sebdevaux
commented
1 year ago Hi, which version of Helm Chart did you use?
Closed rdemorais closed 1 year ago
sebdevaux
commented
1 year ago Hi, which version of Helm Chart did you use?
rdemorais
commented
1 year ago Hi, thanks for replying. Actually, I managed to understand the root problem. I was using cloudflare in front of the components which was causing problems when access the page.
I don't know why the error was the one I described, but when I switch to a local certificate (Let's encrypt) it worked like a charm.
Here is the values.yaml that is deployed on my infrastructure. I believe we can close this one.
adminAccountEnable: true
adminEmail: null
adminFirstName: null
adminLastName: null
adminPasswordBcrypt: REDACTED
# extraVolumes: |
# - name: config
# configMap:
# name: gravitee-config
alerts:
enabled: false
endpoints:
- https://apim.REDACTED
security:
enabled: false
password: adminadmin
username: admin
api:
additionalPlugins: null
analytics:
type: elasticsearch
autoscaling:
enabled: true
maxReplicas: 3
minReplicas: 1
targetAverageUtilization: 50
targetMemoryAverageUtilization: 80
deployment:
affinity: {}
annotations: {}
customLivenessProbe: {}
customReadinessProbe: {}
customStartupProbe: {}
envFrom: []
hostAliases: []
labels: {}
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 30
tcpSocket:
port: http
nodeSelector: {}
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 30
tcpSocket:
port: http
securityContext:
runAsNonRoot: true
runAsUser: 1001
serviceAccount: ''
startupProbe:
enabled: true
failureThreshold: 30
periodSeconds: 10
tcpSocket:
port: http
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
tolerations: []
topologySpreadConstraints: []
enabled: true
env: []
http:
api:
entrypoint: /
client:
timeout: 10000
services:
core:
http:
authentication:
password: adminadmin
enabled: true
host: apim.REDACTED
port: 18083
ingress:
enabled: false
ingressClassName: ''
pathType: Prefix
service:
enabled: false
image:
pullPolicy: Always
repository: graviteeio/apim-management-api
ingress:
management:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: "ih-ca-issuer"
nginx.ingress.kubernetes.io/configuration-snippet: |
etag on;
proxy_pass_header ETag;
proxy_pass_header if-match;
enabled: true
tls:
- secretName: ihealth-cert-tec
hosts:
- apim.REDACTED
hosts:
- apim.REDACTED
ingressClassName: ''
path: /management
pathType: Prefix
scheme: https
portal:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: "ih-ca-issuer"
nginx.ingress.kubernetes.io/configuration-snippet: |
etag on;
proxy_pass_header ETag;
proxy_set_header if-match "";
enabled: true
tls:
- secretName: ihealth-cert-tec
hosts:
- apim.REDACTED
hosts:
- apim.REDACTED
ingressClassName: ''
path: /portal
pathType: Prefix
scheme: https
logging:
debug: false
file:
enabled: true
encoderPattern: '%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n%n'
rollingPolicy: >
<rollingPolicy
class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<!-- daily rollover -->
<fileNamePattern>${gravitee.management.log.dir}/gravitee_%d{yyyy-MM-dd}.log</fileNamePattern>
<!-- keep 30 days' worth of history -->
<maxHistory>30</maxHistory>
</rollingPolicy>
graviteeLevel: DEBUG
jettyLevel: INFO
stdout:
encoderPattern: '%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n'
json: false
name: api
newsletterEnabled: true
pdb:
enabled: false
maxUnavailable: 50%
minAvailable: ''
podAnnotations: {}
priorityClassName: ''
ratingEnabled: true
reloadOnConfigChange: true
removePlugins: null
replicaCount: 1
resources:
limits:
cpu: 500m
memory: 1024Mi
requests:
cpu: 200m
memory: 512Mi
restartPolicy: OnFailure
securityContext:
runAsNonRoot: true
runAsUser: 1001
service:
externalPort: 83
externalTrafficPolicy: Cluster
internalPort: 8083
internalPortName: http
type: ClusterIP
services:
bridge:
enabled: false
ingress:
annotations: {}
enabled: false
hosts:
- apim.REDACTED
ingressClassName: ''
path: /api/_bridge
pathType: Prefix
service:
externalPort: 92
internalPort: 18092
ssl:
enabled: false
metrics:
enabled: false
prometheus:
enabled: true
subscription:
enabled: false
ssl:
enabled: false
supportEnabled: true
terminationGracePeriod: 30
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
upgrader: false
user:
anynomizeOnDelete: false
login:
defaultApplication: true
apim:
managedServiceAccount: true
name: apim
roleRules:
- apiGroups:
- ''
resources:
- configmaps
- secrets
verbs:
- get
- list
- watch
serviceAccount: ''
chaos:
enabled: false
cockpit:
controller: https://cockpit-controller.gravitee.io
enabled: false
keystore:
password: null
value: base64 encoded value of the keystore provided by Cockpit (required)
ssl:
verifyHostname: true
url: https://cockpit.gravitee.io
common:
annotations: {}
labels: {}
elasticsearch:
coordinating:
replicas: 2
resources:
limits:
cpu: 500m
memory: 1024Mi
requests:
cpu: 25m
memory: 256Mi
data:
heapSize: 512m
persistence:
size: 20Gi
replicas: 2
resources:
limits:
cpu: 1
memory: 2048Mi
requests:
cpu: 50m
memory: 1024Mi
enabled: false
fullnameOverride: graviteeio-apim-elasticsearch
image:
repository: bitnami/elasticsearch
tag: 7.17.9
master:
persistence:
size: 4Gi
replicas: 2
resources:
limits:
cpu: 500m
memory: 1024Mi
requests:
cpu: 25m
memory: 256Mi
name: elasticsearch
es:
cluster: elasticsearch
enabled: true
endpoints:
- http://REDACTED
index: gravitee
index_mode: daily
lifecycle:
enabled: false
policies:
health: my_policy
log: my_policy
monitor: my_policy
request: my_policy
policyPropertyName: index.lifecycle.name
pipeline:
plugins:
ingest: geoip, user_agent
security:
enabled: false
password: example
username: example
ssl:
enabled: false
extraInMemoryUsers: []
# extraInMemoryUsers: |
# - user:
# username: user
# # Password value: password
# password: $2a$10$9kjw/SH9gucCId3Lnt6EmuFreUAcXSZgpvAYuW2ISv7hSOhHRH1AO
# roles: ORGANIZATION:USER, ENVIRONMENT:USER
# # Useful to receive notifications
# #email:
# #firstName:
# #lastName:
# - user:
# username: api1
# # Password value: api1
# password: $2a$10$iXdXO4wAYdhx2LOwijsp7.PsoAZQ05zEdHxbriIYCbtyo.y32LTji
# # You can declare multiple roles using comma separator
# roles: ORGANIZATION:USER, ENVIRONMENT:API_PUBLISHER
# #email:
# #firstName:
# #lastName:
# - user:
# username: application1
# # Password value: application1
# password: $2a$10$2gtKPYRB9zaVaPcn5RBx/.3T.7SeZoDGs9GKqbo9G64fKyXFR1He.
# roles: ORGANIZATION:USER, ENVIRONMENT:USER
# #email:
# #firstName:
# #lastName:
gateway:
additionalPlugins: null
apiKey:
header: X-Gravitee-Api-Key
param: api-key
autoscaling:
enabled: true
maxReplicas: 3
minReplicas: 1
targetAverageUtilization: 50
targetMemoryAverageUtilization: 80
classloader:
legacy:
enabled: false
deployment:
affinity: {}
annotations: {}
customLivenessProbe: {}
customReadinessProbe: {}
customStartupProbe: {}
envFrom: []
hostAliases: []
labels: {}
livenessProbe:
enabled: true
failureThreshold: 3
httpGet:
httpHeaders:
- name: Authorization
value: Basic YWRtaW46YWRtaW5hZG1pbg==
path: /_node/health?probes=http-server
port: 18082
scheme: HTTP
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 2
nodeSelector: {}
readinessProbe:
enabled: true
failureThreshold: 2
httpGet:
httpHeaders:
- name: Authorization
value: Basic YWRtaW46YWRtaW5hZG1pbg==
path: /_node/health?probes=api-sync
port: 18082
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
securityContext:
runAsNonRoot: true
runAsUser: 1001
serviceAccount: ''
startupProbe:
enabled: true
failureThreshold: 29
httpGet:
httpHeaders:
- name: Authorization
value: Basic YWRtaW46YWRtaW5hZG1pbg==
path: /_node/health?probes=http-server
port: 18082
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
tolerations: []
topologySpreadConstraints: []
enabled: true
env: []
gracefulShutdown:
delay: 0
unit: MILLISECONDS
image:
pullPolicy: Always
repository: graviteeio/apim-gateway
ingress:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
nginx.ingress.kubernetes.io/rewrite-target: /$2
cert-manager.io/cluster-issuer: "ih-ca-issuer"
enabled: true
tls:
- secretName: ihealth-cert-tec
hosts:
- apim.REDACTED
hosts:
- apim.REDACTED
ingressClassName: ''
path: /api(/|$)(.*)
pathType: Prefix
ingressController: false
logging:
debug: false
file:
enabled: true
encoderPattern: '%d{HH:mm:ss.SSS} [%thread] [%X{api}] %-5level %logger{36} - %msg%n'
rollingPolicy: >
<rollingPolicy
class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<!-- daily rollover -->
<fileNamePattern>${gravitee.home}/logs/gravitee_%d{yyyy-MM-dd}.log</fileNamePattern>
<!-- keep 30 days' worth of history -->
<maxHistory>30</maxHistory>
</rollingPolicy>
graviteeLevel: DEBUG
jettyLevel: WARN
stdout:
encoderPattern: '%d{HH:mm:ss.SSS} [%thread] [%X{api}] %-5level %logger{36} - %msg%n'
json: false
management:
http: null
name: gateway
pdb:
enabled: false
maxUnavailable: 50%
minAvailable: ''
podAnnotations: {}
priorityClassName: ''
ratelimit:
redis: null
reloadOnConfigChange: true
removePlugins: null
replicaCount: 1
reporters:
elasticsearch:
enabled: true
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 200m
memory: 256Mi
securityContext:
runAsNonRoot: true
runAsUser: 1001
service:
externalPort: 82
externalTrafficPolicy: Cluster
internalPort: 8082
internalPortName: http
type: ClusterIP
services:
bridge:
enabled: false
ingress:
annotations: {}
enabled: false
hosts:
- apim.REDACTED
ingressClassName: ''
path: /_bridge
pathType: Prefix
service:
externalPort: 92
internalPort: 18092
ssl:
enabled: false
core:
http:
authentication:
password: adminadmin
type: basic
enabled: false
host: 0.0.0.0
port: 18082
secured: false
ssl:
keystore:
path: /p12/keystore
type: PKCS12
ingress:
annotations: {}
enabled: false
hosts:
- apim.REDACTED
ingressClassName: ''
path: /_(.*)
pathType: Prefix
service:
enabled: false
metrics:
enabled: false
prometheus:
enabled: true
sync:
cron: '*/5 * * * * *'
tracing:
enabled: false
jaeger:
host: localhost
port: 14250
type: jaeger
ssl:
clientAuth: false
enabled: false
terminationGracePeriod: 30
type: Deployment
websocket: false
graviteeRepoAuth:
enabled: true
inMemoryAuth:
allowEmailInSearchResults: false
enabled: true
passwordEncodingAlgo: bcrypt
initContainers:
env: []
image: alpine:latest
imagePullPolicy: Always
securityContext:
runAsNonRoot: true
runAsUser: 1001
jdbc:
driver: >-
https://jdbc.postgresql.org/download/postgresql-42.2.23.jar
liquibase: true
# pool:
# autoCommit: true
# connectionTimeout: 10000
# idleTimeout: 600000
# maxLifetime: 1800000
# maxPoolSize: 10
# minIdle: 10
# registerMbeans: true
schema: public
url: REDACTED
username: REDACTED
password: REDACTED
jwtSecret: REDACTED
ldap:
authentication:
group:
base: ou=gravitee,ou=groups
filter: member={0}
role:
admin: LDAP_GROUP_ADMIN
attribute: sAMAccountName
consumer: LDAP_GROUP_CONSUMER
publisher: LDAP_GROUP_PUBLISHER
user: LDAP_GROUP_USER
user:
base: ou=users
filter: sAMAccountName={0}
photo: thumbnailPhoto
context:
base: dc=example,dc=com
password: pass@12345
url: ldap://ldap.example.com
user: user@example.com
enabled: false
lookup:
allowEmailInSearchResults: false
user:
base: ou=users
filter: (&(objectClass=person)(|(cn=*{0}*)(sAMAccountName={0})))
license:
name: licensekey
management:
type: jdbc
mongo:
auth:
enabled: false
password: null
source: admin
username: null
connectTimeoutMS: 30000
dbhost: graviteeio-apim-mongodb-replicaset-headless
dbname: gravitee
dbport: 27017
rs: rs0
rsEnabled: true
socketKeepAlive: false
sslEnabled: false
mongodb:
architecture: replicaset
auth:
enabled: false
enabled: false
fullnameOverride: graviteeio-apim-mongodb-replicaset
image:
repository: bitnami/mongodb
tag: 6.0.6
persistence:
accessModes:
- ReadWriteOnce
enabled: true
size: 1Gi
podAffinityPreset: soft
replicaSetName: rs0
resources:
limits:
cpu: 1
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
notifiers:
smtp:
enabled: true
from: ${email.from}
host: ${email.host}
password: ${email.password}
port: ${email.port}
subject: ${email.subject}
username: ${email.username}
oidcAuth:
enabled: false
openshift:
enabled: false
portal:
autoscaling:
enabled: true
maxReplicas: 3
minReplicas: 1
targetAverageUtilization: 50
targetMemoryAverageUtilization: 80
deployment:
affinity: {}
annotations: {}
customLivenessProbe: {}
customReadinessProbe: {}
customStartupProbe: {}
envFrom: []
hostAliases: []
labels: {}
livenessProbe:
enabled: true
failureThreshold: 3
httpGet:
path: /
port: http
initialDelaySeconds: 10
periodSeconds: 30
nodeSelector: {}
readinessProbe:
enabled: true
failureThreshold: 3
httpGet:
path: /
port: http
initialDelaySeconds: 10
periodSeconds: 30
securityContext:
runAsGroup: 101
runAsNonRoot: true
runAsUser: 101
startupProbe:
enabled: false
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
tolerations: []
topologySpreadConstraints: []
enabled: true
env: []
image:
pullPolicy: Always
repository: graviteeio/apim-portal-ui
ingress:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: "ih-ca-issuer"
nginx.ingress.kubernetes.io/configuration-snippet: |
etag on;
proxy_pass_header ETag;
enabled: true
tls:
- secretName: ihealth-cert-tec
hosts:
- apim.REDACTED
hosts:
- apim.REDACTED
ingressClassName: ''
path: /
pathType: Prefix
scheme: https
name: portal
pdb:
enabled: false
maxUnavailable: 50%
minAvailable: ''
podAnnotations: {}
priorityClassName: ''
replicaCount: 1
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
securityContext:
runAsGroup: 101
runAsNonRoot: true
runAsUser: 101
service:
externalPort: 8003
externalTrafficPolicy: Cluster
internalPort: 8080
internalPortName: http
name: nginx
type: ClusterIP
terminationGracePeriod: 30
ratelimit:
type: jdbc
redis:
download: false
security:
providers:
- type: oidc
id: keycloak # not required if not present, the type is used
clientId: gravitee-cli
clientSecret: REDACTED
tokenIntrospectionEndpoint: https://REDACTED/auth/realms/REDACTED/protocol/openid-connect/token/introspect
tokenEndpoint: https://REDACTED/auth/realms/REDACTED/protocol/openid-connect/token
authorizeEndpoint: https://REDACTED/auth/realms/REDACTED/protocol/openid-connect/auth
userInfoEndpoint: https://REDACTED/auth/realms/REDACTED/protocol/openid-connect/userinfo
userLogoutEndpoint: https://REDACTED/auth/realms/REDACTED/protocol/openid-connect/logout
color: "#0076b4"
syncMappings: false
scopes:
- openid
- profile
userMapping:
id: sub
email: email
lastname: family_name
firstname: given_name
picture: picture
# groupMapping:
# - condition: "{#jsonPath(#profile, '$.identity_provider_id') == 'PARTNERS' && #jsonPath(#profile, '$.job_id') != 'API_MANAGER'}"
# groups:
# - Group 1
# - Group 2
roleMapping:
- condition: "{(#jsonPath(#profile, '$.groups') matches 'gravitee-admin' )}"
roles:
- "ORGANIZATION:ADMIN"
- "ENVIRONMENT:ADMIN"
- condition: "{(#jsonPath(#profile, '$.groups') matches 'gravitee-user' )}"
roles:
- "ORGANIZATION:USER"
- "ENVIRONMENT:USER"
- "API:USER"
- "APPLICATION:USER"
trustAll: false
smtp:
enabled: false
from: info@example.com
host: smtp.example.com
password: example.com
port: 25
properties:
auth: true
starttls.enable: false
subject: '[gravitee] %s'
username: info@example.com
ui:
# baseURL: apim.ihealthgroup.tec.br
autoscaling:
enabled: true
maxReplicas: 3
minReplicas: 1
targetAverageUtilization: 50
targetMemoryAverageUtilization: 80
companyName: REDACTED
deployment:
affinity: {}
annotations: {}
customLivenessProbe: {}
customReadinessProbe: {}
customStartupProbe: {}
envFrom: []
hostAliases: []
labels: {}
livenessProbe:
enabled: true
failureThreshold: 3
httpGet:
path: /
port: http
initialDelaySeconds: 10
periodSeconds: 30
nodeSelector: {}
readinessProbe:
enabled: true
failureThreshold: 3
httpGet:
path: /
port: http
initialDelaySeconds: 10
periodSeconds: 30
securityContext:
runAsGroup: 101
runAsNonRoot: true
runAsUser: 101
startupProbe:
enabled: false
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
tolerations: []
topologySpreadConstraints: []
documentationLink: http://docs.gravitee.io/
enabled: true
env: []
image:
pullPolicy: Always
repository: graviteeio/apim-management-ui
ingress:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: "ih-ca-issuer"
nginx.ingress.kubernetes.io/configuration-snippet: |
etag on;
proxy_pass_header ETag;
nginx.ingress.kubernetes.io/rewrite-target: /$1
enabled: true
tls:
- secretName: ihealth-cert-tec
hosts:
- apim.REDACTED
hosts:
- apim.REDACTED
ingressClassName: ''
path: /console(/.*)?
pathType: Prefix
scheme: https
managementTitle: API Management
name: ui
pdb:
enabled: false
maxUnavailable: 50%
minAvailable: ''
podAnnotations: {}
portal:
analytics:
enabled: false
trackingId: ''
apikeyHeader: X-Gravitee-Api-Key
rating:
enabled: false
support:
enabled: true
userCreation:
enabled: false
priorityClassName: ''
replicaCount: 1
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
scheduler:
tasks: 10
securityContext:
runAsGroup: 101
runAsNonRoot: true
runAsUser: 101
service:
externalPort: 8002
externalTrafficPolicy: Cluster
internalPort: 8080
internalPortName: http
name: nginx
type: ClusterIP
terminationGracePeriod: 30
theme:
loader: assets/gravitee_logo_anim.gif
logo: themes/assets/GRAVITEE_LOGO1-01.png
name: default
title: Management UI
gaetanmaisse
commented
1 year ago Thanks for the feedback @rdemorais, I'm closing the issue then.
Describe the bug
After installing Gravitee using helm charts, the portal keeps calling http://localhost:8083 despite the constants.json configuration resulting on erros that prevents using the tool.
To Reproduce
Steps to reproduce the behaviour:
Server unavailable or connection lostAlso, when I look into the logs of
apim3-ui, I can see the following lines:2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: INFO Backend set to env – 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: INFO Starting confd 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: INFO /usr/share/nginx/html/constants.json has UID 0 should be 101 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: INFO /usr/share/nginx/html/constants.json has GID 0 should be 101 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: INFO /usr/share/nginx/html/constants.json has md5sum 8bd783cb9df3db294c97fd0018f21b02 should be ad749a23a35606d70caac99fc2d0fad5 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: INFO Target config /usr/share/nginx/html/constants.json out of sync 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: ERROR open /usr/share/nginx/html/constants.json: read-only file system 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: INFO /etc/nginx/conf.d/default.conf has GID 0 should be 101 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: INFO /etc/nginx/conf.d/default.conf has md5sum 25c02145e4a2e1d2bc6da5d585cddd32 should be 9c083043c5d36f5b0bec9df36f56eded 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: INFO Target config /etc/nginx/conf.d/default.conf out of sync 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: INFO Target config /etc/nginx/conf.d/default.conf has been updated 2023-07-02T15:27:03Z graviteeio-apim3-ui-f74c558bd-qtfz5 /bin/confd[8]: FATAL open /usr/share/nginx/html/constants.json: read-only file system
The system failed to read the constants.json file which is correctly configured. My guess is that it is falling back to defaults as it is unable to open the file.
Maybe it could be fixed by giving the proper permissions to the file...
Expected behaviour
After a clean installation, I expected to see the main components working just fine.
Current behaviour
Error when trying to access http://localhost:8083 as baseURL
Useful information
Here is my values.yaml:
adminAccountEnable: true adminEmail: null adminFirstName: null adminLastName: null adminPasswordBcrypt: $2a$10$Ihk05VSds5rUSgMdsMVi9OKMIx2yUvMz7y9VP3rJmQeizZLrhLMyq extraVolumes: |
name: config configMap: name: gravitee-config alerts: enabled: false endpoints:
https://apim.ihealthgroup.tec.br security: enabled: false password: adminadmin username: admin api: additionalPlugins: null analytics: type: elasticsearch autoscaling: enabled: true maxReplicas: 3 minReplicas: 1 targetAverageUtilization: 50 targetMemoryAverageUtilization: 80 deployment: affinity: {} annotations: {} customLivenessProbe: {} customReadinessProbe: {} customStartupProbe: {} envFrom: [] hostAliases: [] labels: {} livenessProbe: enabled: true failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 30 tcpSocket: port: http nodeSelector: {} readinessProbe: enabled: true failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 30 tcpSocket: port: http securityContext: runAsNonRoot: true runAsUser: 1001 serviceAccount: '' startupProbe: enabled: true failureThreshold: 30 periodSeconds: 10 tcpSocket: port: http strategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate tolerations: [] topologySpreadConstraints: [] enabled: true env: [] http: api: entrypoint: / client: timeout: 10000 services: core: http: authentication: password: adminadmin enabled: true host: apim.ihealthgroup.tec.br port: 18083 ingress: enabled: false ingressClassName: '' pathType: Prefix service: enabled: false image: pullPolicy: Always repository: graviteeio/apim-management-api ingress: management: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/configuration-snippet: | etag on; proxy_pass_header ETag; proxy_pass_header if-match; enabled: true hosts:
apim.ihealthgroup.tec.br ingressClassName: '' path: /management pathType: Prefix scheme: http portal: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/configuration-snippet: | etag on; proxy_pass_header ETag; proxy_set_header if-match ""; enabled: true hosts:
apim.ihealthgroup.tec.br ingressClassName: '' path: /portal pathType: Prefix scheme: http logging: debug: false file: enabled: true encoderPattern: '%d {HH:mm:ss.SSS}
[%thread] %-5level %logger
{36} - %msg%n%n' rollingPolicy: >
${gravitee.management.log.dir}/gravitee_%d{yyyy-MM-dd}.log
30 graviteeLevel: DEBUG jettyLevel: INFO stdout: encoderPattern: '%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36}
apim.ihealthgroup.tec.br ingressClassName: '' path: /api/_bridge pathType: Prefix service: externalPort: 92 internalPort: 18092 ssl: enabled: false metrics: enabled: false prometheus: enabled: true subscription: enabled: false ssl: enabled: false supportEnabled: true terminationGracePeriod: 30 updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate upgrader: false user: anynomizeOnDelete: false login: defaultApplication: true apim: managedServiceAccount: true name: apim roleRules:
apiGroups:
'' resources:
configmaps
secrets verbs:
get
list
watch serviceAccount: '' chaos: enabled: false cockpit: controller: https://cockpit-controller.gravitee.io enabled: false keystore: password: null value: base64 encoded value of the keystore provided by Cockpit (required) ssl: verifyHostname: true url: https://cockpit.gravitee.io common: annotations: {} labels: {} elasticsearch: coordinating: replicas: 2 resources: limits: cpu: 500m memory: 1024Mi requests: cpu: 25m memory: 256Mi data: heapSize: 512m persistence: size: 20Gi replicas: 2 resources: limits: cpu: 1 memory: 2048Mi requests: cpu: 50m memory: 1024Mi enabled: false fullnameOverride: graviteeio-apim-elasticsearch image: repository: bitnami/elasticsearch tag: 7.17.9 master: persistence: size: 4Gi replicas: 2 resources: limits: cpu: 500m memory: 1024Mi requests: cpu: 25m memory: 256Mi name: elasticsearch es: cluster: elasticsearch enabled: true endpoints:
http://REDACTED:9200 index: gravitee index_mode: daily lifecycle: enabled: false policies: health: my_policy log: my_policy monitor: my_policy request: my_policy policyPropertyName: index.lifecycle.name pipeline: plugins: ingest: geoip, user_agent security: enabled: false password: example username: example ssl: enabled: false extraInMemoryUsers: |
user: username: user
name: Authorization value: Basic YWRtaW46YWRtaW5hZG1pbg== path: /_node/health?probes=http-server port: 18082 scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 2 nodeSelector: {} readinessProbe: enabled: true failureThreshold: 2 httpGet: httpHeaders:
name: Authorization value: Basic YWRtaW46YWRtaW5hZG1pbg== path: /_node/health?probes=api-sync port: 18082 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 securityContext: runAsNonRoot: true runAsUser: 1001 serviceAccount: '' startupProbe: enabled: true failureThreshold: 29 httpGet: httpHeaders:
name: Authorization value: Basic YWRtaW46YWRtaW5hZG1pbg== path: /_node/health?probes=http-server port: 18082 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 strategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate tolerations: [] topologySpreadConstraints: [] enabled: true env: [] gracefulShutdown: delay: 0 unit: MILLISECONDS image: pullPolicy: Always repository: graviteeio/apim-gateway ingress: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: 'false' enabled: true hosts:
apim.ihealthgroup.tec.br ingressClassName: '' path: / pathType: Prefix ingressController: false logging: debug: false file: enabled: true encoderPattern: '%d {HH:mm:ss.SSS}
[%thread] [%X
{api}] %-5level %logger{36} - %msg%n' rollingPolicy: >
${gravitee.home}/logs/gravitee_%d{yyyy-MM-dd}.log
30 graviteeLevel: DEBUG jettyLevel: WARN stdout: encoderPattern: '%d{HH:mm:ss.SSS} [%thread] [%X{api}
] %-5level %logger
{36}
apim.ihealthgroup.tec.br ingressClassName: '' path: /_bridge pathType: Prefix service: externalPort: 92 internalPort: 18092 ssl: enabled: false core: http: authentication: password: adminadmin type: basic enabled: true host: 0.0.0.0 port: 18082 secured: false ssl: keystore: path: /p12/keystore type: PKCS12 ingress: annotations: {} enabled: false hosts:
apim.ihealthgroup.tec.br ingressClassName: '' path: /(. ) pathType: Prefix service: enabled: false metrics: enabled: false prometheus: enabled: true sync: cron: '_ /5 *' tracing: enabled: false jaeger: host: localhost port: 14250 type: jaeger ssl: clientAuth: false enabled: false terminationGracePeriod: 30 type: Deployment websocket: false graviteeRepoAuth: enabled: true inMemoryAuth: allowEmailInSearchResults: false enabled: true passwordEncodingAlgo: bcrypt initContainers: env: [] image: alpine:latest imagePullPolicy: Always securityContext: runAsNonRoot: true runAsUser: 1001 jdbc: driver: >- https://jdbc.postgresql.org/download/postgresql-42.2.23.jar liquibase: true
pool:
autoCommit: true
connectionTimeout: 10000
idleTimeout: 600000
maxLifetime: 1800000
maxPoolSize: 10
minIdle: 10
registerMbeans: true schema: public url: jdbc:postgresql://REDACTED:5432/graviteedb username: REDACTED password: REDACTED jwtSecret: myJWT4Gr4v1t33_S3cr3t ldap: authentication: group: base: ou=gravitee,ou=groups filter: member= {0} role: admin: LDAP_GROUP_ADMIN attribute: sAMAccountName consumer: LDAP_GROUP_CONSUMER publisher: LDAP_GROUP_PUBLISHER user: LDAP_GROUP_USER user: base: ou=users filter: sAMAccountName={0}
photo: thumbnailPhoto context: base: dc=example,dc=com password: pass@12345 url: ldap://ldap.example.com user: user@example.com enabled: false lookup: allowEmailInSearchResults: false user: base: ou=users filter: (&(objectClass=person)(|(cn=*
{0}*)(sAMAccountName={0}
))) license: name: licensekey management: type: jdbc mongo: auth: enabled: false password: null source: admin username: null connectTimeoutMS: 30000 dbhost: graviteeio-apim-mongodb-replicaset-headless dbname: gravitee dbport: 27017 rs: rs0 rsEnabled: true socketKeepAlive: false sslEnabled: false mongodb: architecture: replicaset auth: enabled: false enabled: false fullnameOverride: graviteeio-apim-mongodb-replicaset image: repository: bitnami/mongodb tag: 6.0.6 persistence: accessModes:
host: $
{email.host}
password: $
{email.password}
port: $
{email.port}
subject: $
{email.subject}
username: $
{email.username}
oidcAuth: enabled: false openshift: enabled: false portal: autoscaling: enabled: true maxReplicas: 3 minReplicas: 1 targetAverageUtilization: 50 targetMemoryAverageUtilization: 80 deployment: affinity: {} annotations: {} customLivenessProbe: {} customReadinessProbe: {} customStartupProbe: {} envFrom: [] hostAliases: [] labels: {} livenessProbe: enabled: true failureThreshold: 3 httpGet: path: / port: http initialDelaySeconds: 10 periodSeconds: 30 nodeSelector: {} readinessProbe: enabled: true failureThreshold: 3 httpGet: path: / port: http initialDelaySeconds: 10 periodSeconds: 30 securityContext: runAsGroup: 101 runAsNonRoot: true runAsUser: 101 startupProbe: enabled: false strategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate tolerations: [] topologySpreadConstraints: [] enabled: true env: [] image: pullPolicy: Always repository: graviteeio/apim-portal-ui ingress: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/configuration-snippet: | etag on; proxy_pass_header ETag; enabled: true hosts:
apim.ihealthgroup.tec.br ingressClassName: '' path: / pathType: Prefix name: portal pdb: enabled: false maxUnavailable: 50% minAvailable: '' podAnnotations: {} priorityClassName: '' replicaCount: 1 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 50m memory: 64Mi securityContext: runAsGroup: 101 runAsNonRoot: true runAsUser: 101 service: externalPort: 8003 externalTrafficPolicy: Cluster internalPort: 8080 internalPortName: http name: nginx type: ClusterIP terminationGracePeriod: 30 ratelimit: type: jdbc redis: download: false security: providers: [] trustAll: false smtp: enabled: false from: info@example.com host: smtp.example.com password: example.com port: 25 properties: auth: true starttls.enable: false subject: '[gravitee] %s' username: info@example.com ui: baseURL: apim.ihealthgroup.tec.br autoscaling: enabled: true maxReplicas: 3 minReplicas: 1 targetAverageUtilization: 50 targetMemoryAverageUtilization: 80 companyName: Gravitee.io deployment: affinity: {} annotations: {} customLivenessProbe: {} customReadinessProbe: {} customStartupProbe: {} envFrom: [] hostAliases: [] labels: {} livenessProbe: enabled: true failureThreshold: 3 httpGet: path: / port: http initialDelaySeconds: 10 periodSeconds: 30 nodeSelector: {} readinessProbe: enabled: true failureThreshold: 3 httpGet: path: / port: http initialDelaySeconds: 10 periodSeconds: 30 securityContext: runAsGroup: 101 runAsNonRoot: true runAsUser: 101 startupProbe: enabled: false strategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate tolerations: [] topologySpreadConstraints: [] documentationLink: http://docs.gravitee.io/ enabled: true env: [] image: pullPolicy: Always repository: graviteeio/apim-management-ui ingress: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/configuration-snippet: | etag on; proxy_pass_header ETag; nginx.ingress.kubernetes.io/rewrite-target: /$1 enabled: true hosts:
apim.ihealthgroup.tec.br ingressClassName: '' path: /console(/.*)? pathType: Prefix managementTitle: API Management name: ui pdb: enabled: false maxUnavailable: 50% minAvailable: '' podAnnotations: {} portal: analytics: enabled: false trackingId: '' apikeyHeader: X-Gravitee-Api-Key rating: enabled: false support: enabled: true userCreation: enabled: false priorityClassName: '' replicaCount: 1 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 50m memory: 64Mi scheduler: tasks: 10 securityContext: runAsGroup: 101 runAsNonRoot: true runAsUser: 101 service: externalPort: 8002 externalTrafficPolicy: Cluster internalPort: 8080 internalPortName: http name: nginx type: ClusterIP terminationGracePeriod: 30 theme: loader: assets/gravitee_logo_anim.gif logo: themes/assets/GRAVITEE_LOGO1-01.png name: default title: Management UI
Environment
Helm v3, Kubernetes
Potential impacts
Dependencies