API Portal failed on certificate mount

Axway / Cloud-Automation

Amplify APIM subjects related to deployment and automation on Kubernetes

15 stars 16 forks source link

API Portal failed on certificate mount #26

Closed dokuboyejo closed 2 years ago

dokuboyejo commented 2 years ago

It looks like the api portal container is now referencing a wrong secret mount ... shouldn't this be apiportal-certs instead? Screenshot from 2022-02-22 14-29-26

cwiechmann commented 2 years ago

Can you please check, if you have configured the following in you values.yaml?

apiportal.config.ssl.existingSecret

If not, by default a secret is created with the following name, which is referenced in the API-Portal deployment: axway-apim-apiportal-certificates

The name of the secret is based on the apiportal.nameOverride. Have you set apiportal.nameOverride? For instance to apiportal?

dokuboyejo commented 2 years ago

@cwiechmann Yes, I did set it as nameOverride: "apiportal"

dokuboyejo commented 2 years ago

@cwiechmann I think the error is from below. Template certificates.name is defined as apiportal.name. However axway-apim-apiportal-certificates was generated

*/}}
{{- define "certificates.name" -}}
{{ include "apiportal.name" . }}-certificates
{{- end }}

cwiechmann commented 2 years ago

Hmm, include {{ include "apiportal.name" . }} means, it should use the following definition from the main helpers file that should honor your override:

{{/*
API-Portal name - Short by default as it look nicer in the ANM-Topology view
*/}}
{{- define "apiportal.name" -}}
{{- if .Values.apiportal.nameOverride -}}
{{ .Values.apiportal.nameOverride }}
{{- else -}}
{{- default .Chart.Name .Values.apiportal.nameOverride | trunc 63 | trimSuffix "-" -}}-apiportal
{{- end -}}
{{- end -}}

But I do agree, if it doesn't work something must be wrong here.

cwiechmann commented 2 years ago

One additional comment. The API-Portal Certificate-Secret is created only during the first installation of the HELM-Chart, as it's using the following HELM annotations:

  annotations:
    "helm.sh/hook": "pre-install"
    "helm.sh/hook-delete-policy": "before-hook-creation"

That means, if you have added the name override later, the secret is not re-created again with your new name. I think if you manually delete it, it should be re-created with the secret-name as expected.

Or you set the existing secret pointing to that secret already existing.

dokuboyejo commented 2 years ago

@cwiechmann Thanks, that was the issue .. recreating the secrets worked