├── helm └── choreo-connect │ ├── auth.json │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ ├── analytics-auth-token-secret.yaml │ ├── serviceaccount.yaml │ ├── adapter-service.yaml │ ├── router-service.yaml │ ├── wso2-subscription-secret.yaml │ ├── gateway-runtime-hpa.yaml │ ├── adapter-ingress.yaml │ ├── router-ingress.yaml │ ├── adapter-grpc-probe-script-configmap.yaml │ ├── enforcer-grpc-probe-script-configmap.yaml │ ├── logconfig-toml-configmap.yaml │ ├── NOTES.txt │ ├── adapter-truststore-secret.yaml │ ├── enforcer-truststore-secret.yaml │ ├── adapter-keystore-secret.yaml │ ├── router-keystore-secret.yaml │ ├── enforcer-keystore-secret.yaml │ ├── default-ingress-tls-secret.yaml │ ├── enforcer-log4j2-configmap.yaml │ ├── config-toml-configmap.yaml │ ├── _helpers.tpl │ ├── adapter-deployment.yaml │ └── gateway-runtime-deployment.yaml │ ├── values.yaml │ └── confs │ └── config.toml.template ├── issue_template.md ├── README.md ├── .gitignore ├── CHANGELOG.md ├── CONTRIBUTING.md ├── pull_request_template.md └── LICENSE /helm/choreo-connect/auth.json: -------------------------------------------------------------------------------- 1 | { 2 | "auths": { 3 | "reg.id": { 4 | "username": "docker.wso2.com.username", 5 | "password": "docker.wso2.com.password", 6 | "email": "docker.wso2.com.email", 7 | "auth": "docker.wso2.com.auth" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /helm/choreo-connect/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | 25 | # Config Template file 26 | confs/config.toml.template 27 | -------------------------------------------------------------------------------- /issue_template.md: -------------------------------------------------------------------------------- 1 | **Description:** 2 | 3 | 4 | **Suggested Labels:** 5 | 6 | 7 | **Suggested Assignees:** 8 | 9 | 10 | **Affected Product Version:** 11 | 12 | **OS, DB, other environment details and versions:** 13 | 14 | **Steps to reproduce:** 15 | 16 | 17 | **Related Issues:** 18 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes and Helm Resources for Choreo Connect 2 | 3 | *This repository contains Kubernetes and Helm Resources for container-based deployments of Choreo Connect.* 4 | 5 | ## Deploy Helm resources 6 | 7 | In order to deploy Helm resources, follow the **Quick Start Guide** given below: 8 | 9 | * [Helm Chart for deployment of Choreo Connect](helm/choreo-connect/README.md) 10 | 11 | ## Reporting issues 12 | 13 | We encourage you to report any issues and documentation faults regarding Helm resources 14 | for Choreo Connect. Please report your issues [here](https://github.com/wso2/kubernetes-microgateway/issues). 15 | 16 | ## Contact us 17 | 18 | WSO2 developers can be contacted via the following mailing lists: 19 | 20 | * WSO2 Developers Mailing List : [dev@wso2.org](mailto:dev@wso2.org) 21 | * WSO2 Architecture Mailing List : [architecture@wso2.org](mailto:architecture@wso2.org) 22 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # IntelliJ IDEA Project Files 16 | .idea/ 17 | *.ipr 18 | *.iws 19 | *.swp 20 | 21 | # Backup files 22 | *~ 23 | *.bck 24 | 25 | # Required-image-building-artifacts 26 | *.tar.gz 27 | *.zip 28 | *jar 29 | 30 | **/dockerfiles/**/files/* 31 | -------------------------------------------------------------------------------- /helm/choreo-connect/Chart.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v2 16 | name: choreo-connect 17 | description: A Helm chart for the deployment of Choreo Connect 18 | type: application 19 | version: 1.2.0-2 20 | appVersion: "1.2.0" 21 | icon: https://wso2.cachefly.net/wso2/sites/all/images/wso2logo.svg 22 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/analytics-auth-token-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.wso2.choreoAnalytics.onpremKey -}} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: v1 19 | kind: Secret 20 | metadata: 21 | name: {{ printf "%s-analytics-auth-token" (include "choreo-connect.fullname" .) | trunc 63 }} 22 | namespace: {{ .Release.Namespace }} 23 | data: 24 | authToken: {{ .Values.wso2.choreoAnalytics.onpremKey | b64enc }} 25 | type: Opaque 26 | {{- end -}} 27 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kubernetes.serviceAccount.create -}} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: v1 19 | kind: ServiceAccount 20 | metadata: 21 | name: {{ include "choreo-connect.serviceAccountName" . }} 22 | labels: 23 | {{- include "choreo-connect.labels" . | nindent 4 }} 24 | {{- with .Values.kubernetes.serviceAccount.annotations }} 25 | annotations: 26 | {{- toYaml . | nindent 4 }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to Kubernetes and Helm resources for Choreo Connect version `1.2.x` in each resource release, 4 | will be documented in this file. 5 | 6 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) 7 | 8 | ## [v1.2.0.1] - 2023-03-22 9 | 10 | ### Added 11 | 12 | - Helm resources for Choreo Connect Deployment (refer to [issue](https://github.com/wso2/kubernetes-microgateway/issues/106)). 13 | 14 | ### Removed 15 | 16 | - Remove configs `apiArtifactsMountEmptyDir` and `dropinsMountEmptyDir` as the directories are already exists in Docker images (refer to [issue](https://github.com/wso2/kubernetes-microgateway/issues/61)). 17 | 18 | ### Fixed 19 | 20 | - Remove unused environment variable `apim_admin_pwd` set in Enforcer (refer to [issue](https://github.com/wso2/kubernetes-microgateway/issues/87)). 21 | 22 | For detailed information on the tasks carried out during this release, please see the GitHub milestone [v1.2.0.1](https://github.com/wso2/kubernetes-microgateway/milestone/20?closed=1) 23 | 24 | ## [v1.2.0.2] - 2023-09 25 | 26 | ### Added 27 | 28 | - Support for mounting ConfigMaps and Secrets (refer to [issue](https://github.com/wso2/kubernetes-microgateway/issues/116)). 29 | 30 | For detailed information on the tasks carried out during this release, please see the GitHub milestone [v1.2.0.2](https://github.com/wso2/kubernetes-microgateway/milestone/21?closed=1) 31 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/adapter-service.yaml: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------- 2 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ----------------------------------------------------------------------- 16 | 17 | apiVersion: v1 18 | kind: Service 19 | metadata: 20 | name: {{ include "choreo-connect.adapterFullname" . }} 21 | namespace: {{ .Release.Namespace }} 22 | labels: 23 | {{- include "choreo-connect.labels" . | nindent 4 }} 24 | app.kubernetes.io/component: choreo-connect-adapter 25 | spec: 26 | type: ClusterIP 27 | selector: 28 | {{- include "choreo-connect.selectorLabels" . | nindent 4 }} 29 | app.kubernetes.io/component: choreo-connect-adapter 30 | ports: 31 | - name: "http-adaptermanagementserver" 32 | port: 18000 33 | targetPort: 18000 34 | protocol: TCP 35 | - name: "https-adapter" 36 | port: 9843 37 | targetPort: 9843 38 | protocol: TCP 39 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/router-service.yaml: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------- 2 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ----------------------------------------------------------------------- 16 | 17 | apiVersion: v1 18 | kind: Service 19 | metadata: 20 | labels: 21 | {{- include "choreo-connect.labels" . | nindent 4 }} 22 | app.kubernetes.io/component: choreo-connect-gateway-runtime 23 | name: {{printf "%s-%s" (include "choreo-connect.fullname" .) "router" | trunc 63 }} 24 | namespace: {{ .Release.Namespace }} 25 | spec: 26 | type: ClusterIP 27 | selector: 28 | {{- include "choreo-connect.selectorLabels" . | nindent 4 }} 29 | app.kubernetes.io/component: choreo-connect-gateway-runtime 30 | ports: 31 | - name: "http-routeradmin" 32 | port: 9000 33 | targetPort: 9000 34 | protocol: TCP 35 | - name: "http-router" 36 | port: 9090 37 | targetPort: 9090 38 | protocol: TCP 39 | - name: "https-router" 40 | port: 9095 41 | targetPort: 9095 42 | protocol: TCP 43 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/wso2-subscription-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if and (not (empty .Values.wso2.subscription.username)) (not (empty .Values.wso2.subscription.password)) }} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | {{- $username := .Values.wso2.subscription.username }} 19 | {{- $password := .Values.wso2.subscription.password }} 20 | {{- $email := .Values.wso2.subscription.username }} 21 | {{- $regId := default "docker.wso2.com" .Values.wso2.deployment.dockerRegistry }} 22 | {{- $auth := printf "%s:%s" $username $password | b64enc }} 23 | {{- $files := .Files }} 24 | apiVersion: v1 25 | kind: Secret 26 | metadata: 27 | name: {{ include "choreo-connect.subscriptionCredsSecretName" . }} 28 | namespace: {{ .Release.Namespace }} 29 | type: kubernetes.io/dockerconfigjson 30 | data: 31 | .dockerconfigjson: {{ $files.Get "auth.json" | replace "reg.id" $regId | replace "docker.wso2.com.username" $username | replace "docker.wso2.com.password" $password | replace "docker.wso2.com.email" $email | replace "docker.wso2.com.auth" $auth | b64enc }} 32 | {{ end }} 33 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/gateway-runtime-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.wso2.deployment.gatewayRuntime.autoscaling.enabled }} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: autoscaling/v1 19 | kind: HorizontalPodAutoscaler 20 | metadata: 21 | name: {{printf "%s-%s" (include "choreo-connect.fullname" .) "gateway-runtime" | trunc 63 }} 22 | namespace: {{ .Release.Namespace }} 23 | annotations: 24 | autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":{{ .Values.wso2.deployment.gatewayRuntime.autoscaling.targetMemoryUtilizationPercentage }}}}]' 25 | labels: 26 | {{- include "choreo-connect.labels" . | nindent 4 }} 27 | app.kubernetes.io/component: choreo-connect-gateway-runtime 28 | spec: 29 | maxReplicas: {{ .Values.wso2.deployment.gatewayRuntime.autoscaling.maxReplicas }} 30 | minReplicas: {{ .Values.wso2.deployment.gatewayRuntime.autoscaling.minReplicas }} 31 | scaleTargetRef: 32 | apiVersion: apps/v1 33 | kind: Deployment 34 | name: {{printf "%s-%s" (include "choreo-connect.fullname" .) "gateway-runtime" | trunc 63 }} 35 | targetCPUUtilizationPercentage: {{ .Values.wso2.deployment.gatewayRuntime.autoscaling.targetCPUUtilizationPercentage }} 36 | {{- end -}} 37 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/adapter-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (include "choreo-connect.deploymentMode.isStandalone" .) .Values.wso2.deployment.adapter.ingress.enabled }} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: networking.k8s.io/v1 19 | kind: Ingress 20 | metadata: 21 | name: {{ include "choreo-connect.adapterFullname" . }} 22 | namespace: {{ .Release.Namespace }} 23 | {{- with .Values.wso2.deployment.adapter.ingress.annotations }} 24 | annotations: 25 | {{- toYaml . | nindent 4 }} 26 | {{- end }} 27 | spec: 28 | {{- if .Values.kubernetes.ingress.className }} 29 | ingressClassName: {{ .Values.kubernetes.ingress.className }} 30 | {{- end }} 31 | tls: 32 | - hosts: 33 | - {{ .Values.wso2.deployment.adapter.ingress.hostname }} 34 | {{- if .Values.wso2.deployment.adapter.ingress.tlsSecretName }} 35 | secretName: {{ .Values.wso2.deployment.adapter.ingress.tlsSecretName }} 36 | {{- else }} 37 | secretName: {{ printf "%s-default-ingress-tls" (include "choreo-connect.fullname" .) | trunc 63 }} 38 | {{- end }} 39 | rules: 40 | - host: {{ .Values.wso2.deployment.adapter.ingress.hostname }} 41 | http: 42 | paths: 43 | - path: / 44 | pathType: Prefix 45 | backend: 46 | service: 47 | name: {{ include "choreo-connect.adapterFullname" . | quote }} 48 | port: 49 | number: 9843 50 | {{- end -}} 51 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 2 | # Contributing to kubernetes-microgateway 3 | 4 | Kubernetes and Helm resources for WSO2 API Microgateway are open source, and we encourage contributions from our community. 5 | 6 | ## How you can Contribute 7 | 8 | ### Mailing Lists 9 | 10 | The recommended way to discuss anything related to WSO2 products is via our mailing lists. First, go to https://wso2.com/mail/ and subscribe to any mailing lists. Here are the two most popular lists: 11 | 12 | * dev@wso2.org: To discuss all WSO2 products. 13 | * architecture@wso2.org: To discuss the architecture of WSO2 products. 14 | 15 | ### Posting Issues 16 | 17 | We encourage you to report any problems in the WSO2 Kubernetes and Helm resources or their documentation by creating GitHub issues in the respective repositories. The issues page on GitHub is for tracking bugs and feature requests. When posing a new issue, follow the guidelines below. 18 | 19 | * Check whether the issue has already been reported. 20 | * Create a separate issue for each bug you are reporting or feature you are requesting. 21 | 22 | ### Code Contributions 23 | 24 | If you like to contribute with a bug fix or a new feature, start by posting an issue and discussing the best way to implement it. 25 | 26 | Unlike most projects, development for this repository is carried out on the 3.0.x branch. This is because the master branch contains the latest stable release of the project. The code in 3.0.x is merged to the master branch after a final review and a round of testing. 27 | 28 | Please follow these guidelines when contributing to the code: 29 | 30 | 1. Fork the current repository. 31 | 2. Create a topic branch from the 3.0.x branch. 32 | 3. Make commits in logical units. 33 | 4. Before you send out the pull request, sync your forked repository with a remote repository. This makes your pull request simple and clear. 34 | 35 | ```bash 36 | git clone https://github.com//kubernetes-microgateway.git 37 | git remote add upstream https://github.com/wso2/kubernetes-microgateway.git 38 | git fetch upstream 39 | git checkout -b upstream/3.0.x 40 | 41 | # add some work 42 | 43 | git push origin 44 | 45 | # submit pull request 46 | ``` 47 | 48 | **Thanks for contributing!** 49 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/router-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.wso2.deployment.gatewayRuntime.router.ingress.enabled }} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: networking.k8s.io/v1 19 | kind: Ingress 20 | metadata: 21 | name: {{ printf "%s-router" (include "choreo-connect.fullname" .) | trunc 63 }} 22 | namespace: {{ .Release.Namespace }} 23 | {{- with .Values.wso2.deployment.gatewayRuntime.router.ingress.annotations }} 24 | annotations: 25 | {{- toYaml . | nindent 4 }} 26 | {{- end }} 27 | spec: 28 | {{- if .Values.kubernetes.ingress.className }} 29 | ingressClassName: {{ .Values.kubernetes.ingress.className }} 30 | {{- end }} 31 | tls: 32 | - hosts: 33 | - {{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }} 34 | {{- if .Values.wso2.deployment.gatewayRuntime.router.ingress.tlsSecretName }} 35 | secretName: {{ .Values.wso2.deployment.gatewayRuntime.router.ingress.tlsSecretName }} 36 | {{- else }} 37 | secretName: {{ printf "%s-default-ingress-tls" (include "choreo-connect.fullname" .) | trunc 63 }} 38 | {{- end }} 39 | rules: 40 | - host: {{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }} 41 | http: 42 | paths: 43 | - path: / 44 | pathType: Prefix 45 | backend: 46 | service: 47 | name: {{printf "%s-%s" (include "choreo-connect.fullname" .) "router" | trunc 63 | quote }} 48 | port: 49 | number: {{ .Values.wso2.deployment.gatewayRuntime.router.ingress.targetPort }} 50 | {{- end -}} 51 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/adapter-grpc-probe-script-configmap.yaml: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------- 2 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ----------------------------------------------------------------------- 16 | 17 | apiVersion: v1 18 | kind: ConfigMap 19 | metadata: 20 | name: {{printf "%s-grpc-probe-script" (include "choreo-connect.adapterFullname" .) | trunc 63}} 21 | namespace: {{ .Release.Namespace }} 22 | data: 23 | check_health.sh: | 24 | #!/bin/bash 25 | # -------------------------------------------------------------------- 26 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 27 | # 28 | # Licensed under the Apache License, Version 2.0 (the "License"); 29 | # you may not use this file except in compliance with the License. 30 | # You may obtain a copy of the License at 31 | # 32 | # http://www.apache.org/licenses/LICENSE-2.0 33 | # 34 | # Unless required by applicable law or agreed to in writing, software 35 | # distributed under the License is distributed on an "AS IS" BASIS, 36 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 37 | # See the License for the specific language governing permissions and 38 | # limitations under the License. 39 | # ----------------------------------------------------------------------- 40 | 41 | ADAPTER_XDS_PORT="${ADAPTER_XDS_PORT:-18000}" 42 | grpc_health_probe -addr "127.0.0.1:${ADAPTER_XDS_PORT}" \ 43 | -tls \ 44 | -tls-ca-cert "${ADAPTER_PUBLIC_CERT_PATH}" \ 45 | -tls-client-cert "${ADAPTER_PUBLIC_CERT_PATH}" \ 46 | -tls-client-key "${ADAPTER_PRIVATE_KEY_PATH}" \ 47 | -tls-server-name {{ .Values.wso2.deployment.adapter.security.sslHostname }} \ 48 | -connect-timeout=3s 49 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/enforcer-grpc-probe-script-configmap.yaml: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------- 2 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ----------------------------------------------------------------------- 16 | 17 | apiVersion: v1 18 | kind: ConfigMap 19 | metadata: 20 | name: {{ printf "%s-grpc-probe-script" (include "choreo-connect.enforcerFullname" .) | trunc 63 }} 21 | namespace: {{ .Release.Namespace }} 22 | data: 23 | check_health.sh: | 24 | #!/bin/bash 25 | # -------------------------------------------------------------------- 26 | # Copyright (c) 2021, WSO2 Inc. (http://wso2.com) All Rights Reserved. 27 | # 28 | # Licensed under the Apache License, Version 2.0 (the "License"); 29 | # you may not use this file except in compliance with the License. 30 | # You may obtain a copy of the License at 31 | # 32 | # http://www.apache.org/licenses/LICENSE-2.0 33 | # 34 | # Unless required by applicable law or agreed to in writing, software 35 | # distributed under the License is distributed on an "AS IS" BASIS, 36 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 37 | # See the License for the specific language governing permissions and 38 | # limitations under the License. 39 | # ----------------------------------------------------------------------- 40 | 41 | ENFORCER_PORT="${ENFORCER_PORT:-8081}" 42 | grpc_health_probe -addr "127.0.0.1:${ENFORCER_PORT}" \ 43 | -tls \ 44 | -tls-ca-cert "${ENFORCER_PUBLIC_CERT_PATH}" \ 45 | -tls-client-cert "${ENFORCER_PUBLIC_CERT_PATH}" \ 46 | -tls-client-key "${ENFORCER_PRIVATE_KEY_PATH}" \ 47 | -tls-server-name {{ .Values.wso2.deployment.gatewayRuntime.enforcer.security.sslHostname }} \ 48 | -connect-timeout=3s 49 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/logconfig-toml-configmap.yaml: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------- 2 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ----------------------------------------------------------------------- 16 | 17 | apiVersion: v1 18 | kind: ConfigMap 19 | metadata: 20 | name: {{printf "%s-logconfig-toml" (include "choreo-connect.adapterFullname" .) | trunc 63}} 21 | namespace: {{ .Release.Namespace }} 22 | data: 23 | {{- if .Values.wso2.deployment.adapter.logConfigToml }} 24 | log_config.toml: | 25 | {{ tpl .Values.wso2.deployment.adapter.logConfigToml $ | indent 4 }} 26 | {{- else }} 27 | log_config.toml: | 28 | # The logging configuration file for control plane 29 | ######### root Level ######## 30 | logfile = "/dev/null" 31 | logLevel = "INFO" 32 | 33 | [rotation] 34 | MaxSize = 10 # In MegaBytes (MB) 35 | MaxBackups = 3 36 | MaxAge = 2 # In days 37 | Compress = true 38 | 39 | ## Adapter package Level configurations 40 | 41 | [[pkg]] 42 | name = "github.com/wso2/product-microgateway/adapter/internal/adapter" 43 | logLevel = "INFO" # LogLevels can be "DEBG", "FATL", "ERRO", "WARN", "INFO", "PANC" 44 | 45 | [[pkg]] 46 | name = "github.com/wso2/product-microgateway/adapter/internal/oasparser" 47 | logLevel = "INFO" 48 | 49 | 50 | # The logging configuration for Router 51 | 52 | [accessLogs] 53 | enable = false 54 | logfile = "/dev/stdout" # This file will be created inside router container. 55 | format = "[%START_TIME%] '%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%' %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% '%REQ(X-FORWARDED-FOR)%' '%REQ(USER-AGENT)%' '%REQ(X-REQUEST-ID)%' '%REQ(:AUTHORITY)%' '%UPSTREAM_HOST%'\n" 56 | {{- end -}} 57 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Thank you for installing Choreo Connect. 2 | 3 | Installation Mode: {{ .Values.wso2.deployment.mode | quote }} 4 | 5 | {{- $adapterIngEnabled := and (include "choreo-connect.deploymentMode.isStandalone" .) .Values.wso2.deployment.adapter.ingress.enabled }} 6 | {{- $gatewayIngEnabled := .Values.wso2.deployment.gatewayRuntime.router.ingress.enabled }} 7 | {{- if or $adapterIngEnabled $gatewayIngEnabled }} 8 | Please follow these configure DNS records. 9 | 10 | 1. Obtain the external IP (`EXTERNAL-IP`) of ingress resources, by listing down the Kubernetes Ingresses. 11 | 12 | $ kubectl get ing -n {{ .Release.Namespace }} 13 | 14 | The output under the relevant column stands for the following. 15 | 16 | {{- if $adapterIngEnabled }} 17 | 18 | Choreo Connect Adapter 19 | - NAME: Metadata name of the Kubernetes Ingress resource ("{{ include "choreo-connect.adapterFullname" . }}") 20 | - HOSTS: Hostname of the Choreo Connect Adapter ("{{ .Values.wso2.deployment.adapter.ingress.hostname }}") 21 | - ADDRESS: External IP (`EXTERNAL-IP`) exposing the Choreo Connect Adapter to outside of the Kubernetes environment 22 | - PORTS: Externally exposed service ports of the Choreo Connect Adapter 23 | {{- end }} 24 | 25 | {{- if $gatewayIngEnabled }} 26 | 27 | Choreo Connect Router 28 | - NAME: Metadata name of the Kubernetes Ingress resource ({{ printf "%s-router" (include "choreo-connect.fullname" .) | trunc 63 }}) 29 | - HOSTS: Hostname of the router service ("{{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }}") 30 | - ADDRESS: External IP (`EXTERNAL-IP`) exposing the router to outside of the Kubernetes environment 31 | - PORTS: Externally exposed router ports of the Choreo Connect 32 | {{- end }} 33 | 34 | 2. Add a DNS record mapping the hostnames (in step 1) and the external IP. 35 | 36 | If the defined hostnames (in step 1) are backed by a DNS service, add a DNS record mapping the hostnames and 37 | the external IP (`EXTERNAL-IP`) in the relevant DNS service. 38 | 39 | If the defined hostnames are not backed by a DNS service, for the purpose of evaluation you may add an entry mapping the 40 | hostnames and the external IP in the `/etc/hosts` file at the client-side. 41 | 42 | {{ if $adapterIngEnabled }}{{ .Values.wso2.deployment.adapter.ingress.hostname }}{{ end }} {{ if $gatewayIngEnabled }}{{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }}{{ end }} 43 | {{- end }} 44 | 45 | Please refer the official documentation at https://apim.docs.wso2.com/en/4.2.0/deploy-and-publish/deploy-on-gateway/choreo-connect/getting-started/choreo-connect-overview/ for additional information on Choreo Connect. 46 | -------------------------------------------------------------------------------- /pull_request_template.md: -------------------------------------------------------------------------------- 1 | ## Purpose 2 | > Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc. 3 | 4 | ## Goals 5 | > Describe the solutions that this feature/fix will introduce to resolve the problems described above 6 | 7 | ## Approach 8 | > Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here. 9 | 10 | ## User stories 11 | > Summary of user stories addressed by this change> 12 | 13 | ## Release note 14 | > Brief description of the new feature or bug fix as it will appear in the release notes 15 | 16 | ## Documentation 17 | > Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact 18 | 19 | ## Training 20 | > Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable 21 | 22 | ## Certification 23 | > Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why. 24 | 25 | ## Marketing 26 | > Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable 27 | 28 | ## Automation tests 29 | - Unit tests 30 | > Code coverage information 31 | - Integration tests 32 | > Details about the test cases and coverage 33 | 34 | ## Security checks 35 | - Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no 36 | - Ran FindSecurityBugs plugin and verified report? yes/no 37 | - Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no 38 | 39 | ## Samples 40 | > Provide high-level details about the samples related to this feature 41 | 42 | ## Related PRs 43 | > List any other related PRs 44 | 45 | ## Migrations (if applicable) 46 | > Describe migration steps and platforms on which migration has been tested 47 | 48 | ## Test environment 49 | > List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested 50 | 51 | ## Learning 52 | > Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem. -------------------------------------------------------------------------------- /helm/choreo-connect/templates/adapter-truststore-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.wso2.deployment.adapter.security.truststore -}} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: v1 19 | kind: Secret 20 | metadata: 21 | name: {{ printf "%s-default-truststore" (include "choreo-connect.adapterFullname" .) | trunc 63 }} 22 | namespace: {{ .Release.Namespace }} 23 | data: 24 | controlplane.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxVENDQXBHZ0F3SUJBZ0lFWS9aYUF6QU5CZ2txaGtpRzl3MEJBUXNGQURCa01Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhGakFVQmdOVkJBY01EVTF2ZFc1MFlXbHVJRlpwWlhjeERUQUxCZ05WQkFvTQpCRmRUVHpJeERUQUxCZ05WQkFzTUJGZFRUekl4RWpBUUJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERBZUZ3MHlNekF5Ck1qSXhPREE0TUROYUZ3MHlOVEExTWpjeE9EQTRNRE5hTUdReEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUkKREFKRFFURVdNQlFHQTFVRUJ3d05UVzkxYm5SaGFXNGdWbWxsZHpFTk1Bc0dBMVVFQ2d3RVYxTlBNakVOTUFzRwpBMVVFQ3d3RVYxTlBNakVTTUJBR0ExVUVBd3dKYkc5allXeG9iM04wTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBUThBTUlJQkNnS0NBUUVBek5xamZCNHlwWTBRa000UW5ydGNGbFJtRmpkSllUemVURXpaajNQYUp0Tm0KY09DeFZOd29tVXdia0lTb2d2NE80SjBsRFZBeXE2YWFwRE5ZOUp6eHNvTGVob3NxeXVLYXIzSUdTSmhtOElNOApON3VWZlQwbUxRK3JobzN6WEU3L0ZhaFMrcndJcCtPVVBxSnZSSDhlbmMybXBmZ2hHOGN2Qng0cXE2VnpNUzNCCjcyQ2ZOQVB5RWVGSndpNFI0WmdYenNsYnIvb0dNSkJIU1FEaFZFb0E4dWtRelVzTGFmYnQzc0ZNRFZ5MHQ1S04KU2F6UkJMY0hTUGx4NUIwVzRKU1dmL3Z2MUEvYzF2OUFKU2tzeHJTc1JxUmpvYUhncDNBemhadzdMRHNvd2Z4cQpIWjViRjBUaHhxNE9YRU9zay9yU1BJSHZSaWxrN09QK2VwVFh3WnB3NFFJREFRQUJvMk13WVRBVUJnTlZIUkVFCkRUQUxnZ2xzYjJOaGJHaHZjM1F3SFFZRFZSME9CQllFRkR5c2pVVWhnLzhBc0g2MHJKdnJBbjlXYXkxL01CMEcKQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTEJnTlZIUThFQkFNQ0JQQXdEUVlKS29aSQpodmNOQVFFTEJRQURnZ0VCQUtSQU4rREEzQkg1UHhWLzAzU3pMTW5neG4vdzhoTWFiTlhQNUZwdHZCclBkRlpoCjY4SzF2UitQS29wUUJZSVJOam9sem1yZkxJbk56MHFsdVlnejhObGRvVytTS3E0a2pmR2JOMVJpSlZXNGhmWUQKYjhVcFJ3b3lXQ3liUEFDQ0p1enNpSlYrVkZYQnU5aEdrNTFOWkh3WTZRZ0pERmtIY2YzZE9mak1FMDVpeUNXNApjK3hZV2NKQjdOcW4wbjNFR3RLMURvaWlFTnBUQy80UEtZMVlHdkVRWHpEcUk3M2dKbmdLTlo3OHN4TngwV2FRCklmTjMzSG92MFh0L2NMTWsxenpsSnZEK044UjhuN0N6UytqcjFTbkNvSm1DWkZKekZqcVBOeHpzVHNmRlRpcnQKanF5WXJQV0hoVThEOU1jM2lxdGdhdVJGNFUya3BGc2RwS3BXT2hRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t 25 | type: Opaque 26 | {{- end -}} 27 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/enforcer-truststore-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.wso2.deployment.gatewayRuntime.enforcer.security.truststore -}} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: v1 19 | kind: Secret 20 | metadata: 21 | name: {{ printf "%s-default-truststore" (include "choreo-connect.enforcerFullname" .) | trunc 63 }} 22 | namespace: {{ .Release.Namespace }} 23 | data: 24 | wso2carbon.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxVENDQXBHZ0F3SUJBZ0lFWS9aYUF6QU5CZ2txaGtpRzl3MEJBUXNGQURCa01Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhGakFVQmdOVkJBY01EVTF2ZFc1MFlXbHVJRlpwWlhjeERUQUxCZ05WQkFvTQpCRmRUVHpJeERUQUxCZ05WQkFzTUJGZFRUekl4RWpBUUJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERBZUZ3MHlNekF5Ck1qSXhPREE0TUROYUZ3MHlOVEExTWpjeE9EQTRNRE5hTUdReEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUkKREFKRFFURVdNQlFHQTFVRUJ3d05UVzkxYm5SaGFXNGdWbWxsZHpFTk1Bc0dBMVVFQ2d3RVYxTlBNakVOTUFzRwpBMVVFQ3d3RVYxTlBNakVTTUJBR0ExVUVBd3dKYkc5allXeG9iM04wTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBUThBTUlJQkNnS0NBUUVBek5xamZCNHlwWTBRa000UW5ydGNGbFJtRmpkSllUemVURXpaajNQYUp0Tm0KY09DeFZOd29tVXdia0lTb2d2NE80SjBsRFZBeXE2YWFwRE5ZOUp6eHNvTGVob3NxeXVLYXIzSUdTSmhtOElNOApON3VWZlQwbUxRK3JobzN6WEU3L0ZhaFMrcndJcCtPVVBxSnZSSDhlbmMybXBmZ2hHOGN2Qng0cXE2VnpNUzNCCjcyQ2ZOQVB5RWVGSndpNFI0WmdYenNsYnIvb0dNSkJIU1FEaFZFb0E4dWtRelVzTGFmYnQzc0ZNRFZ5MHQ1S04KU2F6UkJMY0hTUGx4NUIwVzRKU1dmL3Z2MUEvYzF2OUFKU2tzeHJTc1JxUmpvYUhncDNBemhadzdMRHNvd2Z4cQpIWjViRjBUaHhxNE9YRU9zay9yU1BJSHZSaWxrN09QK2VwVFh3WnB3NFFJREFRQUJvMk13WVRBVUJnTlZIUkVFCkRUQUxnZ2xzYjJOaGJHaHZjM1F3SFFZRFZSME9CQllFRkR5c2pVVWhnLzhBc0g2MHJKdnJBbjlXYXkxL01CMEcKQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTEJnTlZIUThFQkFNQ0JQQXdEUVlKS29aSQpodmNOQVFFTEJRQURnZ0VCQUtSQU4rREEzQkg1UHhWLzAzU3pMTW5neG4vdzhoTWFiTlhQNUZwdHZCclBkRlpoCjY4SzF2UitQS29wUUJZSVJOam9sem1yZkxJbk56MHFsdVlnejhObGRvVytTS3E0a2pmR2JOMVJpSlZXNGhmWUQKYjhVcFJ3b3lXQ3liUEFDQ0p1enNpSlYrVkZYQnU5aEdrNTFOWkh3WTZRZ0pERmtIY2YzZE9mak1FMDVpeUNXNApjK3hZV2NKQjdOcW4wbjNFR3RLMURvaWlFTnBUQy80UEtZMVlHdkVRWHpEcUk3M2dKbmdLTlo3OHN4TngwV2FRCklmTjMzSG92MFh0L2NMTWsxenpsSnZEK044UjhuN0N6UytqcjFTbkNvSm1DWkZKekZqcVBOeHpzVHNmRlRpcnQKanF5WXJQV0hoVThEOU1jM2lxdGdhdVJGNFUya3BGc2RwS3BXT2hRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t 25 | type: Opaque 26 | {{- end -}} 27 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/adapter-keystore-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.wso2.deployment.adapter.security.keystore -}} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: v1 19 | kind: Secret 20 | metadata: 21 | name: {{ printf "%s-default-keystore" (include "choreo-connect.adapterFullname" .) | trunc 63 }} 22 | namespace: {{ .Release.Namespace }} 23 | data: 24 | mg.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRHkrTjRmTkdHK2w4eksKeTJkdytjc0ZiTCsza1hkNExGdHd0dDI2QmFmTitjaUJwWHBOYWVvOEZScUFrRXFuTkZtemdEMUNOcjltdEpVbQpOaXhzQkhNSkwrcUphblFKM0NTcWZwa0plbVp1bCtOaWNvNUdydzN3ejdOWnBKbGhzMjlZbm1oSTdpUWY0c3BiCk00Tm9WNXZCTWtHbXhIVzhLRWNmM2wyakVXNVNPSmxxS3hWcENCUW5wMnRGMlVPMGlhbjJ2MFFCZmZwaEU2NWcKVStnUWx5K3dmais2NEJIb0tVblhaRVRjejVnM2cxT0xYQnBVMjhadlBqZWcydWsvTHRKZUNtTE9LZURGSVl5bwpqcFpUYkt4R2FUOS8wQXVDSThpa1VPbTUrSUpOaG9oeEZQNWh4VEtuMmN3T1ZOR3lReTRQNTFEV3gwazVyWFUvCi9JeXo2Q1Y5QWdNQkFBRUNnZ0VBUmpVRk1lMFg1VlBGdUQrSUYwd0dqdjI2ZEJlVGR1VVNVd0owRlVGM0dIeDUKcElTbFQyTXdiTVlJVDJmaU9taFZGeG9TR1dUcWI0bjBvd0w2V1FmOEdZWi85YzhOMHArSzlMejZDWlFWcnhVeQpmZ3J0ODV5M29ZTFNweTk1cHBLTHRRYW95WklPWEN4VEhvRkhFa3BtVmkvb2FvRFFLRnRYR2UxT0QwV0ZKRHBvCmJSa0FIZmdHTFBmaElOaXVONlZLelRtSURCS0lxbk1RYTk1Qk9KeERKRDJTM1N3Y2NvOGRERmtWdU96NVNHdmYKTms2NkxrNzZiVVlNdzVGTUNBVmNhRUZObnRDbXl5UGVaYzB1Tmx5TTZyZkVEaTg2bE1tTm1naUlkMXl2SHgrKwpZUzhhekw2aStIOHI2K0ZRK0VrOTA3ZVZtTFNUaDhvVVhQMERaZ3JiWVFLQmdRRDh2MDhuc3lieVJ3dTUwdi9ZClZNZzdncDdVbGtjdElFL3pud0dsZ1NOZWNHcjk1V0xPckJqL2g1V1FwUFVtc2hIbFZOUkRPUHRMR1RJSGtDVlkKSHVSMW1QT2FxNW5kSUhhMUNUeSsrSkkwVTkzdFZ3VU1oWmZZQVppbVhwWHZPaWJHNXpGcjFTUUlQRnZZWDJzMAoyMVZ2OVdhK3RrNnpXc3V1Sy80MlFMWHloUUtCZ1FEMkdWcUd4K3k2c05ISy9TSDQ3M284cUhCVzVzNVNIUFVyCkh6WTFPQ3VlVGtZRWkyR1U5VjRtRC9pakwwbGpGQUhYRmxFY1dhZUJQWVRDUW5UZmE4azZVUDcydnNkZFFwOUcKMUg1aWNJTmtYbmQrQ29WcllMQ2Z1Nkh2OHY0N3pZTWdqRFVrc3pFa1JHVUJMSXprSjdMc0NqdmhCOHdqNEt2eAo0K3FtUnFta21RS0JnUUNTTHRCSVpPMEV1aVRGRUkzYmdJWGpMWlJSM3ExQ0kyczZ1OS9HNnQ4YkV5Zyt1enFmCjBKZ1F5MG10UkV0cVd4blFxM1N0Z0xxUFgvNDRzNTExejBCUjUrb1ZybVNxcWNrZXdqMzVNbW5WakNCUzByN2YKMUREVHhYQ1Y0U1VWSFd3cUpMUEg2NW9RaldDTnovcUFzczlDbHd3YkIvU1M5ZFBTWkMxL0VZUnF4UUtCZ1FDRgpscGVzYUNRWjUxZktmNFFNZERwL2FOT3FhSm1BdTFWZWRnL2Y3Y0RIcXllWTJldzdoc0gzbVYzWGZ4aXdIckV0CkIyRTZLWFNpMURrWGxpbUpDaUp1ZEg4aWc4Y0cyZDVKL1prcGFIZjZhTWttY3lHZmV4b0ZhejNwV1pjbDhWWUgKdWZRekdzNUhLSlZIZ041dUR4cXh4SkJpZy9BTlhhMFluaWJHNGI2K3FRS0JnUURpcGdad08zR25DV2NzUHhDbgpRQWlTSEFIbDc1WHJDUUJTcU9NUVF0bHRHa2RjUU9pWS82K3RrdjNXdXIydklkKytXZnB3VmdKRGVNWnVxKzY1CmVTOUVweDJ6eGFENjgzQ01yQ2xOa3NNWm5nd2VzZDBOUUs3TjQ3bWQrWTVGeGtTcC91RnIxY2FOV0ZzMktURWIKUU5XZjRody9FZ0xvWG9pTXR3Y1ZrbC9WSUE9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 25 | mg.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1hZ0F3SUJBZ0lKQUwzUW9rdFZDWDJTTUEwR0NTcUdTSWIzRFFFQkN3VUFNR1F4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlEQUpEUVRFV01CUUdBMVVFQnd3TlRXOTFiblJoYVc0Z1ZtbGxkekVOTUFzRwpBMVVFQ2d3RVYxTlBNakVOTUFzR0ExVUVDd3dFVjFOUE1qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNQjRYCkRUSXhNREV6TVRFM05USXpOVm9YRFRNeE1ERXlPVEUzTlRJek5Wb3daREVMTUFrR0ExVUVCaE1DVlZNeEN6QUoKQmdOVkJBZ01Ba05CTVJZd0ZBWURWUVFIREExTmIzVnVkR0ZwYmlCV2FXVjNNUTB3Q3dZRFZRUUtEQVJYVTA4eQpNUTB3Q3dZRFZRUUxEQVJYVTA4eU1SSXdFQVlEVlFRRERBbHNiMk5oYkdodmMzUXdnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRHkrTjRmTkdHK2w4ekt5MmR3K2NzRmJMKzNrWGQ0TEZ0d3R0MjYKQmFmTitjaUJwWHBOYWVvOEZScUFrRXFuTkZtemdEMUNOcjltdEpVbU5peHNCSE1KTCtxSmFuUUozQ1NxZnBrSgplbVp1bCtOaWNvNUdydzN3ejdOWnBKbGhzMjlZbm1oSTdpUWY0c3BiTTROb1Y1dkJNa0dteEhXOEtFY2YzbDJqCkVXNVNPSmxxS3hWcENCUW5wMnRGMlVPMGlhbjJ2MFFCZmZwaEU2NWdVK2dRbHkrd2ZqKzY0QkhvS1VuWFpFVGMKejVnM2cxT0xYQnBVMjhadlBqZWcydWsvTHRKZUNtTE9LZURGSVl5b2pwWlRiS3hHYVQ5LzBBdUNJOGlrVU9tNQorSUpOaG9oeEZQNWh4VEtuMmN3T1ZOR3lReTRQNTFEV3gwazVyWFUvL0l5ejZDVjlBZ01CQUFHak16QXhNQzhHCkExVWRFUVFvTUNhQ0IyRmtZWEIwWlhLQ0NHVnVabTl5WTJWeWdnWnliM1YwWlhLQ0NXeHZZMkZzYUc5emREQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBa2l5WXQrMGZwOGNzOW9hMkhWVS9OZkltbHpRTUJWMFMrTTNERmxwNgo0ZWdMV2JEWE05azVHZWNybFUyYlkzdU8ydU1UOWp6V0o3R1UxZnVKdEFJRFFwVVJydWhvWHFpdVFmM3owUTZPClhsSlVXTlJpVWFZeWhNQkNLM2VrbXhyVEtrZ3dUZHpIWlBlRTN3MkRIOHA2bjU3YVBFNkJjYXJLTzdCWEJERDAKdmx3amtDNm5zOStQcGplMmJZeFIyQlBBNkxrcVpleWZ5WmNwUE55NE5UTjY2TEErVVFFaXpVTWV0R2FocFNwaAo1TlFlSUZnOFM0OWJsRlZsdWNYS0ZMdEFKUVgyVWJEdUxMamhDZEh1b3AwMGxZN3Nicks2dnJ5d3RydDEyaHp1Cnp3TmR3S01pQ1V3MTRvQzdBMlpmaEE1UEVpT2JFdFIwSittUGhuTEdHVk1HNHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 26 | type: Opaque 27 | {{- end -}} 28 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/router-keystore-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.wso2.deployment.gatewayRuntime.router.security.keystore -}} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: v1 19 | kind: Secret 20 | metadata: 21 | name: {{ printf "%s-default-keystore" (include "choreo-connect.routerFullname" .) | trunc 63 }} 22 | namespace: {{ .Release.Namespace }} 23 | data: 24 | mg.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRHkrTjRmTkdHK2w4eksKeTJkdytjc0ZiTCsza1hkNExGdHd0dDI2QmFmTitjaUJwWHBOYWVvOEZScUFrRXFuTkZtemdEMUNOcjltdEpVbQpOaXhzQkhNSkwrcUphblFKM0NTcWZwa0plbVp1bCtOaWNvNUdydzN3ejdOWnBKbGhzMjlZbm1oSTdpUWY0c3BiCk00Tm9WNXZCTWtHbXhIVzhLRWNmM2wyakVXNVNPSmxxS3hWcENCUW5wMnRGMlVPMGlhbjJ2MFFCZmZwaEU2NWcKVStnUWx5K3dmais2NEJIb0tVblhaRVRjejVnM2cxT0xYQnBVMjhadlBqZWcydWsvTHRKZUNtTE9LZURGSVl5bwpqcFpUYkt4R2FUOS8wQXVDSThpa1VPbTUrSUpOaG9oeEZQNWh4VEtuMmN3T1ZOR3lReTRQNTFEV3gwazVyWFUvCi9JeXo2Q1Y5QWdNQkFBRUNnZ0VBUmpVRk1lMFg1VlBGdUQrSUYwd0dqdjI2ZEJlVGR1VVNVd0owRlVGM0dIeDUKcElTbFQyTXdiTVlJVDJmaU9taFZGeG9TR1dUcWI0bjBvd0w2V1FmOEdZWi85YzhOMHArSzlMejZDWlFWcnhVeQpmZ3J0ODV5M29ZTFNweTk1cHBLTHRRYW95WklPWEN4VEhvRkhFa3BtVmkvb2FvRFFLRnRYR2UxT0QwV0ZKRHBvCmJSa0FIZmdHTFBmaElOaXVONlZLelRtSURCS0lxbk1RYTk1Qk9KeERKRDJTM1N3Y2NvOGRERmtWdU96NVNHdmYKTms2NkxrNzZiVVlNdzVGTUNBVmNhRUZObnRDbXl5UGVaYzB1Tmx5TTZyZkVEaTg2bE1tTm1naUlkMXl2SHgrKwpZUzhhekw2aStIOHI2K0ZRK0VrOTA3ZVZtTFNUaDhvVVhQMERaZ3JiWVFLQmdRRDh2MDhuc3lieVJ3dTUwdi9ZClZNZzdncDdVbGtjdElFL3pud0dsZ1NOZWNHcjk1V0xPckJqL2g1V1FwUFVtc2hIbFZOUkRPUHRMR1RJSGtDVlkKSHVSMW1QT2FxNW5kSUhhMUNUeSsrSkkwVTkzdFZ3VU1oWmZZQVppbVhwWHZPaWJHNXpGcjFTUUlQRnZZWDJzMAoyMVZ2OVdhK3RrNnpXc3V1Sy80MlFMWHloUUtCZ1FEMkdWcUd4K3k2c05ISy9TSDQ3M284cUhCVzVzNVNIUFVyCkh6WTFPQ3VlVGtZRWkyR1U5VjRtRC9pakwwbGpGQUhYRmxFY1dhZUJQWVRDUW5UZmE4azZVUDcydnNkZFFwOUcKMUg1aWNJTmtYbmQrQ29WcllMQ2Z1Nkh2OHY0N3pZTWdqRFVrc3pFa1JHVUJMSXprSjdMc0NqdmhCOHdqNEt2eAo0K3FtUnFta21RS0JnUUNTTHRCSVpPMEV1aVRGRUkzYmdJWGpMWlJSM3ExQ0kyczZ1OS9HNnQ4YkV5Zyt1enFmCjBKZ1F5MG10UkV0cVd4blFxM1N0Z0xxUFgvNDRzNTExejBCUjUrb1ZybVNxcWNrZXdqMzVNbW5WakNCUzByN2YKMUREVHhYQ1Y0U1VWSFd3cUpMUEg2NW9RaldDTnovcUFzczlDbHd3YkIvU1M5ZFBTWkMxL0VZUnF4UUtCZ1FDRgpscGVzYUNRWjUxZktmNFFNZERwL2FOT3FhSm1BdTFWZWRnL2Y3Y0RIcXllWTJldzdoc0gzbVYzWGZ4aXdIckV0CkIyRTZLWFNpMURrWGxpbUpDaUp1ZEg4aWc4Y0cyZDVKL1prcGFIZjZhTWttY3lHZmV4b0ZhejNwV1pjbDhWWUgKdWZRekdzNUhLSlZIZ041dUR4cXh4SkJpZy9BTlhhMFluaWJHNGI2K3FRS0JnUURpcGdad08zR25DV2NzUHhDbgpRQWlTSEFIbDc1WHJDUUJTcU9NUVF0bHRHa2RjUU9pWS82K3RrdjNXdXIydklkKytXZnB3VmdKRGVNWnVxKzY1CmVTOUVweDJ6eGFENjgzQ01yQ2xOa3NNWm5nd2VzZDBOUUs3TjQ3bWQrWTVGeGtTcC91RnIxY2FOV0ZzMktURWIKUU5XZjRody9FZ0xvWG9pTXR3Y1ZrbC9WSUE9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 25 | mg.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1hZ0F3SUJBZ0lKQUwzUW9rdFZDWDJTTUEwR0NTcUdTSWIzRFFFQkN3VUFNR1F4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlEQUpEUVRFV01CUUdBMVVFQnd3TlRXOTFiblJoYVc0Z1ZtbGxkekVOTUFzRwpBMVVFQ2d3RVYxTlBNakVOTUFzR0ExVUVDd3dFVjFOUE1qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNQjRYCkRUSXhNREV6TVRFM05USXpOVm9YRFRNeE1ERXlPVEUzTlRJek5Wb3daREVMTUFrR0ExVUVCaE1DVlZNeEN6QUoKQmdOVkJBZ01Ba05CTVJZd0ZBWURWUVFIREExTmIzVnVkR0ZwYmlCV2FXVjNNUTB3Q3dZRFZRUUtEQVJYVTA4eQpNUTB3Q3dZRFZRUUxEQVJYVTA4eU1SSXdFQVlEVlFRRERBbHNiMk5oYkdodmMzUXdnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRHkrTjRmTkdHK2w4ekt5MmR3K2NzRmJMKzNrWGQ0TEZ0d3R0MjYKQmFmTitjaUJwWHBOYWVvOEZScUFrRXFuTkZtemdEMUNOcjltdEpVbU5peHNCSE1KTCtxSmFuUUozQ1NxZnBrSgplbVp1bCtOaWNvNUdydzN3ejdOWnBKbGhzMjlZbm1oSTdpUWY0c3BiTTROb1Y1dkJNa0dteEhXOEtFY2YzbDJqCkVXNVNPSmxxS3hWcENCUW5wMnRGMlVPMGlhbjJ2MFFCZmZwaEU2NWdVK2dRbHkrd2ZqKzY0QkhvS1VuWFpFVGMKejVnM2cxT0xYQnBVMjhadlBqZWcydWsvTHRKZUNtTE9LZURGSVl5b2pwWlRiS3hHYVQ5LzBBdUNJOGlrVU9tNQorSUpOaG9oeEZQNWh4VEtuMmN3T1ZOR3lReTRQNTFEV3gwazVyWFUvL0l5ejZDVjlBZ01CQUFHak16QXhNQzhHCkExVWRFUVFvTUNhQ0IyRmtZWEIwWlhLQ0NHVnVabTl5WTJWeWdnWnliM1YwWlhLQ0NXeHZZMkZzYUc5emREQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBa2l5WXQrMGZwOGNzOW9hMkhWVS9OZkltbHpRTUJWMFMrTTNERmxwNgo0ZWdMV2JEWE05azVHZWNybFUyYlkzdU8ydU1UOWp6V0o3R1UxZnVKdEFJRFFwVVJydWhvWHFpdVFmM3owUTZPClhsSlVXTlJpVWFZeWhNQkNLM2VrbXhyVEtrZ3dUZHpIWlBlRTN3MkRIOHA2bjU3YVBFNkJjYXJLTzdCWEJERDAKdmx3amtDNm5zOStQcGplMmJZeFIyQlBBNkxrcVpleWZ5WmNwUE55NE5UTjY2TEErVVFFaXpVTWV0R2FocFNwaAo1TlFlSUZnOFM0OWJsRlZsdWNYS0ZMdEFKUVgyVWJEdUxMamhDZEh1b3AwMGxZN3Nicks2dnJ5d3RydDEyaHp1Cnp3TmR3S01pQ1V3MTRvQzdBMlpmaEE1UEVpT2JFdFIwSittUGhuTEdHVk1HNHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 26 | type: Opaque 27 | {{- end -}} 28 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/enforcer-keystore-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not (and .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore .Values.wso2.deployment.gatewayRuntime.enforcer.security.backendJWT.keystore) -}} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: v1 19 | kind: Secret 20 | metadata: 21 | name: {{ printf "%s-default-keystore" (include "choreo-connect.enforcerFullname" .) | trunc 63 }} 22 | namespace: {{ .Release.Namespace }} 23 | data: 24 | mg.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRHkrTjRmTkdHK2w4eksKeTJkdytjc0ZiTCsza1hkNExGdHd0dDI2QmFmTitjaUJwWHBOYWVvOEZScUFrRXFuTkZtemdEMUNOcjltdEpVbQpOaXhzQkhNSkwrcUphblFKM0NTcWZwa0plbVp1bCtOaWNvNUdydzN3ejdOWnBKbGhzMjlZbm1oSTdpUWY0c3BiCk00Tm9WNXZCTWtHbXhIVzhLRWNmM2wyakVXNVNPSmxxS3hWcENCUW5wMnRGMlVPMGlhbjJ2MFFCZmZwaEU2NWcKVStnUWx5K3dmais2NEJIb0tVblhaRVRjejVnM2cxT0xYQnBVMjhadlBqZWcydWsvTHRKZUNtTE9LZURGSVl5bwpqcFpUYkt4R2FUOS8wQXVDSThpa1VPbTUrSUpOaG9oeEZQNWh4VEtuMmN3T1ZOR3lReTRQNTFEV3gwazVyWFUvCi9JeXo2Q1Y5QWdNQkFBRUNnZ0VBUmpVRk1lMFg1VlBGdUQrSUYwd0dqdjI2ZEJlVGR1VVNVd0owRlVGM0dIeDUKcElTbFQyTXdiTVlJVDJmaU9taFZGeG9TR1dUcWI0bjBvd0w2V1FmOEdZWi85YzhOMHArSzlMejZDWlFWcnhVeQpmZ3J0ODV5M29ZTFNweTk1cHBLTHRRYW95WklPWEN4VEhvRkhFa3BtVmkvb2FvRFFLRnRYR2UxT0QwV0ZKRHBvCmJSa0FIZmdHTFBmaElOaXVONlZLelRtSURCS0lxbk1RYTk1Qk9KeERKRDJTM1N3Y2NvOGRERmtWdU96NVNHdmYKTms2NkxrNzZiVVlNdzVGTUNBVmNhRUZObnRDbXl5UGVaYzB1Tmx5TTZyZkVEaTg2bE1tTm1naUlkMXl2SHgrKwpZUzhhekw2aStIOHI2K0ZRK0VrOTA3ZVZtTFNUaDhvVVhQMERaZ3JiWVFLQmdRRDh2MDhuc3lieVJ3dTUwdi9ZClZNZzdncDdVbGtjdElFL3pud0dsZ1NOZWNHcjk1V0xPckJqL2g1V1FwUFVtc2hIbFZOUkRPUHRMR1RJSGtDVlkKSHVSMW1QT2FxNW5kSUhhMUNUeSsrSkkwVTkzdFZ3VU1oWmZZQVppbVhwWHZPaWJHNXpGcjFTUUlQRnZZWDJzMAoyMVZ2OVdhK3RrNnpXc3V1Sy80MlFMWHloUUtCZ1FEMkdWcUd4K3k2c05ISy9TSDQ3M284cUhCVzVzNVNIUFVyCkh6WTFPQ3VlVGtZRWkyR1U5VjRtRC9pakwwbGpGQUhYRmxFY1dhZUJQWVRDUW5UZmE4azZVUDcydnNkZFFwOUcKMUg1aWNJTmtYbmQrQ29WcllMQ2Z1Nkh2OHY0N3pZTWdqRFVrc3pFa1JHVUJMSXprSjdMc0NqdmhCOHdqNEt2eAo0K3FtUnFta21RS0JnUUNTTHRCSVpPMEV1aVRGRUkzYmdJWGpMWlJSM3ExQ0kyczZ1OS9HNnQ4YkV5Zyt1enFmCjBKZ1F5MG10UkV0cVd4blFxM1N0Z0xxUFgvNDRzNTExejBCUjUrb1ZybVNxcWNrZXdqMzVNbW5WakNCUzByN2YKMUREVHhYQ1Y0U1VWSFd3cUpMUEg2NW9RaldDTnovcUFzczlDbHd3YkIvU1M5ZFBTWkMxL0VZUnF4UUtCZ1FDRgpscGVzYUNRWjUxZktmNFFNZERwL2FOT3FhSm1BdTFWZWRnL2Y3Y0RIcXllWTJldzdoc0gzbVYzWGZ4aXdIckV0CkIyRTZLWFNpMURrWGxpbUpDaUp1ZEg4aWc4Y0cyZDVKL1prcGFIZjZhTWttY3lHZmV4b0ZhejNwV1pjbDhWWUgKdWZRekdzNUhLSlZIZ041dUR4cXh4SkJpZy9BTlhhMFluaWJHNGI2K3FRS0JnUURpcGdad08zR25DV2NzUHhDbgpRQWlTSEFIbDc1WHJDUUJTcU9NUVF0bHRHa2RjUU9pWS82K3RrdjNXdXIydklkKytXZnB3VmdKRGVNWnVxKzY1CmVTOUVweDJ6eGFENjgzQ01yQ2xOa3NNWm5nd2VzZDBOUUs3TjQ3bWQrWTVGeGtTcC91RnIxY2FOV0ZzMktURWIKUU5XZjRody9FZ0xvWG9pTXR3Y1ZrbC9WSUE9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== 25 | mg.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1hZ0F3SUJBZ0lKQUwzUW9rdFZDWDJTTUEwR0NTcUdTSWIzRFFFQkN3VUFNR1F4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlEQUpEUVRFV01CUUdBMVVFQnd3TlRXOTFiblJoYVc0Z1ZtbGxkekVOTUFzRwpBMVVFQ2d3RVYxTlBNakVOTUFzR0ExVUVDd3dFVjFOUE1qRVNNQkFHQTFVRUF3d0piRzlqWVd4b2IzTjBNQjRYCkRUSXhNREV6TVRFM05USXpOVm9YRFRNeE1ERXlPVEUzTlRJek5Wb3daREVMTUFrR0ExVUVCaE1DVlZNeEN6QUoKQmdOVkJBZ01Ba05CTVJZd0ZBWURWUVFIREExTmIzVnVkR0ZwYmlCV2FXVjNNUTB3Q3dZRFZRUUtEQVJYVTA4eQpNUTB3Q3dZRFZRUUxEQVJYVTA4eU1SSXdFQVlEVlFRRERBbHNiMk5oYkdodmMzUXdnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRHkrTjRmTkdHK2w4ekt5MmR3K2NzRmJMKzNrWGQ0TEZ0d3R0MjYKQmFmTitjaUJwWHBOYWVvOEZScUFrRXFuTkZtemdEMUNOcjltdEpVbU5peHNCSE1KTCtxSmFuUUozQ1NxZnBrSgplbVp1bCtOaWNvNUdydzN3ejdOWnBKbGhzMjlZbm1oSTdpUWY0c3BiTTROb1Y1dkJNa0dteEhXOEtFY2YzbDJqCkVXNVNPSmxxS3hWcENCUW5wMnRGMlVPMGlhbjJ2MFFCZmZwaEU2NWdVK2dRbHkrd2ZqKzY0QkhvS1VuWFpFVGMKejVnM2cxT0xYQnBVMjhadlBqZWcydWsvTHRKZUNtTE9LZURGSVl5b2pwWlRiS3hHYVQ5LzBBdUNJOGlrVU9tNQorSUpOaG9oeEZQNWh4VEtuMmN3T1ZOR3lReTRQNTFEV3gwazVyWFUvL0l5ejZDVjlBZ01CQUFHak16QXhNQzhHCkExVWRFUVFvTUNhQ0IyRmtZWEIwWlhLQ0NHVnVabTl5WTJWeWdnWnliM1YwWlhLQ0NXeHZZMkZzYUc5emREQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBa2l5WXQrMGZwOGNzOW9hMkhWVS9OZkltbHpRTUJWMFMrTTNERmxwNgo0ZWdMV2JEWE05azVHZWNybFUyYlkzdU8ydU1UOWp6V0o3R1UxZnVKdEFJRFFwVVJydWhvWHFpdVFmM3owUTZPClhsSlVXTlJpVWFZeWhNQkNLM2VrbXhyVEtrZ3dUZHpIWlBlRTN3MkRIOHA2bjU3YVBFNkJjYXJLTzdCWEJERDAKdmx3amtDNm5zOStQcGplMmJZeFIyQlBBNkxrcVpleWZ5WmNwUE55NE5UTjY2TEErVVFFaXpVTWV0R2FocFNwaAo1TlFlSUZnOFM0OWJsRlZsdWNYS0ZMdEFKUVgyVWJEdUxMamhDZEh1b3AwMGxZN3Nicks2dnJ5d3RydDEyaHp1Cnp3TmR3S01pQ1V3MTRvQzdBMlpmaEE1UEVpT2JFdFIwSittUGhuTEdHVk1HNHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 26 | type: Opaque 27 | {{- end -}} 28 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/default-ingress-tls-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (not .Values.wso2.deployment.adapter.ingress.tlsSecretName) (not .Values.wso2.deployment.gatewayRuntime.router.ingress.tlsSecretName) -}} 2 | # -------------------------------------------------------------------- 3 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # ----------------------------------------------------------------------- 17 | 18 | apiVersion: v1 19 | kind: Secret 20 | metadata: 21 | name: {{ printf "%s-default-ingress-tls" (include "choreo-connect.fullname" .) | trunc 63 }} 22 | namespace: {{ .Release.Namespace }} 23 | type: kubernetes.io/tls 24 | data: 25 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURsakNDQW42Z0F3SUJBZ0lKQU5ibDFtR0pvVDltTUEwR0NTcUdTSWIzRFFFQkN3VUFNSFV4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlEQUpEUVRFV01CUUdBMVVFQnd3TlRXOTFiblJoYVc0Z1ZtbGxkekVUTUJFRwpBMVVFQ2d3S1YxTlBNaXdnU1c1akxqRVhNQlVHQTFVRUN3d09RMmh2Y21WdklFTnZibTVsWTNReEV6QVJCZ05WCkJBTU1DaW91ZDNOdk1pNWpiMjB3SGhjTk1qSXdOekk0TURnd09EQTNXaGNOTXpJd056STFNRGd3T0RBM1dqQjEKTVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHQTFVRUNBd0NRMEV4RmpBVUJnTlZCQWNNRFUxdmRXNTBZV2x1SUZacApaWGN4RXpBUkJnTlZCQW9NQ2xkVFR6SXNJRWx1WXk0eEZ6QVZCZ05WQkFzTURrTm9iM0psYnlCRGIyNXVaV04wCk1STXdFUVlEVlFRRERBb3FMbmR6YnpJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUIKQ2dLQ0FRRUE2L1BqNUVEL28wa3FOZzVDOVl6enBtTUtLb2xQL2lTSkxrVGM5NGxsUHJnTVhqRmlzSE1la0d6NwpkM3cxaHRCNnd3TGVJQThZaU9Hc1paVlVYV1lLOG9BRmpTZ3E3SSt2TUkwTUZ1enJrcEZmb2Yyazk3VnVDYmRoCnlXL2MrejlFRzQ4SEN0TzBoNmIzQWJFMy9nOVNPVEpKWTZZa01oK1pRZVRFeVdrelRES2wydXg0cTEwUFVVL1AKQklGMlBVRVVLaFMyUzhJQmNXcDUvdEtORHpTeGVnQXgyWVFISTZrdkM5eGo4SXVxYjA3SWNjcXIzSTJRTEJzbgpGYkYrRGlaM09zS08vNFRBcFlCWFJNQjJBRjdDY0VjNjNSZUNLeER0cE1aRkVzKzJJZDFoU1VHUTNMeXRBK3N6ClRYRkNJMWJtdDJNUzl2bEVGTEtIWG0xQ0NKc2RJd0lEQVFBQm95a3dKekFsQmdOVkhSRUVIakFjZ2d0bmR5NTMKYzI4eUxtTnZiWUlOWVhCcGJTNTNjMjh5TG1OdmJUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFQMUkwaUQxTApwcllLSjRCYWpJMXo0bFcvSnFZZEZ6MXphbkxDYkZYZ3ViZkRjUXhBRzAyTTBMTytkd2FoWmdDOG81K09uaVNPCko4VmZNNVZjbFgySkZOQ0R1TVZSUEJDK2RsZ09QL2p5ZnBrY3dZYUNuQnh6S1lnSzVhMGNXVW9JU0I0MWVUSUsKeFNwNWFFVDN1TkVHajlWQi81MGl5MzRQY2hxVzQrTmtUckM2N0VxVmlFbjBhQXdYYUhLUTUyM0NrWHoyczlMNgpmWkZMbUhMSFBhNFZVTk5paGdXQUxCT0dSS2hEckg3RU5YeUhjdVlwcjlsRi9hblhVOGUyWFBqVDFMa1BlRE9NCkYyQ24rSUVBdmFsQmoyb0puQXJvbDFBc3F5eHZBdjcwY2NZMDhUeFdBK2ZLM09oTHBQUzVCNWRoVFhOZ0tqYVcKV3pOeFBYV2dCQXhOVUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 26 | tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHI4K1BrUVAralNTbzIKRGtMMWpQT21Zd29xaVUvK0pJa3VSTnozaVdVK3VBeGVNV0t3Y3g2UWJQdDNmRFdHMEhyREF0NGdEeGlJNGF4bApsVlJkWmdyeWdBV05LQ3JzajY4d2pRd1c3T3VTa1YraC9hVDN0VzRKdDJISmI5ejdQMFFiandjSzA3U0hwdmNCCnNUZitEMUk1TWtsanBpUXlINWxCNU1USmFUTk1NcVhhN0hpclhROVJUODhFZ1hZOVFSUXFGTFpMd2dGeGFubisKMG8wUE5MRjZBREhaaEFjanFTOEwzR1B3aTZwdlRzaHh5cXZjalpBc0d5Y1ZzWDRPSm5jNndvNy9oTUNsZ0ZkRQp3SFlBWHNKd1J6cmRGNElyRU8ya3hrVVN6N1loM1dGSlFaRGN2SzBENnpOTmNVSWpWdWEzWXhMMitVUVVzb2RlCmJVSUlteDBqQWdNQkFBRUNnZ0VCQUpUSFdHOVl2TmpORFp6QUtXQ0QzQzZTVEpxOXNuN2hzczVHQmI3Z0Y4TVEKY2x3Q2IrUXE4cDdHMlZsaUxLNHhUdmNnRzhmRFBRa3lvMjM2VnhQOWYvR2czOTg5OExMeGR0bjZWaUV1aXV3RQpWblRpWnQ3NnU4UE1xaEJHUk9UMzQ0NHRCWmZDSGhkYkpHMGd2ZG1vOTRPeFBhMWoyWGJ4amNXSzVyckpadHNuCjdsR0dQOUNIaGtMRHRkK2kwRVZQU1NvbE9hNjNFQTAzcEZJbDdWb3llOWFSeXgwUkM3QklkTVFEd1ZUTDl5KzcKM1Z5bjNzdWNIRjlXYU1ZUTljUjlJMkVMenB2WGVPOWRHUWJ3Z1ZjYlpsUldlSFUzVHg1R1lsWFRSVDd2d2h0dApmWmoyWUlqVEJGT09uelRQaDdYYytKMFRheU9NL001WFg0dFc5dC9DWXdFQ2dZRUEvL0V3MC84U2FicGFGaXg4CmQ2QzJVQVdFMmxBejFlTGlmN2NNSGVVWDdNdnl5eG9PSU1FTkllSy8vODlNc0hRNVJmTGthYmZLdHp3QUk5L3YKTFV5NGEzdVc0WHN5MzNOT0p3MUROb2JNZXNSVnhkaXd1cjNQeXFpSCtGSTFZUEJHRTFWRzFTaHhjc1dxNnpvWApSYjBTRWkxY3R1dEhjWkJYU0p3emJUdFdYOE1DZ1lFQTdBR0s5NnNJSzQ5UXdsQlNOWDk2Wld6MEpPanc3TnkyCm1vdUNWNndvWUp6Ui9taENiWG56aEg5RVdrT2JoM05TU2F3ancrVFBydmJnd1NzOTNsYWNhT0ZsaEJaVmtTb2gKU1Q1K0VGNzBEVmQyeEhhUU84aG85RGw5TWxra0dobFZpRmdEL2RpeXViNTMzc292UXlsMGZiOW1lcUZkSDNBSgpNQVhQUTdNRTF5RUNnWUFYK0lUME5mMkpmWFNXZ3hBZFBDWVhGSTArelNndHJoUThsZTVDbG9SSkgwamNFTktsCjZxN0tMNngvenZDRnpqelcra3ErUkFKdWF1WXdkZmEycldyUVZrRHBXVnFJWndvNHloc3piaWlVanZMaGxzdm0Ka1lSMm5KWXZnYk9TSXE3TmZMMG5sYVFhZGJ6dVR3Q0MvWlJGczQzdGE5ZkRJUnVycDBXQnczN3hkUUtCZ0hSbQovbWZSajZJTWVjU2RZUzdKeFZDcFFISEVBckNRMisrMXgzLytoWnZCUFVIQm9xSGtlRnR0ZWdVYk8yYS9WbUxICjZJd0NHdjBzL3dYSGtpaExoN0dqR2pMZjRTeE1IMGJFNytDYk5Md3YyNEJqQ2hpeWJER28rVHNRQkdKckJHalAKSUlqZmpLZFliajhRY2VjcVZ5NStiTWtuTllyLzgwZ2dWVzRLcWVTQkFvR0JBUGtFbU1WZ3dSU1VTVVVzeEVGbApDaDFyWDI0WXZoL3VDSkJGbzRvUW5oT2l0a2Z1eWFDckVaSGtjV1Q3TGloSFpoTzFGdkNjckpZODhjblhqOXV0ClIvUGhUUXRrNnFjZkhOUjU4L1JkRkMzaWpqOFNYcjNMQ1VNeXN6aTZ2MzVpdURUeU85ZFpZZW9pTVlwSHRKZEQKNURqNzB0cHpUZ2xqdzZGSlE4SlB6MnEzCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K 27 | {{- end -}} 28 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/enforcer-log4j2-configmap.yaml: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------- 2 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ----------------------------------------------------------------------- 16 | 17 | apiVersion: v1 18 | kind: ConfigMap 19 | metadata: 20 | name: {{ printf "%s-log4j2-properties" (include "choreo-connect.enforcerFullname" .) | trunc 63 }} 21 | namespace: {{ .Release.Namespace }} 22 | data: 23 | {{- if .Values.wso2.deployment.gatewayRuntime.enforcer.log4j2Properties }} 24 | log4j2.properties: | 25 | {{ tpl .Values.wso2.deployment.gatewayRuntime.enforcer.log4j2Properties $ | indent 4 }} 26 | {{- else }} 27 | log4j2.properties: | 28 | monitorInterval=20 29 | 30 | appenders = ENFORCER_CONSOLE 31 | 32 | appender.ENFORCER_CONSOLE.type = Console 33 | appender.ENFORCER_CONSOLE.name = ENFORCER_CONSOLE 34 | appender.ENFORCER_CONSOLE.layout.type = PatternLayout 35 | appender.ENFORCER_CONSOLE.layout.pattern = [%d{DEFAULT}][%X{traceId}] %5p - {%c} - %m%n 36 | appender.ENFORCER_CONSOLE.filter.threshold.type = ThresholdFilter 37 | appender.ENFORCER_CONSOLE.filter.threshold.level = DEBUG 38 | 39 | appender.ENFORCER_LOGFILE.type = RollingFile 40 | appender.ENFORCER_LOGFILE.name = ENFORCER_LOGFILE 41 | appender.ENFORCER_LOGFILE.fileName = logs/enforcer.log 42 | appender.ENFORCER_LOGFILE.filePattern = /logs/enforcer-%d{MM-dd-yyyy}.log 43 | appender.ENFORCER_LOGFILE.layout.type = PatternLayout 44 | appender.ENFORCER_LOGFILE.layout.pattern = [%d][%X{traceId}] %5p {%c} - %m%ex%n 45 | appender.ENFORCER_LOGFILE.policies.type = Policies 46 | appender.ENFORCER_LOGFILE.policies.time.type = TimeBasedTriggeringPolicy 47 | appender.ENFORCER_LOGFILE.policies.time.interval = 1 48 | appender.ENFORCER_LOGFILE.policies.time.modulate = true 49 | appender.ENFORCER_LOGFILE.policies.size.type = SizeBasedTriggeringPolicy 50 | appender.ENFORCER_LOGFILE.policies.size.size=10MB 51 | appender.ENFORCER_LOGFILE.strategy.type = DefaultRolloverStrategy 52 | appender.ENFORCER_LOGFILE.strategy.max = 20 53 | appender.ENFORCER_LOGFILE.filter.threshold.type = ThresholdFilter 54 | appender.ENFORCER_LOGFILE.filter.threshold.level = DEBUG 55 | 56 | appender.ENFORCER_ACCESS_LOG.type = RollingFile 57 | appender.ENFORCER_ACCESS_LOG.name = ENFORCER_ACCESS_LOG 58 | appender.ENFORCER_ACCESS_LOG.fileName = logs/enforcer_access.log 59 | appender.ENFORCER_ACCESS_LOG.filePattern = /logs/enforcer_access-%d{MM-dd-yyyy}.log 60 | appender.ENFORCER_ACCESS_LOG.layout.type = PatternLayout 61 | appender.ENFORCER_ACCESS_LOG.layout.pattern = [%d] - %m%ex%n 62 | appender.ENFORCER_ACCESS_LOG.policies.type = Policies 63 | appender.ENFORCER_ACCESS_LOG.policies.time.type = TimeBasedTriggeringPolicy 64 | appender.ENFORCER_ACCESS_LOG.policies.time.interval = 1 65 | appender.ENFORCER_ACCESS_LOG.policies.time.modulate = true 66 | appender.ENFORCER_ACCESS_LOG.policies.size.type = SizeBasedTriggeringPolicy 67 | appender.ENFORCER_ACCESS_LOG.policies.size.size=10MB 68 | appender.ENFORCER_ACCESS_LOG.strategy.type = DefaultRolloverStrategy 69 | appender.ENFORCER_ACCESS_LOG.strategy.max = 20 70 | appender.ENFORCER_ACCESS_LOG.filter.threshold.type = ThresholdFilter 71 | appender.ENFORCER_ACCESS_LOG.filter.threshold.level = DEBUG 72 | 73 | loggers = enforcer, io-swagger-v3, enforcer-interceptors, carbon-apimgt 74 | 75 | # Log to access log file 76 | logger.enforcer-interceptors.name = org.wso2.choreo.connect.enforcer.grpc.interceptors 77 | # Change the log level into DEBUG to view the access logs. 78 | logger.enforcer-interceptors.level = INFO 79 | logger.enforcer-interceptors.additivity = false 80 | logger.enforcer-interceptors.appenderRef.console.ref = ENFORCER_CONSOLE 81 | 82 | # Log to console and rolling file 83 | logger.enforcer.name = org.wso2.choreo.connect.enforcer 84 | logger.enforcer.level = INFO 85 | logger.enforcer.additivity = false 86 | # logger.enforcer.appenderRef.rolling.ref = ENFORCER_LOGFILE 87 | logger.enforcer.appenderRef.console.ref = ENFORCER_CONSOLE 88 | 89 | logger.carbon-apimgt.name = org.wso2.carbon.apimgt 90 | logger.carbon-apimgt.level = INFO 91 | logger.carbon-apimgt.additivity = false 92 | # logger.carbon-apimgt.appenderRef.ENFORCER_LOGFILE.ref = ENFORCER_LOGFILE 93 | logger.carbon-apimgt.appenderRef.console.ref = ENFORCER_CONSOLE 94 | 95 | logger.io-swagger-v3.name = io.swagger.v3.parser 96 | logger.io-swagger-v3.level = ERROR 97 | logger.io-swagger-v3.additivity = false 98 | # logger.io-swagger-v3.appenderRef.rolling.ref = ENFORCER_LOGFILE 99 | logger.io-swagger-v3.appenderRef.console.ref = ENFORCER_CONSOLE 100 | 101 | rootLogger.level = ERROR 102 | rootLogger.appenderRef.ENFORCER_CONSOLE.ref = ENFORCER_CONSOLE 103 | # rootLogger.appenderRef.ENFORCER_LOGFILE.ref = ENFORCER_LOGFILE 104 | # rootLogger.appenderRef.ENFORCER_ACCESS_LOG.ref = ENFORCER_ACCESS_LOG 105 | {{- end -}} 106 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/config-toml-configmap.yaml: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------- 2 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ----------------------------------------------------------------------- 16 | 17 | apiVersion: v1 18 | kind: ConfigMap 19 | metadata: 20 | name: {{printf "%s-config-toml" (include "choreo-connect.adapterFullname" .) | trunc 63}} 21 | namespace: {{ .Release.Namespace }} 22 | data: 23 | {{- if .Values.wso2.deployment.adapter.configToml }} 24 | config.toml: | 25 | {{ tpl .Values.wso2.deployment.adapter.configToml $ | indent 4 }} 26 | {{- else }} 27 | config.toml: | 28 | [adapter] 29 | [adapter.server] 30 | {{- if eq .Values.wso2.deployment.adapter.security.adapterRestService.enabled "default" }} 31 | enabled = {{ if (include "choreo-connect.deploymentMode.isStandalone" .) }}true{{ else }}false{{ end }} 32 | {{- else }} 33 | enabled = {{ if eq .Values.wso2.deployment.adapter.security.adapterRestService.enabled "true" }}true{{ else }}false{{ end }} 34 | {{- end }} 35 | port = "9843" 36 | tokenPrivateKeyPath = "/home/wso2/security/keystore/mg.key" 37 | [[adapter.server.users]] 38 | username = "admin" 39 | password = "$env{adapter_admin_pwd}" 40 | 41 | [[adapter.vhostMapping]] 42 | environment = "Default" 43 | vhost = "{{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }}" 44 | 45 | [adapter.keystore] 46 | certPath = "/home/wso2/security/keystore/mg.pem" 47 | keyPath = "/home/wso2/security/keystore/mg.key" 48 | 49 | [adapter.truststore] 50 | location = "/home/wso2/security/truststore" 51 | 52 | [router] 53 | listenerPort = 9090 54 | securedListenerPort = 9095 55 | systemHost = "{{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }}" 56 | useRemoteAddress = false 57 | 58 | [router.keystore] 59 | certPath = "/home/wso2/security/keystore/mg.pem" 60 | keyPath = "/home/wso2/security/keystore/mg.key" 61 | 62 | [router.upstream] 63 | [router.upstream.tls] 64 | trustedCertPath = "/etc/ssl/certs/ca-certificates.crt" 65 | verifyHostName = true 66 | disableSslVerification = false 67 | 68 | [enforcer] 69 | [enforcer.jwtGenerator] 70 | enabled = {{ .Values.wso2.deployment.gatewayRuntime.enforcer.security.backendJWT.enabled }} 71 | publicCertificatePath = "/home/wso2/security/keystore/backend-jwt.pem" 72 | privateKeyPath = "/home/wso2/security/keystore/backend-jwt.key" 73 | 74 | [enforcer.jwtIssuer] 75 | enabled = {{ .Values.wso2.deployment.gatewayRuntime.enforcer.security.testTokenIssuer.enabled }} 76 | issuer = "https://{{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }}/testkey" 77 | 78 | {{- /* Setting values for section [enforcer.throttling] */ -}} 79 | {{- $tmSVCs := .Values.wso2.apim.trafficManagers | default .Values.wso2.apim.controlPlane.eventListeners | default (list .Values.wso2.apim.controlPlane.serviceName) -}} 80 | {{- $brokerList := list -}} 81 | {{- range $tmSVCs -}} 82 | {{- $brokerList = append $brokerList (printf "tcp://%s:5672" .) -}} 83 | {{- end }} 84 | 85 | [enforcer.throttling] 86 | enableGlobalEventPublishing = {{ if (include "choreo-connect.deploymentMode.isStandalone" .) }}false{{ else }}true{{ end }} 87 | jmsConnectionProviderURL = "amqp://admin:$env{tm_admin_pwd}@carbon/carbon?brokerlist='{{ $brokerList | join ";" }}'" 88 | [enforcer.throttling.publisher] 89 | username = "admin" 90 | password = "$env{tm_admin_pwd}" 91 | {{- range $tmSVCs }} 92 | [[enforcer.throttling.publisher.URLGroup]] 93 | receiverURLs = ["tcp://{{ . }}:9611"] 94 | authURLs = ["ssl://{{ . }}:9711"] 95 | {{- end }} 96 | 97 | [enforcer.security] 98 | [[enforcer.security.tokenService]] 99 | name = "Resident Key Manager" 100 | issuer = "https://{{ .Values.wso2.apim.controlPlane.hostName }}/oauth2/token" 101 | certificateAlias = "wso2carbon" 102 | jwksURL = "" 103 | validateSubscription = false 104 | consumerKeyClaim = "azp" 105 | certificateFilePath = "/home/wso2/security/truststore/wso2carbon.pem" 106 | 107 | [[enforcer.security.tokenService]] 108 | name = "MGW" 109 | issuer = "https://{{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }}/testkey" 110 | certificateAlias = "mgw" 111 | jwksURL = "" 112 | validateSubscription = false 113 | consumerKeyClaim = "" 114 | certificateFilePath = "/home/wso2/security/truststore/mg.pem" 115 | 116 | [[enforcer.security.tokenService]] 117 | name = "APIM Publisher" 118 | issuer = "https://{{ .Values.wso2.apim.controlPlane.hostName }}/publisher" 119 | validateSubscription = true 120 | certificateFilePath = "/home/wso2/security/truststore/wso2carbon.pem" 121 | 122 | [controlPlane] 123 | enabled = {{ if (include "choreo-connect.deploymentMode.isStandalone" .) }}false{{ else }}true{{ end }} 124 | serviceURL = "https://{{ .Values.wso2.apim.controlPlane.serviceName }}:9443/" 125 | username = "admin" 126 | password = "$env{cp_admin_pwd}" 127 | environmentLabels = [{{ .Values.wso2.deployment.labelName | quote }}] 128 | skipSSLVerification = {{ .Values.wso2.apim.controlPlane.skipSSLVerification }} 129 | 130 | [controlPlane.brokerConnectionParameters] 131 | {{- /* Setting control plane JMS eventListeningEndpoints */ -}} 132 | {{- $eventListeners := .Values.wso2.apim.controlPlane.eventListeners | default (list .Values.wso2.apim.controlPlane.serviceName) -}} 133 | {{- $eventListenerEPs := list -}} 134 | {{- range $eventListeners -}} 135 | {{- $eventListenerEPs = append $eventListenerEPs (printf "amqp://admin:$env{cp_admin_pwd}@%s:5672?retries='10'&connectdelay='30'" . | quote) -}} 136 | {{- end }} 137 | eventListeningEndpoints = [{{ $eventListenerEPs | join ", " }}] 138 | 139 | [analytics] 140 | enabled = {{ .Values.wso2.choreoAnalytics.enabled | default "false" }} 141 | {{- end -}} 142 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Copyright (c) 2022, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. 12 | */}} 13 | 14 | {{/* 15 | Expand the name of the chart. 16 | */}} 17 | {{- define "choreo-connect.name" -}} 18 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 19 | {{- end }} 20 | 21 | {{/* 22 | Create a default fully qualified app name. 23 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 24 | If release name contains chart name it will be used as a full name. 25 | */}} 26 | {{- define "choreo-connect.fullname" -}} 27 | {{- if .Values.fullnameOverride }} 28 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 29 | {{- else }} 30 | {{- $name := default .Chart.Name .Values.nameOverride }} 31 | {{- if contains $name .Release.Name }} 32 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 33 | {{- else }} 34 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 35 | {{- end }} 36 | {{- end }} 37 | {{- end }} 38 | 39 | {{/* 40 | Create chart name and version as used by the chart label. 41 | */}} 42 | {{- define "choreo-connect.chart" -}} 43 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 44 | {{- end -}} 45 | 46 | {{/* 47 | Common labels 48 | */}} 49 | {{- define "choreo-connect.labels" -}} 50 | helm.sh/chart: {{ include "choreo-connect.chart" . }} 51 | {{ include "choreo-connect.selectorLabels" . }} 52 | {{- if .Chart.AppVersion }} 53 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 54 | {{- end }} 55 | app.kubernetes.io/managed-by: {{ .Release.Service }} 56 | {{- end }} 57 | 58 | {{/* 59 | Selector labels 60 | */}} 61 | {{- define "choreo-connect.selectorLabels" -}} 62 | app.kubernetes.io/name: {{ include "choreo-connect.name" . }} 63 | app.kubernetes.io/instance: {{ .Release.Name }} 64 | {{- end }} 65 | 66 | {{/* 67 | Create the name of the service account to use 68 | */}} 69 | {{- define "choreo-connect.serviceAccountName" -}} 70 | {{- if .Values.kubernetes.serviceAccount.create }} 71 | {{- default (include "choreo-connect.fullname" .) .Values.kubernetes.serviceAccount.name }} 72 | {{- else }} 73 | {{- default "default" .Values.kubernetes.serviceAccount.name }} 74 | {{- end }} 75 | {{- end }} 76 | 77 | {{/* 78 | Subscriptions secret name. 79 | */}} 80 | {{- define "choreo-connect.subscriptionCredsSecretName" -}} 81 | {{- printf "%s-%s" (include "choreo-connect.fullname" .) "wso2-subscription-creds" | trunc 63 | trimSuffix "-" }} 82 | {{- end }} 83 | 84 | {{/* 85 | Docker image name. 86 | */}} 87 | {{- define "image" }} 88 | {{- $componentLevelDockerRegistry := .deployment.dockerRegistry }} 89 | {{- $imageName := .deployment.imageName }} 90 | {{- $imageTag := .deployment.imageTag | default "" }} 91 | {{- if or (eq .Values.wso2.subscription.username "") (eq .Values.wso2.subscription.password "") -}} 92 | {{- $dockerRegistry := $componentLevelDockerRegistry | default .Values.wso2.deployment.dockerRegistry | default "wso2" }} 93 | image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}{{- printf ":%s" $imageTag -}}{{- end }} 94 | {{- else }} 95 | {{- $dockerRegistry := $componentLevelDockerRegistry | default .Values.wso2.deployment.dockerRegistry | default "docker.wso2.com" }} 96 | {{- $parts := len (split "." $imageTag) }} 97 | {{- if and (eq $parts 3) (eq $dockerRegistry "docker.wso2.com") }} 98 | image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}:{{ $imageTag }}.0{{- end }} 99 | {{- else }} 100 | image: {{ $dockerRegistry }}/{{ $imageName }}{{- if not (eq $imageTag "") }}:{{ $imageTag }}{{- end }} 101 | {{- end -}} 102 | {{- end -}} 103 | {{- end -}} 104 | 105 | {{/* 106 | Truststore Secret Volume Names 107 | */}} 108 | {{- define "choreo-connect.deployment.secretVolumeName" -}} 109 | {{ (regexReplaceAll "\\W+" (printf "%s-%s-%s" .prefix .secret.secretName .secret.subPath | lower | trunc 63 ) "-" ) | trimSuffix "-"}} 110 | {{- end -}} 111 | 112 | {{/* 113 | Truststore Secret Volumes Mounts 114 | */}} 115 | {{- define "choreo-connect.deployment.truststore.volumes" -}} 116 | {{- range .truststore -}} 117 | {{- if . -}} 118 | {{- /* Didn't used "nindent" when using this template, that makes new lines, hence do the indentation here */}} 119 | - name: {{ include "choreo-connect.deployment.secretVolumeName" (dict "prefix" $.prefix "secret" .) }} 120 | secret: 121 | secretName: {{ .secretName }} 122 | {{- end -}} 123 | {{- end -}} 124 | {{- end -}} 125 | 126 | {{/* 127 | Truststore Secret Volume Mounts 128 | */}} 129 | {{- define "choreo-connect.deployment.truststore.mounts" -}} 130 | {{- range .truststore -}} 131 | {{- if . -}} 132 | {{- /* Didn't used "nindent" when using this template, that makes new lines, hence do the indentation here */ -}} 133 | {{- /* Appended '.pem' since there can be file extension check inside the component */}} 134 | - mountPath: /home/wso2/security/truststore{{ if .subPath }}/{{ .mountAs | default (printf "%s-%s.pem" .secretName (.subPath | replace "." "-")) }}{{- end }} 135 | name: {{ include "choreo-connect.deployment.secretVolumeName" (dict "prefix" $.prefix "secret" .) }} 136 | readOnly: true 137 | subPath: {{ .subPath | quote }} 138 | {{- end -}} 139 | {{- end -}} 140 | {{- end -}} 141 | 142 | 143 | 144 | {{/* 145 | Deployment Mode 146 | */}} 147 | {{- define "choreo-connect.deploymentMode.isStandalone" -}} 148 | {{- if eq (upper .Values.wso2.deployment.mode) "STANDALONE" -}} 149 | True 150 | {{- end -}} 151 | {{- end -}} 152 | 153 | {{/* 154 | Adapter 155 | */}} 156 | {{- define "choreo-connect.adapterFullname" -}} 157 | {{ printf "%s-adapter" (include "choreo-connect.fullname" .) | replace "+" "_" | trunc 63 | trimSuffix "-" }} 158 | {{- end -}} 159 | 160 | {{/* 161 | Enforcer 162 | */}} 163 | {{- define "choreo-connect.enforcerFullname" -}} 164 | {{ printf "%s-enforcer" (include "choreo-connect.fullname" .) | replace "+" "_" | trunc 63 | trimSuffix "-" }} 165 | {{- end -}} 166 | 167 | {{/* 168 | Router 169 | */}} 170 | {{- define "choreo-connect.routerFullname" -}} 171 | {{ printf "%s-router" (include "choreo-connect.fullname" .) | replace "+" "_" | trunc 63 | trimSuffix "-" }} 172 | {{- end -}} 173 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/adapter-deployment.yaml: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------- 2 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ----------------------------------------------------------------------- 16 | 17 | apiVersion: apps/v1 18 | kind: Deployment 19 | metadata: 20 | name: {{ printf "%s-%s" (include "choreo-connect.fullname" .) "adapter" | trunc 63 }} 21 | namespace: {{ .Release.Namespace }} 22 | labels: 23 | {{- include "choreo-connect.labels" . | nindent 4 }} 24 | app.kubernetes.io/component: choreo-connect-adapter 25 | spec: 26 | replicas: {{ .Values.wso2.deployment.adapter.replicaCount }} 27 | strategy: 28 | rollingUpdate: 29 | maxSurge: 1 30 | maxUnavailable: 0 31 | type: RollingUpdate 32 | selector: 33 | matchLabels: 34 | {{- include "choreo-connect.selectorLabels" . | nindent 6 }} 35 | app.kubernetes.io/component: choreo-connect-adapter 36 | template: 37 | metadata: 38 | {{- with .Values.wso2.deployment.adapter.podAnnotations }} 39 | annotations: 40 | {{- toYaml . | nindent 8 }} 41 | {{- end }} 42 | labels: 43 | {{- include "choreo-connect.selectorLabels" . | nindent 8 }} 44 | app.kubernetes.io/component: choreo-connect-adapter 45 | spec: 46 | {{- if .Values.wso2.deployment.imagePullSecrets }} 47 | imagePullSecrets: 48 | {{- range .Values.wso2.deployment.imagePullSecrets }} 49 | - name: {{ . }} 50 | {{- end }} 51 | {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} 52 | imagePullSecrets: 53 | - name: {{ include "choreo-connect.subscriptionCredsSecretName" . }} 54 | {{- end }} 55 | serviceAccountName: {{ include "choreo-connect.serviceAccountName" . }} 56 | automountServiceAccountToken: {{ .Values.wso2.deployment.adapter.automountServiceAccountToken }} 57 | {{- with .Values.wso2.deployment.adapter.podSecurityContext }} 58 | securityContext: 59 | {{- toYaml . | nindent 8}} 60 | {{- end }} 61 | containers: 62 | - name: choreo-connect-adapter 63 | {{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.adapter) | indent 10 }} 64 | imagePullPolicy: {{ .Values.wso2.deployment.adapter.imagePullPolicy }} 65 | volumeMounts: 66 | - mountPath: /home/wso2/security/keystore/mg.key 67 | name: adapter-keystore-key 68 | readOnly: true 69 | subPath: {{ if .Values.wso2.deployment.adapter.security.keystore }}{{ .Values.wso2.deployment.adapter.security.keystore.key.subPath | quote }}{{ else }}"mg.key"{{ end }} 70 | - mountPath: /home/wso2/security/keystore/mg.pem 71 | name: adapter-keystore-cert 72 | readOnly: true 73 | subPath: {{ if .Values.wso2.deployment.adapter.security.keystore }}{{ .Values.wso2.deployment.adapter.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 74 | {{- if not .Values.wso2.deployment.adapter.security.truststore }} 75 | - mountPath: /home/wso2/security/truststore/controlplane.pem 76 | name: adapter-truststore 77 | readOnly: true 78 | subPath: controlplane.pem 79 | {{- else }} 80 | {{- include "choreo-connect.deployment.truststore.mounts" (dict "truststore" .Values.wso2.deployment.adapter.security.truststore "prefix" "adapter") }} 81 | {{- end }} 82 | - mountPath: /home/wso2/security/truststore/mg.pem 83 | name: adapter-keystore-cert 84 | readOnly: true 85 | subPath: {{ if .Values.wso2.deployment.adapter.security.keystore }}{{ .Values.wso2.deployment.adapter.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 86 | - mountPath: /home/wso2/security/truststore/enforcer-ca-cert.pem 87 | name: enforcer-keystore-cert 88 | readOnly: true 89 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore -}} 90 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 91 | - mountPath: /home/wso2/security/truststore/router-ca-cert.pem 92 | name: router-keystore-cert 93 | readOnly: true 94 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.router.security.keystore }}{{ .Values.wso2.deployment.gatewayRuntime.router.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 95 | {{- if .Values.wso2.deployment.adapter.security.consul }} 96 | - mountPath: /home/wso2/security/truststore/consul/consul-agent-ca.pem 97 | name: consul-agent-ca-cert 98 | readOnly: true 99 | subPath: {{ if .Values.wso2.deployment.adapter.security.consul }}{{ .Values.wso2.deployment.adapter.security.consul.agentCaCert.subPath | quote }}{{ else }}"consul-agent-ca.pem"{{ end }} 100 | - mountPath: /home/wso2/security/truststore/consul/local-dc-client-consul-0-key.pem 101 | name: consul-client-cert 102 | readOnly: true 103 | subPath: {{ if .Values.wso2.deployment.adapter.security.consul }}{{ .Values.wso2.deployment.adapter.security.consul.clientCert.subPath | quote }}{{ else }}"local-dc-client-consul-0-key.pem"{{ end }} 104 | - mountPath: /home/wso2/security/truststore/consul/local-dc-client-consul-0.pem 105 | name: consul-client-key 106 | readOnly: true 107 | subPath: {{ if .Values.wso2.deployment.adapter.security.consul }}{{ .Values.wso2.deployment.adapter.security.consul.clientKey.subPath | quote }}{{ else }}"local-dc-client-consul-0.pem"{{ end }} 108 | {{- end }} 109 | - mountPath: /home/wso2/conf/config.toml 110 | name: config-toml 111 | subPath: "config.toml" 112 | - mountPath: /home/wso2/conf/log_config.toml 113 | name: logconfig-toml 114 | subPath: "log_config.toml" 115 | - mountPath: /home/wso2/check_health.sh 116 | name: grpc-probe-health-check 117 | subPath: "check_health.sh" 118 | {{- range .Values.wso2.deployment.volumeConfigs }} 119 | {{- if eq .mount.container "choreo-connect-adapter" }} 120 | - name: {{ .name }} 121 | mountPath: {{ .mount.path }} 122 | {{- with .mount.readOnly }} 123 | readOnly: {{ . }} 124 | {{- end }} 125 | {{- with .mount.subPath }} 126 | subPath: {{ . }} 127 | {{- end }} 128 | {{- end }} 129 | {{- end }} 130 | {{- with .Values.wso2.deployment.adapter.containerSecurityContext }} 131 | securityContext: 132 | {{- toYaml . | nindent 12}} 133 | {{- end }} 134 | env: 135 | - name: ADAPTER_PRIVATE_KEY_PATH 136 | value: "/home/wso2/security/keystore/mg.key" 137 | - name: ADAPTER_PUBLIC_CERT_PATH 138 | value: "/home/wso2/security/keystore/mg.pem" 139 | {{- with .Values.wso2.deployment.adapter.envOverride }} 140 | {{- toYaml . | nindent 12}} 141 | {{- end }} 142 | {{- with .Values.wso2.deployment.adapter.resources }} 143 | resources: 144 | requests: 145 | memory: {{ .requests.memory }} 146 | cpu: {{ .requests.cpu }} 147 | limits: 148 | memory: {{ .limits.memory }} 149 | cpu: {{ .limits.cpu }} 150 | {{- end }} 151 | ports: 152 | - containerPort: 18000 153 | - containerPort: 9843 154 | livenessProbe: 155 | exec: 156 | command: [ "sh", "check_health.sh" ] 157 | failureThreshold: {{ .Values.wso2.deployment.adapter.livenessProbe.failureThreshold }} 158 | initialDelaySeconds: {{ .Values.wso2.deployment.adapter.livenessProbe.initialDelaySeconds }} 159 | periodSeconds: {{ .Values.wso2.deployment.adapter.livenessProbe.periodSeconds }} 160 | readinessProbe: 161 | exec: 162 | command: [ "sh", "check_health.sh" ] 163 | failureThreshold: {{ .Values.wso2.deployment.adapter.readinessProbe.failureThreshold }} 164 | initialDelaySeconds: {{ .Values.wso2.deployment.adapter.readinessProbe.initialDelaySeconds }} 165 | periodSeconds: {{ .Values.wso2.deployment.adapter.readinessProbe.periodSeconds }} 166 | volumes: 167 | - name: adapter-keystore-key 168 | secret: 169 | secretName: {{ if .Values.wso2.deployment.adapter.security.keystore }}{{ .Values.wso2.deployment.adapter.security.keystore.key.secretName }}{{ else }}{{printf "%s-default-keystore" (include "choreo-connect.adapterFullname" .) | trunc 63}}{{ end }} 170 | - name: adapter-keystore-cert 171 | secret: 172 | secretName: {{ if .Values.wso2.deployment.adapter.security.keystore }}{{ .Values.wso2.deployment.adapter.security.keystore.cert.secretName }}{{ else }}{{printf "%s-default-keystore" (include "choreo-connect.adapterFullname" .) | trunc 63}}{{ end }} 173 | {{- if not .Values.wso2.deployment.adapter.security.truststore }} 174 | - name: adapter-truststore 175 | secret: 176 | secretName: {{ printf "%s-default-truststore" (include "choreo-connect.adapterFullname" .) | trunc 63 }} 177 | {{- else }} 178 | {{- include "choreo-connect.deployment.truststore.volumes" (dict "truststore" .Values.wso2.deployment.adapter.security.truststore "prefix" "adapter") }} 179 | {{- end }} 180 | {{- if .Values.wso2.deployment.adapter.security.consul }} 181 | - name: consul-agent-ca-cert 182 | secret: 183 | secretName: {{ .Values.wso2.deployment.adapter.security.consul.agentCaCert.secretName }} 184 | - name: consul-client-cert 185 | secret: 186 | secretName: {{ .Values.wso2.deployment.adapter.security.consul.clientCert.secretName }} 187 | - name: consul-client-key 188 | secret: 189 | secretName: {{ .Values.wso2.deployment.adapter.security.consul.clientKey.secretName }} 190 | {{- end }} 191 | - name: config-toml 192 | configMap: 193 | name: {{printf "%s-config-toml" (include "choreo-connect.adapterFullname" .) | trunc 63}} 194 | - name: logconfig-toml 195 | configMap: 196 | name: {{printf "%s-logconfig-toml" (include "choreo-connect.adapterFullname" .) | trunc 63}} 197 | - name: grpc-probe-health-check 198 | configMap: 199 | name: {{printf "%s-grpc-probe-script" (include "choreo-connect.adapterFullname" .) | trunc 63}} 200 | defaultMode: 0777 201 | - name: enforcer-keystore-cert 202 | secret: 203 | secretName: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore -}} 204 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore.cert.secretName -}} 205 | {{- else }}{{ printf "%s-default-keystore" (include "choreo-connect.enforcerFullname" .) | trunc 63 }}{{ end }} 206 | - name: router-keystore-cert 207 | secret: 208 | secretName: {{ if .Values.wso2.deployment.gatewayRuntime.router.security.keystore }}{{ .Values.wso2.deployment.gatewayRuntime.router.security.keystore.cert.secretName }}{{ else }}{{ printf "%s-default-keystore" (include "choreo-connect.routerFullname" .) | trunc 63 }}{{ end }} 209 | {{- range .Values.wso2.deployment.volumeConfigs }} 210 | {{- if eq .mount.container "choreo-connect-adapter" }} 211 | - name: {{ .name }} 212 | {{- if eq .resource.kind "Secret" }} 213 | secret: 214 | secretName: {{ .resource.name }} 215 | {{- else if eq .resource.kind "ConfigMap" }} 216 | configMap: 217 | name: {{ .resource.name }} 218 | {{- end }} 219 | {{- end }} 220 | {{- end }} 221 | restartPolicy: Always 222 | {{- with .Values.wso2.deployment.adapter.nodeSelector }} 223 | nodeSelector: 224 | {{- toYaml . | nindent 8 }} 225 | {{- end }} 226 | {{- with .Values.wso2.deployment.adapter.affinity }} 227 | affinity: 228 | {{- toYaml . | nindent 8 }} 229 | {{- end }} 230 | {{- with .Values.wso2.deployment.adapter.tolerations }} 231 | tolerations: 232 | {{- toYaml . | nindent 8 }} 233 | {{- end }} 234 | -------------------------------------------------------------------------------- /helm/choreo-connect/templates/gateway-runtime-deployment.yaml: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------- 2 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ----------------------------------------------------------------------- 16 | 17 | apiVersion: apps/v1 18 | kind: Deployment 19 | metadata: 20 | name: {{printf "%s-%s" (include "choreo-connect.fullname" .) "gateway-runtime" | trunc 63 }} 21 | namespace: {{ .Release.Namespace }} 22 | labels: 23 | {{- include "choreo-connect.labels" . | nindent 4 }} 24 | app.kubernetes.io/component: choreo-connect-gateway-runtime 25 | spec: 26 | {{- if not .Values.wso2.deployment.gatewayRuntime.autoscaling.enabled }} 27 | replicas: {{ .Values.wso2.deployment.gatewayRuntime.replicaCount }} 28 | {{- end }} 29 | strategy: 30 | rollingUpdate: 31 | maxSurge: 1 32 | maxUnavailable: 0 33 | type: RollingUpdate 34 | selector: 35 | matchLabels: 36 | {{- include "choreo-connect.selectorLabels" . | nindent 6 }} 37 | app.kubernetes.io/component: choreo-connect-gateway-runtime 38 | template: 39 | metadata: 40 | {{- with .Values.wso2.deployment.gatewayRuntime.podAnnotations }} 41 | annotations: 42 | {{- toYaml . | nindent 8 }} 43 | {{- end }} 44 | labels: 45 | {{- include "choreo-connect.selectorLabels" . | nindent 8 }} 46 | app.kubernetes.io/component: choreo-connect-gateway-runtime 47 | spec: 48 | {{- if .Values.wso2.deployment.imagePullSecrets }} 49 | imagePullSecrets: 50 | {{- range .Values.wso2.deployment.imagePullSecrets }} 51 | - name: {{ . }} 52 | {{- end }} 53 | {{- else if and (not (eq .Values.wso2.subscription.username "")) (not (eq .Values.wso2.subscription.password "")) }} 54 | imagePullSecrets: 55 | - name: {{ include "choreo-connect.subscriptionCredsSecretName" . }} 56 | {{- end }} 57 | serviceAccountName: {{ include "choreo-connect.serviceAccountName" . }} 58 | automountServiceAccountToken: {{ .Values.wso2.deployment.gatewayRuntime.automountServiceAccountToken }} 59 | {{- with .Values.wso2.deployment.gatewayRuntime.podSecurityContext }} 60 | securityContext: 61 | {{- toYaml . | nindent 8}} 62 | {{- end }} 63 | containers: 64 | - name: choreo-connect-enforcer 65 | {{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.gatewayRuntime.enforcer) | indent 10 }} 66 | imagePullPolicy: {{ .Values.wso2.deployment.gatewayRuntime.enforcer.imagePullPolicy }} 67 | volumeMounts: 68 | {{- if not .Values.wso2.deployment.gatewayRuntime.enforcer.security.truststore }} 69 | - mountPath: /home/wso2/security/truststore/wso2carbon.pem 70 | name: enforcer-truststore 71 | readOnly: true 72 | subPath: wso2carbon.pem 73 | {{- else -}} 74 | {{- include "choreo-connect.deployment.truststore.mounts" (dict "truststore" .Values.wso2.deployment.gatewayRuntime.enforcer.security.truststore "prefix" "enforcer") }} 75 | {{- end }} 76 | - mountPath: /home/wso2/security/truststore/mg.pem 77 | name: enforcer-keystore-cert 78 | readOnly: true 79 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore -}} 80 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 81 | - mountPath: /home/wso2/security/truststore/adapter-ca-cert.pem 82 | name: adapter-keystore-cert 83 | readOnly: true 84 | subPath: {{ if .Values.wso2.deployment.adapter.security.keystore }}{{ .Values.wso2.deployment.adapter.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 85 | - mountPath: /home/wso2/security/truststore/router-ca-cert.pem 86 | name: router-keystore-cert 87 | readOnly: true 88 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.router.security.keystore }}{{ .Values.wso2.deployment.gatewayRuntime.router.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 89 | - mountPath: /home/wso2/security/keystore/mg.key 90 | name: enforcer-keystore-key 91 | readOnly: true 92 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore -}} 93 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore.key.subPath | quote }}{{ else }}"mg.key"{{ end }} 94 | - mountPath: /home/wso2/security/keystore/mg.pem 95 | name: enforcer-keystore-cert 96 | readOnly: true 97 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore -}} 98 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 99 | - mountPath: /home/wso2/security/keystore/backend-jwt.key 100 | name: backend-jwt-keystore-key 101 | readOnly: true 102 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.backendJWT.keystore -}} 103 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.backendJWT.keystore.key.subPath | quote }}{{ else }}"mg.key"{{ end }} 104 | - mountPath: /home/wso2/security/keystore/backend-jwt.pem 105 | name: backend-jwt-keystore-cert 106 | readOnly: true 107 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.backendJWT.keystore -}} 108 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.backendJWT.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 109 | - mountPath: /home/wso2/conf/log4j2.properties 110 | name: enforcer-log4j2 111 | readOnly: true 112 | subPath: "log4j2.properties" 113 | - mountPath: /home/wso2/check_health.sh 114 | name: grpc-probe-health-check 115 | subPath: "check_health.sh" 116 | {{- range .Values.wso2.deployment.volumeConfigs }} 117 | {{- if eq .mount.container "choreo-connect-enforcer" }} 118 | - name: {{ .name }} 119 | mountPath: {{ .mount.path }} 120 | {{- with .mount.readOnly }} 121 | readOnly: {{ . }} 122 | {{- end }} 123 | {{- with .mount.subPath }} 124 | subPath: {{ . }} 125 | {{- end }} 126 | {{- end }} 127 | {{- end }} 128 | {{- if .Values.wso2.deployment.gatewayRuntime.enforcer.dropins }} 129 | - mountPath: /home/wso2/lib/dropins 130 | name: enforcer-dropins 131 | {{- end }} 132 | {{- with .Values.wso2.deployment.gatewayRuntime.enforcer.containerSecurityContext }} 133 | securityContext: 134 | {{- toYaml . | nindent 12}} 135 | {{- end }} 136 | env: 137 | - name: ENFORCER_PRIVATE_KEY_PATH 138 | value: "/home/wso2/security/keystore/mg.key" 139 | - name: ENFORCER_PUBLIC_CERT_PATH 140 | value: "/home/wso2/security/keystore/mg.pem" 141 | - name: TRUSTED_CA_CERTS_PATH 142 | value: "/home/wso2/security/truststore" 143 | - name: ADAPTER_HOST_NAME 144 | value: {{ .Values.wso2.deployment.adapter.security.sslHostname | quote }} 145 | - name: ADAPTER_HOST 146 | value: {{ include "choreo-connect.adapterFullname" . | quote }} 147 | - name: ADAPTER_XDS_PORT 148 | value: "18000" 149 | - name: ENFORCER_REGION 150 | value: "UNKNOWN" 151 | - name: XDS_MAX_MSG_SIZE 152 | value: "4194304" 153 | - name: XDS_MAX_RETRIES 154 | value: "3" 155 | {{- with .Values.wso2.deployment.gatewayRuntime.enforcer.envOverride }} 156 | {{- toYaml . | nindent 12}} 157 | {{- end }} 158 | {{- with .Values.wso2.deployment.labelName }} 159 | - name: ENFORCER_LABEL 160 | value: {{ . }} 161 | {{- end }} 162 | {{- with .Values.wso2.choreoAnalytics.endpoint }} 163 | - name: analytics_authURL 164 | value: {{ . }} 165 | {{- end }} 166 | {{- if .Values.wso2.choreoAnalytics.onpremKey }} 167 | - name: analytics_authToken 168 | valueFrom: 169 | secretKeyRef: 170 | name: {{ printf "%s-analytics-auth-token" (include "choreo-connect.fullname" .) | trunc 63 }} 171 | key: authToken 172 | {{- end }} 173 | {{- with .Values.wso2.deployment.gatewayRuntime.enforcer.resources }} 174 | resources: 175 | requests: 176 | memory: {{ .requests.memory }} 177 | cpu: {{ .requests.cpu }} 178 | limits: 179 | memory: {{ .limits.memory }} 180 | cpu: {{ .limits.cpu }} 181 | {{- end }} 182 | ports: 183 | - containerPort: 8081 184 | - containerPort: 9001 185 | startupProbe: 186 | exec: 187 | command: [ "sh", "check_health.sh" ] 188 | failureThreshold: {{ .Values.wso2.deployment.gatewayRuntime.enforcer.startupProbe.failureThreshold }} 189 | periodSeconds: {{ .Values.wso2.deployment.gatewayRuntime.enforcer.startupProbe.periodSeconds }} 190 | livenessProbe: 191 | exec: 192 | command: [ "sh", "check_health.sh" ] 193 | failureThreshold: {{ .Values.wso2.deployment.gatewayRuntime.enforcer.livenessProbe.failureThreshold }} 194 | initialDelaySeconds: {{ .Values.wso2.deployment.gatewayRuntime.enforcer.livenessProbe.initialDelaySeconds }} 195 | periodSeconds: {{ .Values.wso2.deployment.gatewayRuntime.enforcer.livenessProbe.periodSeconds }} 196 | readinessProbe: 197 | exec: 198 | command: [ "sh", "check_health.sh" ] 199 | failureThreshold: {{ .Values.wso2.deployment.gatewayRuntime.enforcer.readinessProbe.failureThreshold }} 200 | initialDelaySeconds: {{ .Values.wso2.deployment.gatewayRuntime.enforcer.readinessProbe.initialDelaySeconds }} 201 | periodSeconds: {{ .Values.wso2.deployment.gatewayRuntime.enforcer.readinessProbe.periodSeconds }} 202 | - name: choreo-connect-router 203 | {{- include "image" (dict "Values" .Values "deployment" .Values.wso2.deployment.gatewayRuntime.router) | indent 10 }} 204 | imagePullPolicy: {{ .Values.wso2.deployment.gatewayRuntime.router.imagePullPolicy }} 205 | volumeMounts: 206 | - mountPath: /home/wso2/security/keystore/mg.key 207 | name: router-keystore-key 208 | readOnly: true 209 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.router.security.keystore }}{{ .Values.wso2.deployment.gatewayRuntime.router.security.keystore.key.subPath | quote }}{{ else }}"mg.key"{{ end }} 210 | - mountPath: /home/wso2/security/keystore/mg.pem 211 | name: router-keystore-cert 212 | readOnly: true 213 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.router.security.keystore }}{{ .Values.wso2.deployment.gatewayRuntime.router.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 214 | {{- if .Values.wso2.deployment.gatewayRuntime.router.security.backendCaCerts }} 215 | - mountPath: /etc/ssl/certs/ca-certificates.crt 216 | name: router-backend-ca-certs 217 | readOnly: true 218 | subPath: {{ .Values.wso2.deployment.gatewayRuntime.router.security.backendCaCerts.subPath | quote }} 219 | {{- end }} 220 | {{- if .Values.wso2.deployment.gatewayRuntime.router.debug.heapProfile.mountEmptyDir }} 221 | - mountPath: {{ .Values.wso2.deployment.gatewayRuntime.router.debug.heapProfile.mountPath }} 222 | name: router-heap-profile-data 223 | {{- end }} 224 | - mountPath: /home/wso2/security/truststore/adapter-ca-cert.pem 225 | name: adapter-keystore-cert 226 | readOnly: true 227 | subPath: {{ if .Values.wso2.deployment.adapter.security.keystore -}} 228 | {{- .Values.wso2.deployment.adapter.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 229 | - mountPath: /home/wso2/security/truststore/enforcer-ca-cert.pem 230 | name: enforcer-keystore-cert 231 | readOnly: true 232 | subPath: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore -}} 233 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore.cert.subPath | quote }}{{ else }}"mg.pem"{{ end }} 234 | {{- range .Values.wso2.deployment.volumeConfigs }} 235 | {{- if eq .mount.container "choreo-connect-router" }} 236 | - name: {{ .name }} 237 | mountPath: {{ .mount.path }} 238 | {{- with .mount.readOnly }} 239 | readOnly: {{ . }} 240 | {{- end }} 241 | {{- with .mount.subPath }} 242 | subPath: {{ . }} 243 | {{- end }} 244 | {{- end }} 245 | {{- end }} 246 | {{- with .Values.wso2.deployment.gatewayRuntime.router.containerSecurityContext }} 247 | securityContext: 248 | {{- toYaml . | nindent 12}} 249 | {{- end }} 250 | env: 251 | - name: ROUTER_ADMIN_HOST 252 | value: "0.0.0.0" 253 | - name: ROUTER_ADMIN_PORT 254 | value: "9000" 255 | - name: ROUTER_CLUSTER 256 | value: "default_cluster" 257 | - name: ROUTER_PRIVATE_KEY_PATH 258 | value: "/home/wso2/security/keystore/mg.key" 259 | - name: ROUTER_PUBLIC_CERT_PATH 260 | value: "/home/wso2/security/keystore/mg.pem" 261 | - name: ADAPTER_HOST 262 | value: {{ include "choreo-connect.adapterFullname" . | quote }} 263 | - name: ADAPTER_PORT 264 | value: "18000" 265 | - name: ADAPTER_CA_CERT_PATH 266 | value: "/home/wso2/security/truststore/adapter-ca-cert.pem" 267 | - name: ENFORCER_CA_CERT_PATH 268 | value: "/home/wso2/security/truststore/enforcer-ca-cert.pem" 269 | - name: ENFORCER_HOST 270 | value: "127.0.0.1" 271 | - name: ENFORCER_PORT 272 | value: "8081" 273 | - name: ENFORCER_ANALYTICS_HOST 274 | value: "127.0.0.1" 275 | - name: ENFORCER_ANALYTICS_RECEIVER_PORT 276 | value: "18090" 277 | - name: CONCURRENCY 278 | value: "2" 279 | {{- with .Values.wso2.deployment.gatewayRuntime.router.envOverride }} 280 | {{- toYaml . | nindent 12}} 281 | {{- end }} 282 | {{- with .Values.wso2.deployment.labelName }} 283 | - name: ROUTER_LABEL 284 | value: {{ . }} 285 | {{- end }} 286 | {{- with .Values.wso2.deployment.gatewayRuntime.router.resources }} 287 | resources: 288 | requests: 289 | memory: {{ .requests.memory }} 290 | cpu: {{ .requests.cpu }} 291 | limits: 292 | memory: {{ .limits.memory }} 293 | cpu: {{ .limits.cpu }} 294 | {{- end }} 295 | ports: 296 | - containerPort: 9000 297 | - containerPort: 9095 298 | startupProbe: 299 | httpGet: 300 | port: 9095 301 | path: /ready 302 | scheme: HTTPS 303 | httpHeaders: 304 | - name: Host 305 | value: {{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }} 306 | failureThreshold: {{ .Values.wso2.deployment.gatewayRuntime.router.startupProbe.failureThreshold }} 307 | periodSeconds: {{ .Values.wso2.deployment.gatewayRuntime.router.startupProbe.periodSeconds }} 308 | livenessProbe: 309 | httpGet: 310 | port: 9095 311 | path: /health 312 | scheme: HTTPS 313 | httpHeaders: 314 | - name: Host 315 | value: {{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }} 316 | failureThreshold: {{ .Values.wso2.deployment.gatewayRuntime.router.livenessProbe.failureThreshold }} 317 | initialDelaySeconds: {{ .Values.wso2.deployment.gatewayRuntime.router.livenessProbe.initialDelaySeconds }} 318 | periodSeconds: {{ .Values.wso2.deployment.gatewayRuntime.router.livenessProbe.periodSeconds }} 319 | readinessProbe: 320 | httpGet: 321 | port: 9095 322 | path: /ready 323 | scheme: HTTPS 324 | httpHeaders: 325 | - name: Host 326 | value: {{ .Values.wso2.deployment.gatewayRuntime.router.ingress.hostname }} 327 | failureThreshold: {{ .Values.wso2.deployment.gatewayRuntime.router.readinessProbe.failureThreshold }} 328 | initialDelaySeconds: {{ .Values.wso2.deployment.gatewayRuntime.router.readinessProbe.initialDelaySeconds }} 329 | periodSeconds: {{ .Values.wso2.deployment.gatewayRuntime.router.readinessProbe.periodSeconds }} 330 | volumes: 331 | - name: enforcer-log4j2 332 | configMap: 333 | name: {{ printf "%s-log4j2-properties" (include "choreo-connect.enforcerFullname" .) | trunc 63 }} 334 | - name: enforcer-keystore-key 335 | secret: 336 | secretName: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore -}} 337 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore.key.secretName -}} 338 | {{- else }}{{ printf "%s-default-keystore" (include "choreo-connect.enforcerFullname" .) | trunc 63 }}{{ end }} 339 | - name: enforcer-keystore-cert 340 | secret: 341 | secretName: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore -}} 342 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.keystore.cert.secretName -}} 343 | {{- else }}{{ printf "%s-default-keystore" (include "choreo-connect.enforcerFullname" .) | trunc 63 }}{{ end }} 344 | - name: backend-jwt-keystore-key 345 | secret: 346 | secretName: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.backendJWT.keystore -}} 347 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.backendJWT.keystore.key.secretName -}} 348 | {{- else }}{{ printf "%s-default-keystore" (include "choreo-connect.enforcerFullname" .) | trunc 63 }}{{ end }} 349 | - name: backend-jwt-keystore-cert 350 | secret: 351 | secretName: {{ if .Values.wso2.deployment.gatewayRuntime.enforcer.security.backendJWT.keystore -}} 352 | {{- .Values.wso2.deployment.gatewayRuntime.enforcer.security.backendJWT.keystore.cert.secretName -}} 353 | {{- else }}{{ printf "%s-default-keystore" (include "choreo-connect.enforcerFullname" .) | trunc 63 }}{{ end }} 354 | {{- if not .Values.wso2.deployment.gatewayRuntime.enforcer.security.truststore }} 355 | - name: enforcer-truststore 356 | secret: 357 | secretName: {{ printf "%s-default-truststore" (include "choreo-connect.enforcerFullname" .) | trunc 63 }} 358 | {{- else }} 359 | {{- include "choreo-connect.deployment.truststore.volumes" (dict "truststore" .Values.wso2.deployment.gatewayRuntime.enforcer.security.truststore "prefix" "enforcer") }} 360 | {{- end }} 361 | - name: grpc-probe-health-check 362 | configMap: 363 | name: {{ printf "%s-grpc-probe-script" (include "choreo-connect.enforcerFullname" .) | trunc 63 }} 364 | defaultMode: 0777 365 | {{- range .Values.wso2.deployment.volumeConfigs }} 366 | {{- if or (eq .mount.container "choreo-connect-router") (eq .mount.container "choreo-connect-enforcer") }} 367 | - name: {{ .name }} 368 | {{- if eq .resource.kind "Secret" }} 369 | secret: 370 | secretName: {{ .resource.name }} 371 | {{- else if eq .resource.kind "ConfigMap" }} 372 | configMap: 373 | name: {{ .resource.name }} 374 | {{- end }} 375 | {{- end }} 376 | {{- end }} 377 | 378 | {{- if .Values.wso2.deployment.gatewayRuntime.enforcer.dropins }} 379 | - name: enforcer-dropins 380 | projected: 381 | sources: 382 | {{- range .Values.wso2.deployment.gatewayRuntime.enforcer.dropins }} 383 | - configMap: 384 | name: {{ .configMapName }} 385 | {{- end }} 386 | {{- end }} 387 | {{- if .Values.wso2.deployment.gatewayRuntime.router.debug.heapProfile.mountEmptyDir }} 388 | - name: router-heap-profile-data 389 | emptyDir: {} 390 | {{- end }} 391 | - name: router-keystore-key 392 | secret: 393 | secretName: {{ if .Values.wso2.deployment.gatewayRuntime.router.security.keystore }}{{ .Values.wso2.deployment.gatewayRuntime.router.security.keystore.key.secretName }}{{ else }}{{ printf "%s-default-keystore" (include "choreo-connect.routerFullname" .) | trunc 63 }}{{ end }} 394 | - name: router-keystore-cert 395 | secret: 396 | secretName: {{ if .Values.wso2.deployment.gatewayRuntime.router.security.keystore }}{{ .Values.wso2.deployment.gatewayRuntime.router.security.keystore.cert.secretName }}{{ else }}{{ printf "%s-default-keystore" (include "choreo-connect.routerFullname" .) | trunc 63 }}{{ end }} 397 | {{- if .Values.wso2.deployment.gatewayRuntime.router.security.backendCaCerts }} 398 | - name: router-backend-ca-certs 399 | secret: 400 | secretName: {{ .Values.wso2.deployment.gatewayRuntime.router.security.backendCaCerts.secretName }} 401 | {{- end }} 402 | - name: adapter-keystore-cert 403 | secret: 404 | secretName: {{ if .Values.wso2.deployment.adapter.security.keystore }}{{ .Values.wso2.deployment.adapter.security.keystore.cert.secretName }}{{ else }}{{printf "%s-default-keystore" (include "choreo-connect.adapterFullname" .) | trunc 63}}{{ end }} 405 | restartPolicy: Always 406 | {{- with .Values.wso2.deployment.gatewayRuntime.nodeSelector }} 407 | nodeSelector: 408 | {{- toYaml . | nindent 8 }} 409 | {{- end }} 410 | {{- with .Values.wso2.deployment.gatewayRuntime.affinity }} 411 | affinity: 412 | {{- toYaml . | nindent 8 }} 413 | {{- end }} 414 | {{- with .Values.wso2.deployment.gatewayRuntime.tolerations }} 415 | tolerations: 416 | {{- toYaml . | nindent 8 }} 417 | {{- end }} 418 | -------------------------------------------------------------------------------- /helm/choreo-connect/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | wso2: 16 | # WSO2 Subscription parameters (https://wso2.com/subscription/) 17 | # If provided, these parameters will be used to obtain official WSO2 product Docker images available at WSO2 Private Docker Registry (https://docker.wso2.com/) 18 | # for this deployment 19 | subscription: 20 | username: "" 21 | password: "" 22 | 23 | # WSO2 Choreo Analytics Parameters 24 | # If provided, these parameters will be used publish analytics data to Choreo Analytics environment (https://apim.docs.wso2.com/en/latest/observe/api-manager-analytics/configure-analytics/register-for-analytics/). 25 | choreoAnalytics: 26 | enabled: false 27 | endpoint: "https://analytics-event-auth.choreo.dev/auth/v1" 28 | onpremKey: "" 29 | 30 | # Configuration of externally installed APIM service. Configure this, if the deployment.mode is "APIM_AS_CP" 31 | apim: 32 | controlPlane: 33 | # Hostname of the control plane 34 | hostName: am.wso2.com 35 | # K8s service name (if in another namespace, `.`) of the control plane 36 | serviceName: wso2am-single-node-am-service.apim 37 | # List of K8s service names of control plane, which Choreo Connect listen for events 38 | # If list is empty, default to controlPlane.serviceName 39 | # eventListeners: 40 | # - wso2am-pattern-1-am-1-service.apim 41 | # - wso2am-pattern-1-am-2-service.apim 42 | eventListeners: [] 43 | # Skip SSL cert verification of control plane cert for the requests made from Adapter to the control plane 44 | skipSSLVerification: false 45 | 46 | # List of K8s service names of the traffic managers. If list is empty, default to controlPlane.eventListeners 47 | # trafficManagers: 48 | # - wso2am-pattern-1-am-1-service.apim 49 | # - wso2am-pattern-1-am-2-service.apim 50 | trafficManagers: [] 51 | 52 | deployment: 53 | # Deployment option: one of "STANDALONE" or "APIM_AS_CP" 54 | # Refer deployment options: https://apim.docs.wso2.com/en/4.2.0/deploy-and-publish/deploy-on-gateway/choreo-connect/getting-started/deploy/cc-deploy-overview/ 55 | mode: "STANDALONE" 56 | 57 | # Label (environment) name of the deployment 58 | labelName: "Default" 59 | 60 | # If a custom image must be used, define the docker registry. Default to DockerHub. If subscription specified it will be "docker.wso2.com" 61 | dockerRegistry: "" 62 | 63 | # Image pull secrets to pull images from docker registry. If subscriptions are specified a secret with subscriptions details are created and imagePullSecrets will be default to it. 64 | imagePullSecrets: [] 65 | 66 | adapter: 67 | # Docker registry. If this value is not empty, this overrides the value in 'wso2.deployment.dockerRegistry' 68 | dockerRegistry: "" 69 | # Image name for adapter 70 | imageName: "choreo-connect-adapter" 71 | # Image tag for adapter 72 | imageTag: "1.2.0" 73 | # Refer to the Kubernetes documentation on updating images (https://kubernetes.io/docs/concepts/containers/images/#updating-images) 74 | imagePullPolicy: IfNotPresent 75 | # Pod count 76 | replicaCount: 1 77 | 78 | ingress: 79 | # Create ingress resource for adapter Rest endpoint. Adapter ingress is disabled when the Choreo Connect Mode is "APIM_AS_CP" (i.e. not "STANDALONE") 80 | # even it is enabled with this config 81 | enabled: true 82 | # Hostname for adapter in STANDALONE mode 83 | hostname: adapter.wso2.com 84 | # TLS secret for the adapter host. Using default secret if not specified 85 | tlsSecretName: "" 86 | # Annotations for the adapter Ingress 87 | annotations: 88 | kubernetes.io/ingress.class: nginx 89 | nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" 90 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 91 | 92 | # Resources for the adapter container 93 | resources: 94 | requests: 95 | memory: "500Mi" 96 | cpu: "500m" 97 | limits: 98 | memory: "500Mi" 99 | cpu: "500m" 100 | 101 | # Affinity for adapter pods assignment 102 | # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 103 | affinity: {} 104 | 105 | # Node labels for adapter pods assignment 106 | # ref: https://kubernetes.io/docs/user-guide/node-selection/ 107 | nodeSelector: {} 108 | 109 | # Tolerations for adapter pods assignment 110 | # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ 111 | tolerations: [] 112 | 113 | # Auto mount Service Account Token to the pod 114 | automountServiceAccountToken: false 115 | 116 | # Security context of the the adapter pod 117 | # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod 118 | podSecurityContext: 119 | runAsUser: 10500 120 | runAsGroup: 10500 121 | 122 | # Security context of the the adapter container 123 | # ref ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container 124 | containerSecurityContext: 125 | allowPrivilegeEscalation: false 126 | readOnlyRootFilesystem: true 127 | capabilities: 128 | drop: 129 | - all 130 | 131 | # Indicates whether the container is running 132 | livenessProbe: 133 | # Number of time probe should be failed before mark fail 134 | failureThreshold: 3 135 | # Number of seconds after the container has started before liveness probes are initiated 136 | initialDelaySeconds: 10 137 | # How often (in seconds) to perform the probe 138 | periodSeconds: 30 139 | # Indicates whether the container is ready to service requests 140 | readinessProbe: 141 | # Number of time probe should be failed before mark fail 142 | failureThreshold: 3 143 | # Number of seconds after the container has started before readiness probes are initiated 144 | initialDelaySeconds: 8 145 | # How often (in seconds) to perform the probe 146 | periodSeconds: 5 147 | 148 | # Key value pair of annotations for the pod 149 | podAnnotations: 150 | sidecar.istio.io/inject: "false" 151 | 152 | # Define templated config.toml file, if empty using default config.toml 153 | # Use --set-file arg as follows to specify an external templated config file 154 | # --set-file wso2.deployment.adapter.configToml= 155 | # 156 | # Make sure to have existing templates already provided by the Helm Chart within your configuration files, 157 | # otherwise you may lose configurations set with the values.yaml file. 158 | configToml: "" 159 | 160 | # Define templated log_config.toml file, if empty using default log_config.toml 161 | # Use --set-file arg as follows to specify an external templated config file 162 | # --set-file wso2.deployment.adapter.logConfigToml= 163 | # 164 | # Make sure to have existing templates already provided by the Helm Chart within your configuration files, 165 | # otherwise you may lose configurations set with the values.yaml file. 166 | logConfigToml: "" 167 | 168 | # envOverride: 169 | # - name: cp_admin_pwd 170 | # value: admin 171 | # - name: adapter_admin_pwd 172 | # valueFrom: 173 | # secretKeyRef: 174 | # name: my-secret 175 | # key: password 176 | envOverride: 177 | - name: cp_admin_pwd 178 | value: admin 179 | - name: adapter_admin_pwd 180 | value: admin 181 | 182 | security: 183 | # Hostname for SSL verification 184 | sslHostname: "adapter" 185 | 186 | adapterRestService: 187 | # Enable or disable adapter Rest service 188 | # If "default": enabled in "STANDALONE" mode and disabled in "APIM_AS_CP" mode 189 | enabled: "default" # an string value: "default" or "true" or "false" 190 | 191 | # Private key and cert in PEM format 192 | # for more details: https://apim.docs.wso2.com/en/4.2.0/deploy-and-publish/deploy-on-gateway/choreo-connect/security/importing-certificates-to-the-choreo-connect-truststore/#changing-the-private-certificate-of-a-component 193 | # override default certs from secrets 194 | # keystore: 195 | # key: 196 | # secretName: "adapter-keystore" 197 | # subPath: "tls.key" 198 | # cert: 199 | # secretName: "adapter-keystore" 200 | # subPath: "tls.crt" 201 | keystore: {} # using default certs, if not defined. 202 | 203 | # Truststore certs as an array of secrets {secretName, subPath, mountAs} 204 | # override default certs from secrets 205 | # truststore: 206 | # - # Name of the secret 207 | # secretName: "control-plane-cert" 208 | # # Key name of the secret 209 | # subPath: "tls.crt" 210 | # # Optional file name to mount the secret with the given name inside the container. 211 | # # Default to auto-generated file name `{secretName}-{subPath | replace "." with "-"}.pem`. 212 | # # Auto-generated file name for this sample: "control-plane-cert-tls-crt.pem" 213 | # mountAs: "controlplane.pem" 214 | truststore: [] # using default certs, if not defined. 215 | 216 | # Certs for consul integration 217 | # 218 | # consul: 219 | # agentCaCert: 220 | # secretName: "" 221 | # subPath: "" 222 | # clientCert: 223 | # secretName: "" 224 | # subPath: "" 225 | # clientKey: 226 | # secretName: "" 227 | # subPath: "" 228 | consul: {} 229 | 230 | # Gateway runtime (enforcer + router) deployment configurations 231 | gatewayRuntime: 232 | # Key value pair of annotations for the pod 233 | podAnnotations: {} 234 | 235 | # Pod count 236 | replicaCount: 1 237 | # Horizontal pod autoscaling configurations of gateway 238 | autoscaling: 239 | enabled: true 240 | minReplicas: 1 241 | maxReplicas: 5 242 | targetCPUUtilizationPercentage: 75 243 | targetMemoryUtilizationPercentage: 75 244 | 245 | # Affinity for gateway runtime pods assignment 246 | # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 247 | affinity: {} 248 | 249 | # Node labels for gateway runtime pods assignment 250 | # ref: https://kubernetes.io/docs/user-guide/node-selection/ 251 | nodeSelector: {} 252 | 253 | # Tolerations for gateway runtime pods assignment 254 | # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ 255 | tolerations: [] 256 | 257 | # Auto mount Service Account Token to the pod 258 | automountServiceAccountToken: false 259 | 260 | # Security context of the the gateway runtime pod 261 | # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod 262 | podSecurityContext: 263 | runAsUser: 10500 264 | runAsGroup: 10500 265 | 266 | enforcer: 267 | # Docker registry. If this value is not empty, this overrides the value in 'wso2.deployment.dockerRegistry' 268 | dockerRegistry: "" 269 | # Image name for enforcer 270 | imageName: "choreo-connect-enforcer" 271 | # Image tag for enforcer 272 | imageTag: "1.2.0" 273 | # Refer to the Kubernetes documentation on updating images (https://kubernetes.io/docs/concepts/containers/images/#updating-images) 274 | imagePullPolicy: IfNotPresent 275 | 276 | # envOverride: 277 | # - name: enforcer_admin_pwd 278 | # value: admin 279 | # - name: tm_admin_pwd 280 | # valueFrom: 281 | # secretKeyRef: 282 | # name: my-secret 283 | # key: tm_password 284 | envOverride: 285 | - name: JAVA_OPTS 286 | value: "-Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m" 287 | - name: enforcer_admin_pwd 288 | value: "admin" 289 | - name: tm_admin_pwd 290 | value: "admin" 291 | 292 | # enforcer dropins JARs 293 | # dropins: 294 | # - configMapName: "dropins-cm1" 295 | # - configMapName: "dropins-cm2" 296 | dropins: {} 297 | 298 | # Resources for the enforcer container 299 | resources: 300 | requests: 301 | memory: "1000Mi" 302 | cpu: "1000m" 303 | limits: 304 | memory: "1000Mi" 305 | cpu: "1000m" 306 | 307 | # Indicates whether the container applications is started 308 | startupProbe: 309 | # How often (in seconds) to perform the probe 310 | periodSeconds: 5 311 | # Number of time startup probe should be done before mark fail 312 | failureThreshold: 30 313 | # Indicates whether the container is running 314 | livenessProbe: 315 | # Number of time probe should be failed before mark fail 316 | failureThreshold: 3 317 | # Number of seconds after the container has started before liveness probes are initiated 318 | initialDelaySeconds: 10 319 | # How often (in seconds) to perform the probe 320 | periodSeconds: 30 321 | # Indicates whether the container is ready to service requests 322 | readinessProbe: 323 | # Number of time probe should be failed before mark fail 324 | failureThreshold: 3 325 | # Number of seconds after the container has started before readiness probes are initiated 326 | initialDelaySeconds: 8 327 | # How often (in seconds) to perform the probe 328 | periodSeconds: 5 329 | 330 | # Security context of the the adapter container 331 | # ref ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container 332 | containerSecurityContext: 333 | allowPrivilegeEscalation: false 334 | readOnlyRootFilesystem: true 335 | capabilities: 336 | drop: 337 | - all 338 | 339 | security: 340 | # Hostname for SSL verification 341 | sslHostname: "enforcer" 342 | 343 | # private key and cert in PEM format 344 | # for more details: https://apim.docs.wso2.com/en/4.2.0/deploy-and-publish/deploy-on-gateway/choreo-connect/security/importing-certificates-to-the-choreo-connect-truststore/#changing-the-private-certificate-of-a-component 345 | # override default certs from secrets 346 | # keystore: 347 | # key: 348 | # secretName: "enforcer-keystore" 349 | # subPath: "tls.key" 350 | # cert: 351 | # secretName: "enforcer-keystore" 352 | # subPath: "tls.crt" 353 | keystore: {} # using default certs, if not defined 354 | 355 | # Passing end user attributes to the backend 356 | # ref https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/choreo-connect/passing-enduser-attributes-to-the-backend-via-choreo-connect/ 357 | backendJWT: 358 | enabled: false 359 | # keystore: 360 | # key: 361 | # secretName: "backend-jwt-keystore" 362 | # subPath: "backend-jwt.key" 363 | # cert: 364 | # secretName: "backend-jwt-keystore" 365 | # subPath: "backend-jwt.pem" 366 | keystore: {} 367 | 368 | # Test token issuer 369 | testTokenIssuer: 370 | # Test token should be disabled in a production deployment 371 | enabled: true 372 | 373 | # Truststore certs as an array of secrets {secretName, subPath, mountAs} 374 | # override default certs from secrets 375 | # truststore: 376 | # - # Name of the secret 377 | # secretName: "control-plane-cert" 378 | # # Key name of the secret 379 | # subPath: "tls.crt" 380 | # # Optional file name to mount the secret with the given name inside the container. 381 | # # Default to auto-generated file name `{secretName}-{subPath | replace "." with "-"}.pem`. 382 | # # Auto-generated file name for this sample: "control-plane-cert-tls-crt.pem" 383 | # mountAs: "controlplane.pem" 384 | truststore: [] # using default certs, if not defined. 385 | 386 | # Define templated log4j2.properties file, if empty using default log4j2.properties 387 | log4j2Properties: "" 388 | 389 | router: 390 | # Docker registry. If this value is not empty, this overrides the value in 'wso2.deployment.dockerRegistry' 391 | dockerRegistry: "" 392 | # Image name for router 393 | imageName: "choreo-connect-router" 394 | # Image tag for router 395 | imageTag: "1.2.0" 396 | # Refer to the Kubernetes documentation on updating images (https://kubernetes.io/docs/concepts/containers/images/#updating-images) 397 | imagePullPolicy: IfNotPresent 398 | 399 | ingress: 400 | # If enabled, create the ingress for gateway 401 | enabled: true 402 | # Hostname for gateway 403 | hostname: gw.wso2.com 404 | # TLS secret for the gateway host. Using default secret if not specified 405 | tlsSecretName: "" 406 | # Annotations for the gateway Ingress 407 | annotations: 408 | kubernetes.io/ingress.class: nginx 409 | nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" 410 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 411 | # Port of the router service to route requests, default to HTTPS port. 412 | # Use 9090 to route requests to HTTP port, make sure to update the annotations 'nginx.ingress.kubernetes.io/backend-protocol' as HTTP 413 | targetPort: 9095 414 | 415 | # envOverride: 416 | # - name: CONCURRENCY 417 | # value: 2 418 | envOverride: [] 419 | 420 | # Resources for the router container 421 | resources: 422 | requests: 423 | memory: "500Mi" 424 | cpu: "1000m" 425 | limits: 426 | memory: "500Mi" 427 | cpu: "1000m" 428 | 429 | # Indicates whether the container applications is started 430 | startupProbe: 431 | # How often (in seconds) to perform the probe 432 | periodSeconds: 5 433 | # Number of time startup probe should be done before mark fail 434 | failureThreshold: 30 435 | # Indicates whether the container is running 436 | livenessProbe: 437 | # Number of time probe should be failed before mark fail 438 | failureThreshold: 3 439 | # Number of seconds after the container has started before liveness probes are initiated 440 | initialDelaySeconds: 20 441 | # How often (in seconds) to perform the probe 442 | periodSeconds: 10 443 | # Indicates whether the container is ready to service requests 444 | readinessProbe: 445 | # Number of time probe should be failed before mark fail 446 | failureThreshold: 3 447 | # Number of seconds after the container has started before readiness probes are initiated 448 | initialDelaySeconds: 20 449 | # How often (in seconds) to perform the probe 450 | periodSeconds: 5 451 | 452 | # Security context of the the adapter container 453 | # ref ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container 454 | containerSecurityContext: 455 | allowPrivilegeEscalation: false 456 | readOnlyRootFilesystem: true 457 | capabilities: 458 | drop: 459 | - all 460 | 461 | security: 462 | # Trusted backend certs in PEM format 463 | # backendCaCerts: 464 | # secretName: "trusted-ca-certs" 465 | # subPath: "ca-certs.crt" 466 | backendCaCerts: {} 467 | # private key and cert in PEM format 468 | # for more details: https://apim.docs.wso2.com/en/4.2.0/deploy-and-publish/deploy-on-gateway/choreo-connect/security/importing-certificates-to-the-choreo-connect-truststore/#changing-the-private-certificate-of-a-component 469 | # override default certs from secrets 470 | # keystore: 471 | # key: 472 | # secretName: "router-keystore" 473 | # subPath: "tls.key" 474 | # cert: 475 | # secretName: "router-keystore" 476 | # subPath: "tls.crt" 477 | keystore: {} # using default certs, if not defined. 478 | 479 | debug: 480 | # Store heap profile data for analyzing memory leaks 481 | heapProfile: 482 | # Mount an K8s empty dir to write profile data 483 | mountEmptyDir: false 484 | # Path to mount the empty dir 485 | mountPath: /var/log/envoy 486 | 487 | volumeConfigs: [] 488 | # Name for the volume configuration 489 | # - name: "" 490 | # # Resource specific details 491 | # resource: 492 | # # The kind of resource: ConfigMap OR Secret (CASE SENSITIVE) 493 | # kind: "" 494 | # # Name of the ConfigMap or Secret 495 | # name: "" 496 | # # Mount related details 497 | # mount: 498 | # # The container name that requires this volume one of 'choreo-connect-adapter'/'choreo-connect-router' or 'choreo-connect-enforcer' 499 | # container: "" 500 | # # The mount path within the container 501 | # path: "" 502 | # # Whether the volume should be mounted in read-only mode (if needed) 503 | # readOnly: false 504 | # # Optional subpath within the volume (if needed) 505 | # subPath: "" 506 | 507 | 508 | kubernetes: 509 | # Service account configurations 510 | serviceAccount: 511 | # Specifies whether a service account should be created 512 | create: true 513 | # Annotations to add to the service account 514 | annotations: {} 515 | # The name of the service account to use 516 | # If not set and create is true, a name is generated using the fullname template 517 | name: "" 518 | 519 | # Configure common ingress properties for all ingress resources 520 | ingress: 521 | className: "" 522 | 523 | # Name to override. Default to "choreo-connect" 524 | nameOverride: "" 525 | # Full name to override. Default to "-choreo-connect" 526 | fullnameOverride: "" 527 | -------------------------------------------------------------------------------- /helm/choreo-connect/confs/config.toml.template: -------------------------------------------------------------------------------- 1 | # -------------------------------------------------------------------- 2 | # Copyright (c) 2022, WSO2 Inc. (http://wso2.com) All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # ----------------------------------------------------------------------- 16 | 17 | # The configuration file for mgw 18 | 19 | [adapter] # -------------------------------------------------------- 20 | 21 | artifactsDirectory = "/home/wso2/artifacts" 22 | soapErrorInXMLEnabled = false 23 | 24 | # Configurations required for configuring the deployment parameters that are used for identifying the Choreo Connect Adapter REST APIs 25 | [adapter.server] 26 | # Enable/Disable Choreo Connect Adapter REST API 27 | enabled = true 28 | # Hostname of the Choreo Connect Adapter 29 | host = "0.0.0.0" 30 | # Port of the Choreo Connect Adapter 31 | port = "9843" 32 | # Time to live for the Adapter access token 33 | tokenTTL = "1h" 34 | # Private key path to use for the token generation 35 | tokenPrivateKeyPath = "/home/wso2/security/keystore/mg.key" 36 | [[adapter.server.users]] 37 | username = "admin" 38 | password = "$env{adapter_admin_pwd}" 39 | 40 | # Default virtual host mapping for standalone mode 41 | [[adapter.vhostMapping]] 42 | # The Adapter environment 43 | environment = "Default" 44 | # Virtual host to map to the environment 45 | vhost = "localhost" 46 | 47 | # Configurations of key store used in Choreo Connect Adapter 48 | [adapter.keystore] 49 | # Path of the certificate 50 | certPath = "/home/wso2/security/keystore/mg.pem" 51 | # Path of the private key 52 | keyPath = "/home/wso2/security/keystore/mg.key" 53 | 54 | # Configurations of trust store used in the Choreo Connect Adapter 55 | [adapter.truststore] 56 | # The directory path for the trusted certificates of the Choreo Connect Adapter 57 | location = "/home/wso2/security/truststore" 58 | 59 | # Configurations related to Consul 60 | [adapter.consul] 61 | # Enable/Disable consul service 62 | enabled = false 63 | # Connection url of the Consul HTTP API 64 | url = "https://169.254.1.1:8501" # scheme + host ip + port 65 | # Time interval (in seconds) in which the Choreo Connect should fetch updates from the Consul service catalog 66 | pollInterval = 5 67 | # Access Control Token generated using Consul 68 | # You should grant read access to services when creating the token 69 | ACLToken = "d3a2a719-4221-8c65-5212-58d4727427ac" 70 | # Choreo Connect natively integrates with Consul service mesh 71 | # Therefore a service name is required to be defined inorder to grant access to other services in mesh 72 | # This only need to be defined if service mesh enabled in Consul 73 | mgwServiceName = "wso2" 74 | # Set this to true if service mesh is enabled in Consul 75 | serviceMeshEnabled = false 76 | # Certs for tls 77 | # Optional path to the CA certificate used for Consul communication, defaults to the system bundle if not specified 78 | caCertFile = "/home/wso2/security/truststore/consul/consul-agent-ca.pem" 79 | # Optional path to the certificate for Consul communication. If this is set, then you also need to set keyFile 80 | certFile = "/home/wso2/security/truststore/consul/local-dc-client-consul-0.pem" 81 | # Optional path to the private key for Consul communication. If this is set, then you need to also set certFile 82 | keyFile = "/home/wso2/security/truststore/consul/local-dc-client-consul-0-key.pem" 83 | 84 | # Configuration related to the repository where the API artifacts are stored 85 | [adapter.sourceControl] 86 | # Enable/Disable Source Control for API Artifacts 87 | enabled = false 88 | # Time interval (in seconds) in which the Adapter should fetch updates from the remote repository 89 | pollInterval = 30 90 | # Time interval (in seconds) in which the adapter should retry fetching artifacts from the remote repository at startup 91 | retryInterval = 5 92 | # Maximum number of retries for fetching artifacts from the remote repository at startup 93 | maxRetryCount = 20 94 | # The directory path where the git artifacts are stored 95 | artifactsDirectory = "/home/wso2/git-artifacts" 96 | # Configurations of the repository 97 | [adapter.sourceControl.repository] 98 | # Repository URL where artifacts are stored 99 | URL = "https://github.com/username/repository-name.git" 100 | # Branch of the repository where the artifacts are stored (Use "" for default branch) 101 | branch = "main" 102 | # Use either username and accessToken, or ssh key for authentication 103 | # Git username (Use "" in the case of a public repository (only for GitHub)) 104 | username = "username" 105 | # Git personal access token or password 106 | accessToken = $env{git_access_token} 107 | # Path to the private key used for authentication (Use "" in the case of a public repository (only for GitHub)) 108 | sshKeyFile = "/home/wso2/ssh-keys/id_ed25519" 109 | 110 | # Configurations required for router to route the traffic from different clients to services 111 | [router] # -------------------------------------------------------- 112 | # Host for listener of Router 113 | listenerHost = "0.0.0.0" 114 | # Port for listener of Router 115 | listenerPort = 9090 116 | # Host for secured listener of Router 117 | securedListenerHost = "0.0.0.0" 118 | # Port for secured listener of Router 119 | securedListenerPort = 9095 120 | 121 | # Set the listener side http protocol version. Default to AUTO where both http1 and http2 connections are handled 122 | # It can be specifically set to either HTTP1 or HTTP2 123 | listenerCodecType = "AUTO" 124 | 125 | # The timeout for new network connections to hosts in the cluster in seconds 126 | clusterTimeoutInSeconds = 20 127 | # The timeout for response coming from enforcer to route per API request 128 | enforcerResponseTimeoutInSeconds = 20 129 | # System hostname for system API resources (eg: /testkey and /health) 130 | systemHost = "localhost" 131 | # If configured true, router appends the immediate downstream ip address to the x-forward-for header 132 | useRemoteAddress = false 133 | 134 | # Configurations of key store used in Choreo Connect Router 135 | [router.keystore] 136 | # Path of the certificate of the Router 137 | certPath = "/home/wso2/security/keystore/mg.pem" 138 | # Path of the private key of the Router 139 | keyPath = "/home/wso2/security/keystore/mg.key" 140 | 141 | # Cors configurations 142 | [router.cors] 143 | # Enable CORS configurations globally for all endpoints and APIs deployed in Choreo Connect Router 144 | enabled = true 145 | # Allowed origins. Set this to [*] to allow all origins 146 | allowOrigins = ["*"] 147 | # The content for the access-control-allow-methods header 148 | allowMethods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] 149 | # The content for the access-control-allow-headers header 150 | allowHeaders = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey", "testKey", "Internal-Key"] 151 | # The content for the access-control-expose-headers header 152 | exposeHeaders = [] 153 | # Specifies whether the resource allows credentials 154 | allowCredentials = false 155 | 156 | [router.upstream] 157 | 158 | # The configurations for SSL configuration related to the backend connection in Choreo Connect 159 | [router.upstream.tls] 160 | # Minimum TLS protocol version 161 | minimumProtocolVersion = "TLS1_1" 162 | # Maximum TLS protocol version 163 | maximumProtocolVersion = "TLS1_2" 164 | # If specified, the TLS listener will only support the specified ciphers when negotiating TLS 1.0-1.2 165 | # (this setting has no effect when negotiating TLS 1.3) 166 | ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-RSA-AES128-SHA, AES128-GCM-SHA256, AES128-SHA, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-RSA-AES256-SHA, AES256-GCM-SHA384, AES256-SHA" 167 | # Path to trusted certificates 168 | trustedCertPath = "/etc/ssl/certs/ca-certificates.crt" 169 | # Enable/Disable Verifying host name 170 | verifyHostName = true 171 | # Disable SSL verification 172 | disableSslVerification = false 173 | 174 | [router.upstream.dns] 175 | # DNS refresh rate in miliseconds 176 | dNSRefreshRate = 5000 177 | # set cluster’s DNS refresh rate to resource record’s TTL which comes from DNS resolution 178 | respectDNSTtl = false 179 | 180 | # health configs for upstream clusters 181 | [router.upstream.health] 182 | # time in seconds to wait for a health check response 183 | timeout = 1 184 | # interval between health checks in seconds. 185 | interval = 10 186 | # number of unhealthy health checks required before a host is marked unhealthy 187 | unhealthyThreshold = 2 188 | # number of healthy health checks required before a host is marked healthy 189 | healthyThreshold = 2 190 | 191 | # Configure timeout settings related to routes. This will be applicable globally for all the routes in router. 192 | [router.upstream.timeouts] 193 | # Upstream timeout for the route. If not specified, the default is 60s. 194 | routeTimeoutInSeconds = 60 195 | # Maximum upstream timeout allowed in an OpenAPI definition or API-M UI. A larger value will be replaced by this. 196 | maxRouteTimeoutInSeconds = 60 197 | # Backend connection idle timeout. The amount of time the request’s stream may be idle. 198 | routeIdleTimeoutInSeconds = 300 199 | 200 | # Configs for the router when retrying upstream clusters 201 | [router.upstream.retry] 202 | # Maximum value that can be set as the count within retry configs in an OpenAPI definition or API-M UI 203 | maxRetryCount = 5 204 | # Base interval for the Envoy's exponential retry back off algorithm 205 | baseIntervalInMillis = 25 206 | # HTTP status codes, the retry mechanism will be enabled for. 207 | # Used when retry config is set via API-M UI or all given status codes are out of range. 208 | statusCodes = [ 504 ] 209 | 210 | # Configs http2 protocol options for upstream http2 cluster endpoints 211 | [router.upstream.http2] 212 | # Maximum table size (in octets) that the encoder is permitted to use for the dynamic HPACK table: https://httpwg.org/specs/rfc7541.html#rfc.section.4.2 213 | hpackTableSize = 4096 214 | # Maximum concurrent streams allowed for peer on one HTTP/2 connection 215 | maxConcurrentStreams = 2147483647 216 | 217 | [router.downstream] 218 | # The configurations for SSL configuration related to the client connection in Choreo Connect 219 | [router.downstream.tls] 220 | # Path to trusted certificates 221 | trustedCertPath = "/etc/ssl/certs/ca-certificates.crt" 222 | # If configured true, router enables the client certificate validation for providing client certificates 223 | mTLSAPIsEnabled = false 224 | 225 | # Timeouts managed by the connection manager 226 | [router.connectionTimeout] 227 | # The amount of time that Envoy will wait for the entire request to be received. Time from client to upstream. 228 | requestTimeoutInSeconds = 0 229 | # The amount of time that Envoy will wait for the request headers to be received. Time from client to upstream. 230 | requestHeadersTimeoutInSeconds = 0 231 | # The stream idle timeout for connections managed by the connection manager. This can be overriden by the `routeIdleTimeoutInSeconds` 232 | streamIdleTimeoutInSeconds = 300 233 | # The idle timeout for connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. 234 | # If the connection is an HTTP/2 downstream connection a drain sequence will occur prior to closing the connection 235 | idleTimeoutInSeconds = 3600 236 | 237 | # Configs for request body passing from router to enforcer. 238 | [router.payloadPassingToEnforcer] 239 | # Enable/Disable request body passing feature. 240 | PassRequestPayload = false 241 | # Sets the allowed maximum size of a request body in bytes. 242 | maxRequestBytes = 10240 243 | # If enabled, request body will buffer the message until maxRequestBytes is reached. 244 | allowPartialMessage = false 245 | # If enabled, request body will send as raw bytes, otherwise it will be a UTF-8 string request body. 246 | packAsBytes = false 247 | 248 | # Configurations relevant to the router filters 249 | [router.filters] 250 | # Configurations relevant to the compression filter 251 | [router.filters.compression] 252 | # Enable/Disable compression filter for the router 253 | enabled = true 254 | # Defines compression library used in the filter 255 | library = "gzip" 256 | # Configurations relevant to the compression filter's request direction (router's upstream request) 257 | [router.filters.compression.requestDirection] 258 | # Enable/Disable request direction compression 259 | enabled = false 260 | # Minimum byte amount considered before applying the compression 261 | minimumContentLength = 30 262 | # Content types to consider for the compression 263 | contentType = ["application/javascript", "application/json", "application/xhtml+xml", "image/svg+xml", "text/css", "text/html", "text/plain", "text/xml"] 264 | # Configurations relevant to the compression filter's response direction (router's downstream request) 265 | [router.filters.compression.responseDirection] 266 | # Enable/Disable request direction compression 267 | enabled = true 268 | # Minimum byte amount considered before applying the compression 269 | minimumContentLength = 30 270 | # Content types to consider for the compression 271 | contentType = ["application/javascript", "application/json", "application/xhtml+xml", "image/svg+xml", "text/css", "text/html", "text/plain", "text/xml"] 272 | # Enable/Disable the compression if there is an Etag header 273 | enableForEtagHeader = true 274 | # Configurations relevant to the compression library 275 | [router.filters.compression.libraryProperties] 276 | # controls the amount of internal memory used by zlib (value range is 1 to 9) 277 | memoryLevel = 3 278 | # base two logarithmic of the compressor's window size (value range is 9 to 15) 279 | windowBits = 12 280 | # zlib compression level (higher values provide better compression level. Value range is 1 to 9) 281 | compressionLevel = 9 282 | # zlib compression strategy (values: defaultStrategy, gzipFiltered, gzipHuffmanOnly, gzipRle, gzipFixed) 283 | compressionStrategy = "defaultStrategy" 284 | # zlib's next output buffer 285 | chunkSize = 4096 286 | 287 | [enforcer] # -------------------------------------------------------- 288 | 289 | # If Custom Filters needs to be engaged, mention them here with position. 290 | # Note: The jar file containing customFilter should be added to the enforcer/dropins directory. 291 | # Note: Position should be the final position (including already available filters) after all the filters engaged. 292 | # Position starts from 1 293 | [[enforcer.filters]] 294 | # ClassName of the filter 295 | className = "org.wso2.choreo.connect.custom.CCCustomFilter" 296 | # Position of the filter within final filter-chain 297 | position = 3 298 | # Filter specific custom configurations. Only `(string, string)` key-value pairs are accepted 299 | [enforcer.filters.configProperties] 300 | testConfig1 = "testValue1" 301 | 302 | # The configurations of gRPC netty based server in Enforcer that handles the incoming requests in the Choreo Connect 303 | [enforcer.authService] 304 | # Port of the Enforcer auth service 305 | port = 8081 306 | # Maximum message size in bytes 307 | maxMessageSize = 1000000000 308 | # Maximum header size in bytes 309 | maxHeaderLimit = 8192 310 | # Keep alive time in seconds for connection with the router via external authz service 311 | keepAliveTime = 600 312 | # Thread pool configurations of gRPC netty based server in Enforcer that handles the incoming requests in the Choreo Connect 313 | [enforcer.authService.threadPool] 314 | # Minimum number of workers to keep alive 315 | coreSize = 400 316 | # Maximum pool size 317 | maxSize = 500 318 | # Timeout in seconds for idle threads waiting for work 319 | keepAliveTime = 600 320 | # Queue size of the worker threads 321 | queueSize = 1000 322 | 323 | # The configurations of token caching in the Choreo Connect 324 | [enforcer.cache] 325 | # Enable/Disable token cache 326 | enabled = true 327 | # Maximum cache size 328 | maximumSize = 10000 329 | # Expiry time in minutes 330 | expiryTime = 15 331 | 332 | # Configuration for admin credentials of the Enforcer 333 | [enforcer.management] 334 | username = "admin" 335 | password = "admin" 336 | 337 | # This configuration to enable the Enforcer Internal Data rest API 338 | [enforcer.restserver] 339 | enabled = true 340 | 341 | # The configuration of the backend jwt generation in the Choreo Connect 342 | [enforcer.jwtGenerator] 343 | # Enable/Disable backend JWT generation 344 | enabled = false 345 | # Encoding of the JWT 346 | encoding = "base64" # base64,base64url 347 | # The JWT access token contains all claims that are defined in the enforcer.jwtGenerator.claimDialect element 348 | # The default value of this element is http://wso2.org/claims 349 | # To get the list of a specific user's claims that need to be included in the JWT, uncomment this element after enabling the JWT 350 | # It will include all claims in http://wso2.org/claims to the JWT access token 351 | claimDialect = "http://wso2.org/claims" 352 | # Remap the OIDC claims into the configured dialect 353 | convertDialect = false 354 | # The name of the HTTP header to which the JWT is attached 355 | header = "X-JWT-Assertion" 356 | # The signing algorithm is used to sign the JWT 357 | signingAlgorithm = "SHA256withRSA" 358 | # Enable/Disable user claims 359 | enableUserClaims = false 360 | # Custom JWT generator 361 | gatewayGeneratorImpl = "org.wso2.carbon.apimgt.common.gateway.jwtgenerator.APIMgtGatewayJWTGeneratorImpl" 362 | # Custom Claim Retriever to add custom claims into JWT 363 | claimsExtractorImpl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever" 364 | # Token expiry time in seconds 365 | tokenTTL = 3600 366 | # JWKS Endpoint calls allowed per a configured time window 367 | jwksRatelimitQuota = 1000 368 | # JWKS Endpoint rate limiting time window 369 | jwksRatelimitTimeWindowInSeconds = 10 370 | # Whether to use kid or x5t parameter to identify JWT verification key 371 | useKidProperty = true 372 | # Key-Certificate pairs used for JWT Generation. Multiple Certificates could be added to generate multiple JWK 373 | # Entries. This is to do certificate rotation. 374 | [[enforcer.jwtGenerator.keypair]] 375 | publicCertificatePath = "/home/wso2/security/truststore/mg.pem" 376 | privateKeyPath = "/home/wso2/security/keystore/mg.key" 377 | useForSigning = true 378 | 379 | # The issuer configuration required to generate token at Choreo Connect 380 | [enforcer.jwtIssuer] 381 | # Enable/Disable JWT generation 382 | enabled = true 383 | # Issuer value for the JWT under iss claim 384 | issuer = "https://localhost:9095/testkey" 385 | # Encoding of the JWT 386 | encoding = "base64" # base64,base64url 387 | # A set of claims are identified as a dialect. Different dialects represent the same piece of information with different claim URIs 388 | claimDialect = "" 389 | # The signing algorithm is used to sign the JWT 390 | signingAlgorithm = "SHA256withRSA" 391 | # Public certificate for generated JWT 392 | publicCertificatePath = "/home/wso2/security/truststore/mg.pem" 393 | # Private key path used for JWT generation 394 | privateKeyPath = "/home/wso2/security/keystore/mg.key" 395 | # Validity period of the JWT in seconds 396 | validityPeriod = 3600 397 | # Configure allowed users to use the JWT generated by the Choreo Connect. You can provide multiple users 398 | [[enforcer.jwtIssuer.jwtUser]] 399 | username = "admin" 400 | password = "$env{enforcer_admin_pwd}" 401 | 402 | [enforcer.security] 403 | 404 | # Configurations related to Authorization header 405 | [enforcer.security.authHeader] 406 | # Send the authorization header to the backend 407 | enableOutboundAuthHeader = false 408 | # Header name for the authorization token coming from the downstream client 409 | authorizationHeader = "authorization" 410 | testConsoleHeaderName = "Internal-Key" 411 | 412 | # Configurations related to Mutual SSL 413 | [enforcer.security.mutualSSL] 414 | # Header name for the client certificate header coming from the downstream client 415 | certificateHeader = "X-WSO2-CLIENT-CERTIFICATE" 416 | # Enables the mTLS validation using the client certificate coming from TLS handshake 417 | # If configured false, mTLS validation is done using the client certificate coming from the header 418 | enableClientValidation = true 419 | # Enables the decoding process for the encoded client certificate in the header 420 | clientCertificateEncode = false 421 | # Sends the client certificate header to the backend 422 | enableOutboundCertificateHeader = false 423 | 424 | # JWT token authorization configurations. You can provide multiple JWT issuers 425 | # Issuer 1 - Resident Key Manager Issuer for Access tokens 426 | [[enforcer.security.tokenService]] 427 | # Provide unique name for the JWT issuer 428 | name = "Resident Key Manager" 429 | issuer = "https://localhost:9443/oauth2/token" 430 | # Alias name given in Enforcer truststore for the public certificate of the JWT issuer 431 | certificateAlias = "wso2carbon" 432 | # URL of the JWKs endpoint 433 | jwksURL = "" 434 | # Validate subscribed APIs 435 | validateSubscription = false 436 | # The claim in which the consumer key of the application is coming 437 | consumerKeyClaim = "azp" 438 | # Certificate Filepath within Enforcer 439 | certificateFilePath = "/home/wso2/security/truststore/wso2carbon.pem" 440 | 441 | # Issuer 2 - Issuer for Enforcer test key 442 | [[enforcer.security.tokenService]] 443 | # Provide unique name for the JWT issuer 444 | name = "MGW" 445 | issuer = "https://localhost:9095/testkey" 446 | # Alias name given in Enforcer truststore for the public certificate of the JWT issuer 447 | certificateAlias = "mgw" 448 | # URL of the JWKs endpoint 449 | jwksURL = "" 450 | # Validate subscribed APIs 451 | validateSubscription = false 452 | # The claim in which the consumer key of the application is coming 453 | consumerKeyClaim = "" 454 | # Certificate Filepath within Enforcer 455 | certificateFilePath = "/home/wso2/security/truststore/mg.pem" 456 | 457 | # Issuer 3 - Issuer for API Manager Internal Key 458 | [[enforcer.security.tokenService]] 459 | # Provide unique name for the JWT issuer 460 | name = "APIM Publisher" 461 | issuer = "https://localhost:9443/publisher" 462 | validateSubscription = true 463 | # Alias name given in Enforcer truststore for the public certificate of the JWT issuer 464 | certificateAlias = "publisher_certificate_alias" 465 | # Certificate Filepath within Enforcer 466 | certificateFilePath = "/home/wso2/security/truststore/wso2carbon.pem" 467 | 468 | # Issuer 4 - Issuer for API Manager API Key 469 | [[enforcer.security.tokenService]] 470 | # Provide unique name for the JWT issuer 471 | name = "APIM APIkey" 472 | issuer = "https://localhost:9443/publisher" 473 | validateSubscription = true 474 | # Alias name given in Enforcer truststore for the public certificate of the JWT issuer 475 | certificateAlias = "apikey_certificate_alias" 476 | # Certificate Filepath within Enforcer 477 | certificateFilePath = "/home/wso2/security/truststore/wso2carbon.pem" 478 | 479 | # Throttling configurations 480 | [enforcer.throttling] 481 | # Connect with the central traffic manager 482 | enableGlobalEventPublishing = false 483 | # Enable global advanced throttling based on request header conditions 484 | enableHeaderConditions = false 485 | # Enable global advanced throttling based on request query parameter conditions 486 | enableQueryParamConditions = false 487 | # Enable global advanced throttling based on jwt claim conditions 488 | enableJwtClaimConditions = false 489 | # The message broker context factory 490 | jmsConnectionInitialContextFactory = "org.wso2.andes.jndi.PropertiesFileInitialContextFactory" 491 | # The message broker connection URL 492 | jmsConnectionProviderURL = "amqp://admin:$env{tm_admin_pwd}@carbon/carbon?brokerlist='tcp://apim:5672'" 493 | # Throttling configurations related to event publishing using a binary connection 494 | [enforcer.throttling.publisher] 495 | # Credentials required to establish connection between Traffic Manager 496 | username = "admin" 497 | password = "$env{tm_admin_pwd}" 498 | # Receiver URL and the authentication URL of the Traffic manager node/nodes 499 | [[enforcer.throttling.publisher.URLGroup]] 500 | receiverURLs = ["tcp://apim:9611"] 501 | authURLs = ["ssl://apim:9711"] 502 | 503 | # Data publisher object pool configurations 504 | [enforcer.throttling.publisher.pool] 505 | # Maximum idle number of connections 506 | maxIdleDataPublishingAgents = 1000 507 | # Minimum idle number of connections 508 | initIdleObjectDataPublishingAgents = 200 509 | # Thread pool core size 510 | publisherThreadPoolCoreSize = 200 511 | # The maximum size of the thread pool 512 | publisherThreadPoolMaximumSize = 1000 513 | # The timeframe after which the publisher thread pool is terminated in seconds 514 | publisherThreadPoolKeepAliveTime = 200 515 | 516 | # Data publisher agent configurations 517 | [enforcer.throttling.publisher.agent] 518 | # SSL Protocols 519 | sslEnabledProtocols = "TLSv1.2" 520 | # Ciphers 521 | ciphers = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 ,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV" 522 | # The size of the queue event disruptor which handles events before they are published 523 | # The value specified should always be the result of an exponent with 2 as the base 524 | queueSize = 32768 525 | # The maximum number of events in a batch sent to the queue event disruptor at a given time 526 | batchSize = 200 527 | # The number of threads that will be reserved to handle events at the time you start 528 | corePoolSize = 1 529 | # Socket timeout 530 | socketTimeoutMS = 30000 531 | # The maximum number of threads that should be reserved at any given time to handle events 532 | maxPoolSize = 1 533 | # The amount of time which threads in excess of the core pool size may remain idle before being terminated. 534 | keepAliveTimeInPool = 20 535 | # The time interval between reconnection 536 | reconnectionInterval = 30 537 | # TCP connection pool configurations (for data publishing) 538 | maxTransportPoolSize = 250 539 | maxIdleConnections = 250 540 | evictionTimePeriod = 5500 541 | minIdleTimeInPool = 5000 542 | # SSL connection pool configurations (for authentication) 543 | secureMaxTransportPoolSize = 250 544 | secureMaxIdleConnections = 250 545 | secureEvictionTimePeriod = 5500 546 | secureMinIdleTimeInPool = 5000 547 | 548 | # Metrics configurations for Choreo Connect 549 | [enforcer.metrics] 550 | # Enable/Disable metrics in Choreo Connect 551 | enabled = false 552 | type = "azure" 553 | 554 | # Control plane's connection details 555 | [controlPlane] 556 | # Enable/Disable Choreo Connect Control plane 557 | enabled = false 558 | # Service URL of the API Manager 559 | serviceURL = "https://apim:9443/" 560 | # Username of the API Manager user 561 | username = "admin" 562 | # Password of the API Manager user 563 | password = "$env{cp_admin_pwd}" 564 | # Environment labels list 565 | environmentLabels = ["Default"] 566 | # Connection retry interval 567 | retryInterval = 5 568 | # Skip SSL verification 569 | skipSSLVerification = false 570 | # Send revision update success acknowlegdement to the control plane 571 | sendRevisionUpdate = false 572 | # Message broker connection URL of the control plane 573 | [controlPlane.brokerConnectionParameters] 574 | eventListeningEndpoints = ["amqp://admin:$env{cp_admin_pwd}@apim:5672?retries='10'&connectdelay='30'"] 575 | reconnectInterval = 5000 576 | reconnectRetryCount = 60 577 | # Worker Pool for sending requests to API Manager to reduce the load if the adapter tries to reconnect. 578 | [controlPlane.requestWorkerPool] 579 | # Number of workers 580 | poolSize = 4 581 | # Number of tasks can be submitted to the worker pool without being blocked. 582 | queueSizePerPool = 1000 583 | # HTTP client configuration. 584 | [controlPlane.httpClient] 585 | requestTimeOut = 30 586 | 587 | # Global Adapter related configurations 588 | [globalAdapter] 589 | # Enable Choreo Connect Global adapter client 590 | enabled = false 591 | # Global adapter Service URL (:) 592 | serviceURL = "global-adapter:18000" 593 | # Subject Alternative Name considered for TLS communication with global adapter 594 | overrideHostName = "" 595 | # Local Adapter Label 596 | localLabel = "$env{local_label}" 597 | # Retry Interval 598 | retryInterval = 5 599 | 600 | # Analytics configurations for Choreo Connect 601 | [analytics] 602 | # Enable/Disable Analytics in Choreo Connect 603 | enabled = false 604 | type = "Default" 605 | 606 | # Use following type to enable ELK analytics 607 | # type = "ELK" 608 | 609 | [analytics.adapter] 610 | # Buffer flush interval for gRPC access log client in Router 611 | bufferFlushInterval = "1s" 612 | # Buffer size limit for buffer flush to be triggered 613 | bufferSizeBytes = 16384 614 | # gRPC connection timeout for access log service 615 | gRPCRequestTimeout = "20s" 616 | [analytics.adapter.customProperties] 617 | # Enable/Disable analytics custom properties in Choreo Connect 618 | enabled = true 619 | # Request headers required to pass from Router to the Enforcer. Accept, User-Agent headers are available by default. 620 | requestHeaders = [] 621 | # Response headers required to pass from Router to the Enforcer. Content-length, Content-type, Date headers are available by default. 622 | responseHeaders = [] 623 | # Response trailers required to pass from Router to the Enforcer 624 | responseTrailers = [] 625 | 626 | # Enforcer related configurations 627 | [analytics.enforcer] 628 | [analytics.enforcer.configProperties] 629 | # Overrides default analytics publisher reporter class 630 | # "publisher.reporter.class" = "org.wso2.am.analytics.publisher.sample.reporter.CustomReporter" 631 | # Authentication endpoint for Choreo Analytics Publishing (This is not used when the type is "elk") 632 | # Fully qualified class name relevant to the custom analytics data handling 633 | #"publisher.custom.data.provider.class" = "org.wso2.carbon.apimgt.gateway.sample.publisher.CustomDataProvider" 634 | authURL = "$env{analytics_authURL}" 635 | # Authentication token for Choreo Analytics Publishing (This is not used when the type is "elk") 636 | authToken = "$env{analytics_authToken}" 637 | 638 | # gRPC access log service within Enforcer 639 | [analytics.enforcer.LogReceiver] 640 | # Port 641 | port = 18090 642 | # Maximum message size in bytes 643 | maxMessageSize = 1000000000 644 | # Maximum header size in bytes 645 | maxHeaderLimit = 8192 646 | # Keep alive time of gRPC access log connection 647 | keepAliveTime = 600 648 | 649 | # Thread pool configuration for gRPC access log server 650 | [analytics.enforcer.LogReceiver.threadPool] 651 | # Minimum number of workers to keep alive 652 | coreSize = 10 653 | # Maximum pool size 654 | maxSize = 100 655 | # Timeout in seconds for idle threads waiting for work 656 | keepAliveTime = 600 657 | # Queue size of the worker threads 658 | queueSize = 1000 659 | 660 | # Tracing configurations for Choreo Connect 661 | [tracing] 662 | # Enable/Disable tracing in Choreo Connect 663 | enabled = false 664 | # Type of tracer exporter (e.g: azure, zipkin). Use zipkin type for Jaeger as well. 665 | type = "zipkin" 666 | # configurations for zipkin tracer type 667 | [tracing.configProperties] 668 | # maximum length of the request path to extract and include in the HttpUrl tag. 669 | maxPathLength = "256" 670 | # jaeger host 671 | host = "jaeger" 672 | # jaeger port 673 | port = "9411" 674 | # jaeger collector endpoint path 675 | endpoint = "/api/v2/spans" 676 | # library Name to be tagged in traces (`otel.library.name`). 677 | libraryName = "CHOREO-CONNECT" 678 | # Maximum number of sampled traces per second string 679 | maximumTracesPerSecond = "2" 680 | 681 | # # Type of tracer exporter (e.g: azure, jaeger, zipkin) 682 | # type = "zipkin" 683 | # # configurations for zipkin tracer type 684 | # [tracing.configProperties] 685 | # # maximum length of the request path to extract and include in the HttpUrl tag. 686 | # maxPathLength = "256" 687 | # # zipkin host 688 | # host = "zipkin" 689 | # # zipkin port 690 | # port = "9411" 691 | # # zipkin collector endpoint path 692 | # endpoint = "/api/v2/spans" 693 | # # library Name to be tagged in traces (`otel.library.name`). 694 | # libraryName = "CHOREO-CONNECT" 695 | # # Maximum number of sampled traces per second string 696 | # maximumTracesPerSecond = "2" 697 | # timeout = "15" 698 | 699 | # type = "azure" 700 | # [tracing.configProperties] 701 | # connectionString = "" 702 | # # Instrumentation Name 703 | # instrumentationName = "CHOREO-CONNECT" 704 | # # Maximum number of sampled traces per second string 705 | # maximumTracesPerSecond = "2" 706 | 707 | # type = "otlp" 708 | # [tracing.configProperties] 709 | # # maximum length of the request path to extract and include in the HttpUrl tag. 710 | # maxPathLength = "256" 711 | # # remote url for publishing traces. i.e - New Relic otlp url. 712 | # connectionString = "https://otlp.nr-data.net" 713 | # # auth header name 714 | # authHeaderName = "api-key" 715 | # # auth header value 716 | # authHeaderValue = "845e16b6cfba0ea5e95e3NRALe8f478ae6d3c97f" 717 | # # library Name to be tagged in traces (`otel.library.name`). 718 | # instrumentationName = "CHOREO-CONNECT" 719 | # # Maximum number of sampled traces per second string 720 | # maximumTracesPerSecond = "2" 721 | --------------------------------------------------------------------------------