github.io/apim-charts/
-> $ helm repo update
-> $ helm install my-ssg --set-file "license.value=path/to/license.xml" --set "license.accept=true" layer7/gateway
+$ helm repo add layer7 https://caapim.github.io/apim-charts/
+$ helm repo update
+$ helm install my-ssg --set-file "license.value=path/to/license.xml" --set "license.accept=true" layer7/gateway
 ```
 
 ## Upgrade this Chart
 To upgrade the Gateway deployment
 ```
-> $ helm upgrade my-ssg --set-file "license.value=path/to/license.xml" --set "license.accept=true" layer7/gateway
+$ helm upgrade my-ssg --set-file "license.value=path/to/license.xml" --set "license.accept=true" layer7/gateway
 ```
 ## Delete this Chart
 To delete Gateway installation
 
 ```
-> $ helm delete <release name> -n <release namespace>
+$ helm delete <release name> -n <release namespace>
 ```
 
 ## Custom values
@@ -38,7 +38,7 @@ The following table lists the configurable parameters of the Gateway chart and t
 | `image.registry`    | Image Registry               | `docker.io` |
 | `image.repository`          | Image Repository  | `caapim/gateway`  |
 | `image.tag`          | Image tag | `10.0.00`  |
-| `image.pullPolicy`          | Image Pull Policy | `Always`  |
+| `image.pullPolicy`          | Image Pull Policy | `IfNotPresent`  |
 | `image.secretName`          | Creates an imagePullSecrets | `nil`  |
 | `image.credentials.username`          | Registry Username | `nil`  |
 | `image.credentials.password`          | Registry Password | `nil`  |
@@ -67,6 +67,8 @@ The following table lists the configurable parameters of the Gateway chart and t
 | `config.javaArgs`          | Additional Java Args to pass to the SSG process | `see values.yaml`  |
 | `config.log.override`          | Override the standard log configuration | `true`  |
 | `config.log.properties`          | Custom logging properties | `see values.yaml`  |
+| `config.cwp.enabled`          | Enable/Disable settable cluster-wide properties | `false`  |
+| `config.cwp.properties`          | Set name/value pairs of cluster-wide properties | `see values.yaml`  |
 | `tls.customKey.enabled`          | Not currently implemented | `false`  |
 | `additionalEnv`          | Additional environment variables you wish to pass to the Gateway Configmap | `see values.yaml`  |
 | `additionalSecret`          | Additional secret variables you wish to pass to the Gateway Secret | `see values.yaml`  |
@@ -151,6 +153,15 @@ More info on the JDBC URL:
 - Failover config: https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-config-failover.html
 - Configuration properties: https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-configuration-properties.html
 
+Configuring SSL/TLS: the following parameters can be added to enable secure communication between the Gateway and an external MySQL Database
+- useSSL=true
+- requireSSL=true
+- verifyServerCertificate=false
+
+```
+jdbcURL: jdbc:mysql://myprimaryserver:3306,mysecondaryserver:3306/ssg?useSSL=true&requireSSL=true&verifyServerCertificate=false
+```
+
 In order the create the database on the remote server, the provided user in the username field must have write privilege on the database. See GRANT statement usage: https://dev.mysql.com/doc/refman/8.0/en/grant.html#grant-database-privileges
 
 ## Subcharts - these do not represent production configurations

charts/gateway/ci/ci-values.yaml

@@ -1,3 +1,3 @@
 license:
-  value: $SSG_LICENSE
+  value: SSG_LICENSE
   accept: true

charts/gateway/templates/_helpers.tpl

@@ -31,6 +31,39 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+
+
+{{/*
+ Set the service account name for the Gateway
+ */}}
+{{- define "gateway.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "gateway.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Generate []16bit HEX
+ This creates Gateway ids for bundles  
+ */}}
+ {{- define "gateway.cwp.hex" -}}
+ {{ $hexArr := "" }}
+ {{- range .Values.config.cwp.properties }}
+ {{- $hex := randAlphaNum 16 }}
+ {{- join $hex (printf " %x" $hex) }}
+ {{- end -}}
+ {{- end -}}
+
+{{/*
+ Generate 16bit HEX 
+ #  {{ split " " $hexArr }}
+ #  {{ $hexArr = append $hexArr (printf "%x" $hex) }}
+ */}}
+
+
+
 {{/*
 Create java args to apply.
 */}}

charts/gateway/templates/configmap.yaml

@@ -47,7 +47,7 @@ data:
 
 {{ if .Values.additionalEnv }}
 {{- range $key, $val := .Values.additionalEnv }}
-  {{ $key }}: "{{ $val }}"
+  {{ $key }}: {{ $val | quote }}
 {{- end }}
 {{ end }}
 

charts/gateway/templates/cwp-configmap.yaml

@@ -0,0 +1,57 @@
+{{ if .Values.config.cwp.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "gateway.fullname" . }}-cwp-configmap
+  labels:
+    app: {{ template "gateway.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- $hexArr := splitList " " (include "gateway.cwp.hex" .) }}
+data:
+  cwp.bundle: |
+    <l7:Bundle xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
+    <l7:References>
+{{ range $i, $v := $hexArr }}
+{{ if ne $i 0 }}
+{{ with index $.Values.config.cwp.properties (sub $i 1 )}}
+    <l7:Item>
+        <l7:Name>{{ .name }}</l7:Name>
+        <l7:Id>{{ $v }}</l7:Id>
+        <l7:Type>CLUSTER_PROPERTY</l7:Type>
+          <l7:Resource>
+           <l7:ClusterProperty id="{{ $v }}">
+           <l7:Name>{{ .name }}</l7:Name>
+{{ if contains "\\n" (.value | quote)}}
+           <l7:Value>{{ .value | trim | indent 4 | trim }}</l7:Value>
+{{ else }}
+           <l7:Value>{{ .value }}</l7:Value>
+{{ end }}
+           </l7:ClusterProperty>
+        </l7:Resource>
+    </l7:Item>
+{{ end }}
+{{ end }}
+{{ end }}
+    </l7:References>
+       <l7:Mappings>
+{{ range $i, $v := $hexArr }}
+{{ if ne $i 0 }}
+{{ with index $.Values.config.cwp.properties (sub $i 1 ) }}
+        <l7:Mapping action="NewOrUpdate" srcId="{{ $v }}" type="CLUSTER_PROPERTY">
+            <l7:Properties>
+                <l7:Property key="MapBy">
+                    <l7:StringValue>name</l7:StringValue>
+                </l7:Property>
+                <l7:Property key="MapTo">
+                    <l7:StringValue>{{ .name }}</l7:StringValue>
+                </l7:Property>
+            </l7:Properties>
+        </l7:Mapping>
+{{ end }}
+{{ end }}
+{{ end }}
+    </l7:Mappings>
+    </l7:Bundle>
+{{ end }} 

charts/gateway/templates/deployment.yaml

@@ -20,14 +20,15 @@ spec:
         app: {{ template "gateway.fullname" . }}
         release: {{ .Release.Name }}
     spec:
+      serviceAccountName: {{ include "gateway.serviceAccountName" . }}
 {{ if .Values.image.secretName }}
       imagePullSecrets:
         - name: {{ .Values.image.secretName | quote }}
 {{ end }}
       containers:
         - name: {{ .Chart.Name }}
           image: {{.Values.image.registry}}/{{.Values.image.repository}}:{{.Values.image.tag}}
-          imagePullPolicy: {{ .Values.pullPolicy }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{- if .Values.installSolutionKits.enabled}}
           lifecycle:
             postStart:
@@ -78,6 +79,10 @@ spec:
               mountPath: /opt/SecureSpan/Gateway/node/default/etc/conf/log-override.properties
               subPath: log-override.properties
 {{ end }}
+{{ if .Values.config.cwp.enabled }}
+            - name: {{ template "gateway.fullname" . }}-cwp-configmap
+              mountPath: /opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundle/cwp
+{{ end }}
 {{ if .Values.bundle.enabled }}
             - name: {{ template "gateway.fullname" . }}-bundle-configmap
               mountPath: /opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundle/configmap
@@ -101,6 +106,7 @@ spec:
 {{ else }}
             exec:
               command:
+              - /bin/bash
               - {{ .Values.livenessProbe.command | default "/opt/docker/rc.d/diagnostic/health_check.sh" }}
 {{ end }}
             initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
@@ -119,6 +125,7 @@ spec:
 {{ else }}
             exec:
               command:
+              - /bin/bash
               - {{ .Values.readinessProbe.command | default "/opt/docker/rc.d/diagnostic/health_check.sh" }}
 {{ end }}
             initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
@@ -155,6 +162,13 @@ spec:
             - key: log-override-properties
               path: log-override.properties
 {{ end }}
+{{ if .Values.config.cwp.enabled }}
+        - name: {{ template "gateway.fullname" . }}-cwp-configmap
+          configMap:
+            defaultMode: 292
+            optional: false
+            name: {{ template "gateway.fullname" . }}-cwp-configmap
+{{ end }}
 {{ if .Values.bundle.enabled }}
         - name: {{ template "gateway.fullname" . }}-bundle-configmap
           configMap:

charts/gateway/templates/secret.yaml

@@ -13,16 +13,16 @@ data:
   SSG_ADMIN_PASSWORD: {{ .Values.management.password | b64enc }}
   SSG_CLUSTER_PASSWORD: {{.Values.clusterPassword | b64enc }}
 {{ if .Values.tls.customDefaultSslKey.enabled }}
-  SSG_SSL_KEY: {{ .Values.tls.customDefaultSslKey.key | b64enc }}
+  SSG_SSL_KEY: {{ .Values.tls.customDefaultSslKey.key | b64enc | b64enc }}
   SSG_SSL_KEY_PASS: {{ .Values.tls.customDefaultSslKey.pass | b64enc }}
 {{ end }}
 {{ if .Values.database.enabled }}
   SSG_DATABASE_USER: {{.Values.database.username | b64enc }}
   SSG_DATABASE_PASSWORD:  {{.Values.database.password | b64enc }}
 {{ end }}
 {{ if .Values.additionalSecret }}
-{{- range $key, $val := .Values.additionalEnv }}
-  {{ $key }}: "{{ $val | b64enc }}"
+{{- range $key, $val := .Values.additionalSecret }}
+  {{ $key }}: {{ $val | toString | b64enc }}
 {{- end }}
 {{ end }}
 

charts/gateway/templates/service-account.yaml

@@ -0,0 +1,14 @@
+{{ if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "gateway.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "gateway.name" . }}
+    chart: {{ template "gateway.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+secrets:
+  - name: {{ include "gateway.fullname" . }}
+{{ end }}