Closed steveliem closed 2 months ago
I think I found the issue. In here: https://github.com/wso2/apk/commit/040f36a572a0339a0acf1fc2693f45d1b808ac84 Annotation support is introduced and also documented in the README. However it is not reflected in the default values.yaml.
I have a hunch you now have all sorts of this issues spread all over several templates inside the chart.
Please fix. And next time please test your changes before commiting!
diff_report.txt I've managed to do a Helm install. The required changes you can find in the attached diff_report.txt. This is a diff with the current main branch.
However, not all the pods spin up successfully. Especially the "apk-test-wso2-apk-adapter-deployment" has issues. After some time it crashes. Here is the related container error logging:
$ kubectl logs -f -n apk apk-test-wso2-apk-adapter-deployment-7d8ffd74b5-w84hv
...
2024-02-05T15:08:44Z INFO Observed a panic in reconciler: runtime error: invalid memory address or nil pointer dereference {"controller": "GatewayController", "object": {"name":"default","namespace":"apk"}, "namespace": "apk", "name": "default", "reconcileID": "2a59458c-68f5-49bf-abc2-3abcef07cd5f"}
2024-02-05 15:08:44 INFO [api_controller.go:838] - [dp.(*APIReconciler).getAPIForHTTPRoute] [-] Adding reconcile request for API: apk/apk-test-wso2-apk-wso2-apk-config-deployer-api with API UUID: 9666e8a6-db81-4a21-b082-37d50c368863 []
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x13fc52c]
goroutine 370 [running]:
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile.func1()
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:115 +0x1b0
panic({0x162a880, 0x2c81160})
/opt/hostedtoolcache/go/1.19.12/x64/src/runtime/panic.go:884 +0x20c
github.com/wso2/apk/adapter/internal/operator/controllers/dp.(*GatewayReconciler).resolveGatewayState(_, {_, _}, {{{0x1465eb1, 0x7}, {0x40006b4ff0, 0x21}}, {{0x4000a40380, 0x7}, {0x0, ...}, ...}, ...})
/home/runner/work/apk/apk/apk-repo/adapter/internal/operator/controllers/dp/gateway_controller.go:226 +0x4dc
github.com/wso2/apk/adapter/internal/operator/controllers/dp.(*GatewayReconciler).Reconcile(0x40004aa440, {0x1c57188, 0x4000435200}, {{{0x4000a40387?, 0x4000435200?}, {0x4000a40380?, 0xffffbe4c1101?}}})
/home/runner/work/apk/apk/apk-repo/adapter/internal/operator/controllers/dp/gateway_controller.go:178 +0x308
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0x1c57188?, {0x1c57188?, 0x4000435200?}, {{{0x4000a40387?, 0x157ca60?}, {0x4000a40380?, 0x400097e680?}}})
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:118 +0x8c
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0x400041ee60, {0x1c570e0, 0x40005975c0}, {0x16f7120?, 0x400079a320?})
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:314 +0x2f0
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0x400041ee60, {0x1c570e0, 0x40005975c0})
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:265 +0x1b0
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2()
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:226 +0x74
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.0/pkg/internal/controller/controller.go:222 +0x294
Latest status update
I've managed to do a Helm install with a stable runtime using the chart provided in wso2apk
. See values.yaml
. (I'm using -arm64
images because I'm running on a Macbook)
# Copyright (c) 2022, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
wso2:
subscription:
imagePullSecrets: "apk-registry-secret"
apk:
cp:
enabled: true
webhooks:
validatingwebhookconfigurations : true
mutatingwebhookconfigurations : true
auth:
enabled: true
enableServiceAccountCreation: true
enableClusterRoleCreation: true
serviceAccountName: wso2apk-platform
roleName: wso2apk-role
listener:
hostname: "api.am.wso2.com"
port: 9095
# secretName: "idp-tls"
idp:
issuer: "https://idp.am.wso2.com/token"
usernameClaim: "sub"
organizationClaim: "organization"
groupsClaim: "groups"
consumerKeyClaim: "clientId"
# organizationResolver: "controlPlane" # controlplane,none
tls: {}
# secretName: "wso2apk-idp-certificates"
# fileName: "idp.crt"
signing: {}
# jwksEndpoint: "https://idp.am.wso2.com:9095/oauth2/jwks"
# secretName: "wso2apk-idp-signing"
# fileName: "idp.crt"
dp:
enabled: true
environment: {}
gateway:
listener:
hostname: "gw.wso2.com"
# secretName: "idp-tls"
httpListener:
enabled: true
autoscaling:
enabled: false
partitionServer:
enabled: false
# host: "https://control-plane-wso2-apk-partition-server.control-plane.svc.cluster.local"
# serviceBasePath: "/api/publisher/v1"
# partitionName: "default"
# hostnameVerificationEnable: true
# tls:
# secretName: "partition-server-cert"
# fileName: "certificate.crt"
# headers:
# - name: "apiKey"
# value: "123-456-789"
configdeployer:
enabled: false
deployment:
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1024Mi"
cpu: "500m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
image: docker.wso2.com/config-deployer-service:1.0.0-arm64
configs:
tls: {}
# secretName: "my-secret"
# certKeyFilename: "tls.key"
# certFilename: "certchain.crt"
adapter:
deployment:
image: docker.wso2.com/adapter:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "200m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-adapter:1.1.0-m2
security:
sslHostname: "adapter"
# logging:
# level: "INFO" # LogLevels can be "DEBG", "FATL", "ERRO", "WARN", "INFO", "PANC"
# logFormat: "TEXT" # Values can be "JSON", "TEXT"
configs:
apiNamespaces:
- "apk"
tls: {}
# secretName: "adapter-cert"
# certKeyFilename: ""
# certFilename: ""
commonController:
deployment:
image: docker.wso2.com/common-controller:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "200m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-common-controller:1.1.0-m2
security:
sslHostname: "commoncontroller"
configs:
apiNamespaces:
- "apk"
ratelimiter:
enabled: true
deployment:
image: docker.wso2.com/ratelimiter:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-ratelimiter:1.1.0-m2
security:
sslHostname: "ratelimiter"
configs:
tls: {}
# secretName: "ratelimiter-cert"
# certKeyFilename: ""
# certFilename: ""
# certCAFilename: ""
gatewayRuntime:
tracing:
enabled: false
configProperties:
tls:
enabled: false
analytics:
enabled: false
service:
annotations: {}
deployment:
replicas: 1
router:
image: docker.wso2.com/router:1.0.0-arm64
resources:
requests:
memory: "128Mi"
cpu: "200m"
limits:
memory: "1028Mi"
cpu: "1000m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
imagePullPolicy: Always
# image: wso2/apk-router:1.1.0-m2
configs:
tls: {}
# secretName: "router-cert"
# certKeyFilename: ""
# certFilename: ""
logging:
wireLogs:
enable: true
accessLogs:
enable: true
# env:
# TRAILING_ARGS: "--log-level trace"
enforcer:
image: docker.wso2.com/enforcer:1.0.0-arm64
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1028Mi"
cpu: "1000m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
imagePullPolicy: Always
# image: wso2/apk-enforcer:1.1.0-m2
security:
sslHostname: "enforcer"
# logging:
# level: DEBUG
configs:
tls: {}
# secretName: "router-cert"
# certKeyFilename: ""
# certFilename: ""
redis:
enabled: true
type: ""
tls: {}
fullnameOverride: redis
primary:
service:
ports:
redis: 6379
master:
podSecurityContext:
enabled: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsUser: null
# auth:
# enabled: false
image:
debug: true
idp:
enabled: false
listener:
hostname: "idp.am.wso2.com"
# secretName: "idp-tls"
database:
driver: "org.postgresql.Driver"
url: "jdbc:postgresql://wso2apk-db-service:5432/WSO2AM_DB"
host: "wso2apk-db-service"
port: 5432
databaseName: "WSO2AM_DB"
username: "wso2carbon"
secretName: "apk-db-secret"
secretKey: "DB_PASSWORD"
validationQuery: "SELECT 1"
validationTimeout: 250
idpds:
configs:
issuer: "https://idp.am.wso2.com/token"
keyId: "gateway_certificate_alias"
hostname: "idp.am.wso2.com"
loginPageURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login"
loginErrorPageUrl: "https://idp.am.wso2.com:9095/authenticationEndpoint/error"
loginCallBackURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login-callback"
deployment:
image: docker.wso2.com/idp-domain-service:1.0.0-arm64
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1024Mi"
cpu: "500m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-idp-domain-service:1.1.0-m2
idpui:
deployment:
image: docker.wso2.com/idp-ui:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "100m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-idp-ui:1.1.0-m2
configs:
idpLoginUrl: "https://idp.am.wso2.com:9095/commonauth/login"
idpAuthCallBackUrl: "https://idp.am.wso2.com:9095/oauth2/auth-callback"
gatewaySystem:
enabled: true
enableServiceAccountCreation: true
enableClusterRoleCreation: true
serviceAccountName: gateway-api-admission
certmanager:
enabled: true
enableClusterIssuer: true
enableRootCa: true
rootCaSecretName: "apk-root-certificate"
postgresql:
enabled: true
fullnameOverride: "wso2apk-db-service"
auth:
database: WSO2AM_DB
postgresPassword: wso2carbon
username: wso2carbon
password: wso2carbon
primary:
extendedConfiguration: |
max_connections = 400
initdb:
scriptsConfigMap: postgres-initdb-scripts-configmap
user: wso2carbon
password: wso2carbon
service:
ports:
postgresql: 5432
podSecurityContext:
enabled: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsUser: null
image:
debug: true
This is what I've done:
$ helm install apk-test wso2apk/apk-helm -n apk -f values_local.yaml
$ kubectl get pod -n apk
NAME READY STATUS RESTARTS AGE
apk-test-cert-manager-664699bdf-9shw2 1/1 Running 0 9m8s
apk-test-cert-manager-cainjector-7bb9f954c8-424x6 1/1 Running 0 9m8s
apk-test-cert-manager-webhook-7979cf7f58-jbnxq 1/1 Running 0 9m8s
apk-test-wso2-apk-adapter-deployment-8496d95f6-j68qp 1/1 Running 0 9m8s
apk-test-wso2-apk-common-controller-deployment-5f7f976855-n4vsh 1/1 Running 0 9m8s
apk-test-wso2-apk-gateway-runtime-deployment-bf7546568-ghmpg 2/2 Running 0 9m8s
apk-test-wso2-apk-ratelimiter-deployment-798db79745-fgck4 1/1 Running 2 (8m50s ago) 9m8s
gateway-api-admission-lznz9 0/1 Completed 0 9m8s
gateway-api-admission-patch-sjw47 0/1 Completed 0 9m8s
gateway-api-admission-server-7d6cb8df88-96sdl 1/1 Running 0 9m8s
redis-master-0 1/1 Running 0 9m8s
wso2apk-db-service-0 1/1 Running 0 9m8s
However, I had to disable all components that are using API definitions, because they are missing the definitionPath
in the API.spec.
Here's an example of an error message from the Kube API server when you're trying to provision an API provided in the chart in the current state:
install.go:206: [debug] WARNING: This chart or one of its subcharts contains CRDs. Rendering may fail or contain inaccuracies.
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(API.spec): missing required field "definitionPath" in com.wso2.dp.v1alpha1.API.spec
helm.go:88: [debug] error validating "": error validating data: ValidationError(API.spec): missing required field "definitionPath" in com.wso2.dp.v1alpha1.API.spec
The fix would be to add the definitionPath
fields in the spec with the correct values.
Follow up status update
I've realised I was still using the CRD objects from the current main
branch from here. After manually deleting all WSO2 APK CRD objects, and re-installing the Helm chart I also have all the product API's successfully provisioned:
values.yaml used
# Copyright (c) 2022, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
wso2:
subscription:
imagePullSecrets: "apk-registry-secret"
apk:
cp:
enabled: true
webhooks:
validatingwebhookconfigurations : true
mutatingwebhookconfigurations : true
auth:
enabled: true
enableServiceAccountCreation: true
enableClusterRoleCreation: true
serviceAccountName: wso2apk-platform
roleName: wso2apk-role
listener:
hostname: "api.am.wso2.com"
port: 9095
# secretName: "idp-tls"
idp:
issuer: "https://idp.am.wso2.com/token"
usernameClaim: "sub"
organizationClaim: "organization"
groupsClaim: "groups"
consumerKeyClaim: "clientId"
# organizationResolver: "controlPlane" # controlplane,none
tls: {}
# secretName: "wso2apk-idp-certificates"
# fileName: "idp.crt"
signing: {}
# jwksEndpoint: "https://idp.am.wso2.com:9095/oauth2/jwks"
# secretName: "wso2apk-idp-signing"
# fileName: "idp.crt"
dp:
enabled: true
environment: {}
gateway:
listener:
hostname: "gw.wso2.com"
# secretName: "idp-tls"
httpListener:
enabled: true
autoscaling:
enabled: false
partitionServer:
enabled: false
# host: "https://control-plane-wso2-apk-partition-server.control-plane.svc.cluster.local"
# serviceBasePath: "/api/publisher/v1"
# partitionName: "default"
# hostnameVerificationEnable: true
# tls:
# secretName: "partition-server-cert"
# fileName: "certificate.crt"
# headers:
# - name: "apiKey"
# value: "123-456-789"
configdeployer:
enabled: true
deployment:
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1024Mi"
cpu: "500m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
image: docker.wso2.com/config-deployer-service:1.0.0-arm64
configs:
tls: {}
# secretName: "my-secret"
# certKeyFilename: "tls.key"
# certFilename: "certchain.crt"
adapter:
deployment:
image: docker.wso2.com/adapter:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "200m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-adapter:1.1.0-m2
security:
sslHostname: "adapter"
# logging:
# level: "INFO" # LogLevels can be "DEBG", "FATL", "ERRO", "WARN", "INFO", "PANC"
# logFormat: "TEXT" # Values can be "JSON", "TEXT"
configs:
apiNamespaces:
- "apk"
tls: {}
# secretName: "adapter-cert"
# certKeyFilename: ""
# certFilename: ""
commonController:
deployment:
image: docker.wso2.com/common-controller:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "200m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-common-controller:1.1.0-m2
security:
sslHostname: "commoncontroller"
configs:
apiNamespaces:
- "apk"
ratelimiter:
enabled: true
deployment:
image: docker.wso2.com/ratelimiter:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-ratelimiter:1.1.0-m2
security:
sslHostname: "ratelimiter"
configs:
tls: {}
# secretName: "ratelimiter-cert"
# certKeyFilename: ""
# certFilename: ""
# certCAFilename: ""
gatewayRuntime:
tracing:
enabled: false
configProperties:
tls:
enabled: false
analytics:
enabled: false
service:
annotations: {}
deployment:
replicas: 1
router:
image: docker.wso2.com/router:1.0.0-arm64
resources:
requests:
memory: "128Mi"
cpu: "200m"
limits:
memory: "1028Mi"
cpu: "1000m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
imagePullPolicy: Always
# image: wso2/apk-router:1.1.0-m2
configs:
tls: {}
# secretName: "router-cert"
# certKeyFilename: ""
# certFilename: ""
logging:
wireLogs:
enable: true
accessLogs:
enable: true
# env:
# TRAILING_ARGS: "--log-level trace"
enforcer:
image: docker.wso2.com/enforcer:1.0.0-arm64
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1028Mi"
cpu: "1000m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
imagePullPolicy: Always
# image: wso2/apk-enforcer:1.1.0-m2
security:
sslHostname: "enforcer"
# logging:
# level: DEBUG
configs:
tls: {}
# secretName: "router-cert"
# certKeyFilename: ""
# certFilename: ""
redis:
enabled: true
type: ""
tls: {}
fullnameOverride: redis
primary:
service:
ports:
redis: 6379
master:
podSecurityContext:
enabled: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsUser: null
# auth:
# enabled: false
image:
debug: true
idp:
enabled: true
listener:
hostname: "idp.am.wso2.com"
# secretName: "idp-tls"
database:
driver: "org.postgresql.Driver"
url: "jdbc:postgresql://wso2apk-db-service:5432/WSO2AM_DB"
host: "wso2apk-db-service"
port: 5432
databaseName: "WSO2AM_DB"
username: "wso2carbon"
secretName: "apk-db-secret"
secretKey: "DB_PASSWORD"
validationQuery: "SELECT 1"
validationTimeout: 250
idpds:
configs:
issuer: "https://idp.am.wso2.com/token"
keyId: "gateway_certificate_alias"
hostname: "idp.am.wso2.com"
loginPageURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login"
loginErrorPageUrl: "https://idp.am.wso2.com:9095/authenticationEndpoint/error"
loginCallBackURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login-callback"
deployment:
image: docker.wso2.com/idp-domain-service:1.0.0-arm64
resources:
requests:
memory: "512Mi"
cpu: "200m"
limits:
memory: "1024Mi"
cpu: "500m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-idp-domain-service:1.1.0-m2
idpui:
deployment:
image: docker.wso2.com/idp-ui:1.0.0-arm64
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "100m"
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
livenessProbe:
initialDelaySeconds: 20
periodSeconds: 20
failureThreshold: 5
strategy: RollingUpdate
replicas: 1
imagePullPolicy: Always
# image: wso2/apk-idp-ui:1.1.0-m2
configs:
idpLoginUrl: "https://idp.am.wso2.com:9095/commonauth/login"
idpAuthCallBackUrl: "https://idp.am.wso2.com:9095/oauth2/auth-callback"
gatewaySystem:
enabled: true
enableServiceAccountCreation: true
enableClusterRoleCreation: true
serviceAccountName: gateway-api-admission
certmanager:
enabled: true
enableClusterIssuer: true
enableRootCa: true
rootCaSecretName: "apk-root-certificate"
postgresql:
enabled: true
fullnameOverride: "wso2apk-db-service"
auth:
database: WSO2AM_DB
postgresPassword: wso2carbon
username: wso2carbon
password: wso2carbon
primary:
extendedConfiguration: |
max_connections = 400
initdb:
scriptsConfigMap: postgres-initdb-scripts-configmap
user: wso2carbon
password: wso2carbon
service:
ports:
postgresql: 5432
podSecurityContext:
enabled: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsUser: null
image:
debug: true
Helm install actions and technical runtime check
$ helm install apk-test wso2apk/apk-helm -n apk -f values_local.yaml
NAME: apk-test
LAST DEPLOYED: Tue Feb 6 11:22:09 2024
NAMESPACE: apk
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Welcome to the WSO2 API Platform for Kubernetes!
Congratulations. You've successfully deployed WSO2 APK using Helm, you'll need to monitor and manage the deployment to ensure everything is running smoothly.
- Monitor Pods:
Check the status of the pods to ensure they are up and running:
---
kubectl get pods
---
- Monitor Services:
Verify that the services are running and find their external IPs to access the APIs:
---
kubectl get services
---
For more detailed information, troubleshooting, and advanced configurations, we encourage you to explore the official WSO2 documentation.
- APK Documentation: [https://apk.docs.wso2.com/en/latest/get-started/quick-start-guide/]
This is just the beginning of your APK journey. Feel free to customize and tailor your deployment to match your organization's specific needs.
For any questions or assistance, don't hesitate to reach out to our discord channel.
Happy API management with WSO2 APK!
$ kubectl get pod -n apk
NAME READY STATUS RESTARTS AGE
apk-test-cert-manager-664699bdf-zcb6q 1/1 Running 0 98s
apk-test-cert-manager-cainjector-7bb9f954c8-l894r 1/1 Running 0 98s
apk-test-cert-manager-webhook-7979cf7f58-h56nc 1/1 Running 0 98s
apk-test-wso2-apk-adapter-deployment-8496d95f6-zxbjs 1/1 Running 0 98s
apk-test-wso2-apk-common-controller-deployment-5f7f976855-mxb45 1/1 Running 0 98s
apk-test-wso2-apk-config-ds-deployment-76bccc5b57-mlmhm 1/1 Running 0 98s
apk-test-wso2-apk-gateway-runtime-deployment-bf7546568-86929 1/2 Running 0 98s
apk-test-wso2-apk-idpds-deployment-79b5544b75-k8s6w 1/1 Running 0 98s
apk-test-wso2-apk-idpui-deployment-9f89c95c6-vd8lk 1/1 Running 0 98s
apk-test-wso2-apk-ratelimiter-deployment-798db79745-tq5w7 1/1 Running 1 (81s ago) 98s
gateway-api-admission-patch-f72nc 0/1 Completed 0 98s
gateway-api-admission-server-7d6cb8df88-m72n8 1/1 Running 0 98s
gateway-api-admission-tvw4n 0/1 Completed 0 98s
redis-master-0 1/1 Running 0 98s
wso2apk-db-service-0 1/1 Running 0 98s
$ kubectl get api -n apk
NAME API NAME VERSION BASEPATH ORGANIZATION AGE
apk-test-wso2-apk-authentication-endpoint-ds-api authenticationEndpoint-domain-service 1.0.0 /authenticationEndpoint/1.0.0 apk-system 108s
apk-test-wso2-apk-commonoauth-api commonoauth-api 1.0.0 /commonoauth/1.0.0 apk-system 108s
apk-test-wso2-apk-dcr-api dcr-api 1.0.0 /dcr/1.0.0 apk-system 108s
apk-test-wso2-apk-jwks-endpoint-ds-api jwks-domain-service 1.0.0 /.wellknown/jwks/1.0.0 apk-system 108s
apk-test-wso2-apk-oauth-api oauth-api 1.0.0 /oauth2/1.0.0 apk-system 108s
apk-test-wso2-apk-wso2-apk-config-deployer-api WSO2 APK Config Deployer API 1.0.0 /api/deployer/1.0.0 apk-system 108s
apk-test-wso2-apk-wso2-apk-config-generator-api WSO2 APK Config Generator API 1.0.0 /api/configurator/1.0.0 apk-system 108s
The only issue left in this case is that it is not possible to do a Helm install without a properly formatted values.yaml
file. The default values.yaml
provided with the chart is insufficient to be able to do a default local setup.
Latest update
I've removed all resources, and did a Helm uninstall, removed all Helm repos and started from scratch again.
Applying the Helm registry https://helm.wso2.com.
Using no values.yml
I'm getting the same errors from my initial post. Followed by removing all resources and CRD's again.
Applying my custom values yaml I receive again an API.spec error:
$ helm install apk-test wso2apk/apk-helm -f values_local_arm64.yaml -n apk
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(API.spec): missing required field "**definitionPath**" in com.wso2.dp.v1alpha1.API.spec
Latest Update
To make the Helm install work I had to do the following. After first time installation failure I've edited the apis
CRD like this:
$ kubectl edit crd apis.dp.wso2.com
By adding nullable: true
like this under
definitionPath:
default: /api-definition
description: DefinitionPath contains the path to expose the API definition.
minLength: 1
nullable: true
type: string
and reinstalling with Helm:
09:51 $ helm install apk-test wso2/apk-helm -f values_local_arm64.yaml -n apk
NAME: apk-test
LAST DEPLOYED: Fri Feb 9 09:51:52 2024
NAMESPACE: apk
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Welcome to the WSO2 API Platform for Kubernetes!
Congratulations. You've successfully deployed WSO2 APK using Helm, you'll need to monitor and manage the deployment to ensure everything is running smoothly.
- Monitor Pods:
Check the status of the pods to ensure they are up and running:
---
kubectl get pods
---
- Monitor Services:
Verify that the services are running and find their external IPs to access the APIs:
---
kubectl get services
---
For more detailed information, troubleshooting, and advanced configurations, we encourage you to explore the official WSO2 documentation.
- APK Documentation: [https://apk.docs.wso2.com/en/latest/get-started/quick-start-guide/]
This is just the beginning of your APK journey. Feel free to customize and tailor your deployment to match your organization's specific needs.
For any questions or assistance, don't hesitate to reach out to our discord channel.
Happy API management with WSO2 APK!
✔ ~/Documents/dev/yenlo_projects/apk/helm-charts [main ↓·11|✚ 25…26]
09:52 $ kubectl get pod -n apk
NAME READY STATUS RESTARTS AGE
apk-test-cert-manager-664699bdf-zsb8s 1/1 Running 0 79s
apk-test-cert-manager-cainjector-7bb9f954c8-jl9bv 1/1 Running 0 79s
apk-test-cert-manager-webhook-7979cf7f58-m8w29 1/1 Running 0 79s
apk-test-wso2-apk-adapter-deployment-8496d95f6-d57jl 1/1 Running 0 79s
apk-test-wso2-apk-common-controller-deployment-5f7f976855-9nhfw 1/1 Running 0 79s
apk-test-wso2-apk-config-ds-deployment-76bccc5b57-wsm7g 1/1 Running 0 79s
apk-test-wso2-apk-gateway-runtime-deployment-bf7546568-7g5th 0/2 Running 0 79s
apk-test-wso2-apk-idpds-deployment-79b5544b75-h6rhz 1/1 Running 0 78s
apk-test-wso2-apk-idpui-deployment-9f89c95c6-5z6sm 1/1 Running 0 79s
apk-test-wso2-apk-ratelimiter-deployment-798db79745-7pkq6 1/1 Running 1 (58s ago) 78s
gateway-api-admission-g89n6 0/1 Completed 0 79s
gateway-api-admission-patch-5vsg8 0/1 Completed 0 79s
gateway-api-admission-server-7d6cb8df88-jkc8f 1/1 Running 0 79s
redis-master-0 1/1 Running 0 79s
wso2apk-db-service-0 1/1 Running 0 79s
✔ ~/Documents/dev/yenlo_projects/apk/helm-charts [main ↓·11|✚ 25…26]
09:53 $ kubectl get pod -n apk
NAME READY STATUS RESTARTS AGE
apk-test-cert-manager-664699bdf-zsb8s 1/1 Running 0 85s
apk-test-cert-manager-cainjector-7bb9f954c8-jl9bv 1/1 Running 0 85s
apk-test-cert-manager-webhook-7979cf7f58-m8w29 1/1 Running 0 85s
apk-test-wso2-apk-adapter-deployment-8496d95f6-d57jl 1/1 Running 0 85s
apk-test-wso2-apk-common-controller-deployment-5f7f976855-9nhfw 1/1 Running 0 85s
apk-test-wso2-apk-config-ds-deployment-76bccc5b57-wsm7g 1/1 Running 0 85s
apk-test-wso2-apk-gateway-runtime-deployment-bf7546568-7g5th 2/2 Running 0 85s
apk-test-wso2-apk-idpds-deployment-79b5544b75-h6rhz 1/1 Running 0 84s
apk-test-wso2-apk-idpui-deployment-9f89c95c6-5z6sm 1/1 Running 0 85s
apk-test-wso2-apk-ratelimiter-deployment-798db79745-7pkq6 1/1 Running 1 (64s ago) 84s
gateway-api-admission-g89n6 0/1 Completed 0 85s
gateway-api-admission-patch-5vsg8 0/1 Completed 0 85s
gateway-api-admission-server-7d6cb8df88-jkc8f 1/1 Running 0 85s
redis-master-0 1/1 Running 0 85s
wso2apk-db-service-0 1/1 Running 0 85s
Hi, Thank you for for reporting this issue and for the detailed steps provided. We are currently checking on this, and will send a fix soon.
Fixed with PR https://github.com/wso2/apk/pull/2006
Description: Following the installation guideline to provision APK Helm chart. However Helm install fails due to missing values in default "values.yaml". Beginning of January it did work. So I'm assuming someone introduced a breaking change in the chart.
Affected Product Version: NAME: wso2apk/apk-helm
CHART VERSION: 1.0.0
APP VERSION: 1.16.0
Steps to reproduce:
$ helm repo add wso2 https://helm.wso2.com
$ helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "akhq" chart repository ...Successfully got an update from the "wso2apk" chart repository ...Successfully got an update from the "wso2" chart repository ...Successfully got an update from the "bitnami" chart repository Update Complete. ⎈Happy Helming!⎈
$ helm search repo apk NAME CHART VERSION APP VERSION DESCRIPTION
wso2/apk-helm 1.0.0 1.16.0 A Helm chart for APK components
wso2apk/apk-helm 1.0.0 1.16.0 A Helm chart for APK components
wso2apk/cert-manager v1.10.1 v1.10.1 A Helm chart for cert-manager
wso2apk/postgresql 11.9.6 14.5.0 PostgreSQL (Postgres) is an open source object-... wso2apk/redis 17.8.0 7.0.8 Redis(R) is an open source, advanced key-value ...
$ kubectl create ns wso2demo
$ kubectl get ns NAME STATUS AGE default Active 4h59m kube-node-lease Active 4h59m kube-public Active 4h59m kube-system Active 4h59m wso2demo Active 157m
$ helm install apkdemo wso2apk/apk-helm -n wso2demo Error: INSTALLATION FAILED: template: apk-helm/templates/data-plane/gateway-components/gateway-runtime/idp-jwt-issuer.yaml:1:44: executing "apk-helm/templates/data-plane/gateway-components/gateway-runtime/idp-jwt-issuer.yaml" at <.Values.wso2.apk.cp.enabled>: nil pointer evaluating interface {}.enabled