diff --git a/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-conf.yaml b/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-conf.yaml index 2ca066f3..b084e28a 100644 --- a/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-conf.yaml +++ b/advanced/am-pattern-3/templates/am/control-plane/instance-1/wso2am-pattern-3-am-control-plane-conf.yaml @@ -34,14 +34,14 @@ data: #discard_empty_caches = false server_role = "control-plane" + [user_store] + type = "database_unique_id" + [super_admin] username = "admin" password = "admin" create_admin_account = true - [user_store] - type = "database_unique_id" - [database.apim_db] type = "{{ .Values.wso2.deployment.am.cp.db.type }}" url = "{{ .Values.wso2.deployment.am.cp.db.apim.url }}" @@ -63,6 +63,11 @@ data: alias = "wso2carbon" key_password = "wso2carbon" + [truststore] + file_name = "client-truststore.jks" + type = "JKS" + password = "wso2carbon" + #[keystore.primary] #file_name = "wso2carbon.jks" #type = "JKS" @@ -84,16 +89,55 @@ data: display_in_api_console = true description = "This is a hybrid gateway that handles both production and sandbox token traffic." show_as_token_endpoint_url = true - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service:${mgt.transport.https.port}${carbon.context}services/" + service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service:${mgt.transport.https.port}/services/" username= "${admin.username}" password= "${admin.password}" - ws_endpoint = "ws://localhost:9099" - wss_endpoint = "wss://localhost:8099" + ws_endpoint = "ws://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" + wss_endpoint = "wss://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" http_endpoint = "http://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" https_endpoint = "https://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" websub_event_receiver_http_endpoint = "http://{{ .Values.wso2.deployment.am.websub.ingress.hostname }}" websub_event_receiver_https_endpoint = "https://{{ .Values.wso2.deployment.am.websub.ingress.hostname }}" + [apim.devportal] + url = "https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal" + #enable_application_sharing = false + #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl + #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api + #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" + #display_multiple_versions = false + #display_deprecated_apis = false + #enable_comments = true + #enable_ratings = true + #enable_forum = true + #enable_anonymous_mode=true + #enable_cross_tenant_subscriptions = true + #default_reserved_username = "apim_reserved_user" + + [transport.http] + properties.port = 9763 + properties.proxyPort = 80 + + [transport.https] + properties.port = 9443 + properties.proxyPort = 443 + + [apim.event_hub] + enable = true + username= "$ref{super_admin.username}" + password= "$ref{super_admin.password}" + service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" + event_listening_endpoints = ["tcp://localhost:5672"] + event_duplicate_url = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:5672"] + + [[apim.event_hub.publish.url_group]] + urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9611"] + auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9711"] + + [[apim.event_hub.publish.url_group]] + urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9611"] + auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9711"] + #[apim.cache.gateway_token] #enable = true #expiry_time = "900s" @@ -139,51 +183,12 @@ data: #enable_token_encryption = false #enable_token_hashing = false - [apim.devportal] - url = "https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal" - #enable_application_sharing = false - #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl - #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api - #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" - #display_multiple_versions = false - #display_deprecated_apis = false - #enable_comments = true - #enable_ratings = true - #enable_forum = true - #enable_anonymous_mode=true - #enable_cross_tenant_subscriptions = true - #default_reserved_username = "apim_reserved_user" - [apim.cors] allow_origins = "*" allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] allow_credentials = false - [apim.throttling] - event_duplicate_url = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:5672"] - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - #enable_data_publishing = true - #enable_policy_deploy = true - #enable_blacklist_condition = true - #enable_persistence = true - throttle_decision_endpoints = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:5672","tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:5672"] - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9711"] - type = "loadbalance" - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9711"] - type = "loadbalance" - - #[[apim.throttling.url_group]] - #traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] - #traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] - #type = "failover" - #[apim.workflow] #enable = false #service_url = "https://localhost:9445/bpmn" @@ -240,23 +245,13 @@ data: type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" name = "org.wso2.is.notification.ApimOauthEventInterceptor" order = 1 + [event_listener.properties] notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" username = "${admin.username}" password = "${admin.password}" 'header.X-WSO2-KEY-MANAGER' = "default" - [transport.https.properties] - proxyPort = 443 - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9711"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9711"] - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} [database.local] url = "jdbc:h2:/home/wso2carbon/solr/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" diff --git a/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-conf.yaml b/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-conf.yaml index c271e743..7a2a65c2 100644 --- a/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-conf.yaml +++ b/advanced/am-pattern-3/templates/am/control-plane/instance-2/wso2am-pattern-3-am-control-plane-conf.yaml @@ -35,14 +35,14 @@ data: #discard_empty_caches = false server_role = "control-plane" + [user_store] + type = "database_unique_id" + [super_admin] username = "admin" password = "admin" create_admin_account = true - [user_store] - type = "database_unique_id" - [database.apim_db] type = "{{ .Values.wso2.deployment.am.cp.db.type }}" url = "{{ .Values.wso2.deployment.am.cp.db.apim.url }}" @@ -64,6 +64,11 @@ data: alias = "wso2carbon" key_password = "wso2carbon" + [truststore] + file_name = "client-truststore.jks" + type = "JKS" + password = "wso2carbon" + #[keystore.primary] #file_name = "wso2carbon.jks" #type = "JKS" @@ -85,16 +90,55 @@ data: display_in_api_console = true description = "This is a hybrid gateway that handles both production and sandbox token traffic." show_as_token_endpoint_url = true - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service:${mgt.transport.https.port}${carbon.context}services/" + service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service:${mgt.transport.https.port}/services/" username= "${admin.username}" password= "${admin.password}" - ws_endpoint = "ws://localhost:9099" - wss_endpoint = "wss://localhost:8099" + ws_endpoint = "ws://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" + wss_endpoint = "wss://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" http_endpoint = "http://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" https_endpoint = "https://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" websub_event_receiver_http_endpoint = "http://{{ .Values.wso2.deployment.am.websub.ingress.hostname }}" websub_event_receiver_https_endpoint = "https://{{ .Values.wso2.deployment.am.websub.ingress.hostname }}" + [apim.devportal] + url = "https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal" + #enable_application_sharing = false + #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl + #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api + #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" + #display_multiple_versions = false + #display_deprecated_apis = false + #enable_comments = true + #enable_ratings = true + #enable_forum = true + #enable_anonymous_mode=true + #enable_cross_tenant_subscriptions = true + #default_reserved_username = "apim_reserved_user" + + [transport.http] + properties.port = 9763 + properties.proxyPort = 80 + + [transport.https] + properties.port = 9443 + properties.proxyPort = 443 + + [apim.event_hub] + enable = true + username= "$ref{super_admin.username}" + password= "$ref{super_admin.password}" + service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" + event_listening_endpoints = ["tcp://localhost:5672"] + event_duplicate_url = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:5672"] + + [[apim.event_hub.publish.url_group]] + urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9611"] + auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9711"] + + [[apim.event_hub.publish.url_group]] + urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9611"] + auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9711"] + #[apim.cache.gateway_token] #enable = true #expiry_time = "900s" @@ -140,51 +184,12 @@ data: #enable_token_encryption = false #enable_token_hashing = false - [apim.devportal] - url = "https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal" - #enable_application_sharing = false - #if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl - #application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api - #application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl" - #display_multiple_versions = false - #display_deprecated_apis = false - #enable_comments = true - #enable_ratings = true - #enable_forum = true - #enable_anonymous_mode=true - #enable_cross_tenant_subscriptions = true - #default_reserved_username = "apim_reserved_user" - [apim.cors] allow_origins = "*" allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] allow_credentials = false - [apim.throttling] - event_duplicate_url = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:5672"] - service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - #enable_data_publishing = true - #enable_policy_deploy = true - #enable_blacklist_condition = true - #enable_persistence = true - throttle_decision_endpoints = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:5672","tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:5672"] - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9711"] - type = "loadbalance" - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9711"] - type = "loadbalance" - - #[[apim.throttling.url_group]] - #traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] - #traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] - #type = "failover" - #[apim.workflow] #enable = false #service_url = "https://localhost:9445/bpmn" @@ -241,23 +246,13 @@ data: type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" name = "org.wso2.is.notification.ApimOauthEventInterceptor" order = 1 + [event_listener.properties] notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" username = "${admin.username}" password = "${admin.password}" 'header.X-WSO2-KEY-MANAGER' = "default" - [transport.https.properties] - proxyPort = 443 - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-1-service:9711"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-2-service:9711"] - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} [database.local] url = "jdbc:h2:/home/wso2carbon/solr/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" diff --git a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-conf.yaml b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-conf.yaml index 4371225f..55f4f880 100644 --- a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-conf.yaml +++ b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-conf.yaml @@ -58,6 +58,14 @@ data: type = "JKS" password = "wso2carbon" + [transport.http] + properties.port = 9763 + properties.proxyPort = 80 + + [transport.https] + properties.port = 9443 + properties.proxyPort = 443 + # key manager implementation [apim.key_manager] service_url = "https://{{ template "am-pattern-3.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" @@ -133,10 +141,6 @@ data: allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction"] allow_credentials = false - [transport.https.properties] - port = 9443 - proxyPort = 443 - [transport.passthru_https.sender.parameters] HostnameVerifier = "AllowAll" diff --git a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-service.yaml b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-service.yaml index 5b86382b..fc31b7c4 100644 --- a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-service.yaml +++ b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-gateway-service.yaml @@ -41,3 +41,9 @@ spec: - name: websub-https protocol: TCP port: 8021 + - name: websocket-http + protocol: TCP + port: 9099 + - name: websocket-https + protocol: TCP + port: 8099 diff --git a/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-websocket-ingress.yaml b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-websocket-ingress.yaml new file mode 100644 index 00000000..bf95ddc0 --- /dev/null +++ b/advanced/am-pattern-3/templates/am/gateway/wso2am-pattern-3-am-websocket-ingress.yaml @@ -0,0 +1,44 @@ +# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.wso2.deployment.am.websocket.ingress.enabled }} + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "am-pattern-3.resource.prefix" . }}-am-websocket-ingress + namespace : {{ .Release.Namespace }} +{{- if .Values.wso2.deployment.am.websocket.ingress.annotations }} + annotations: +{{ toYaml .Values.wso2.deployment.am.websocket.ingress.annotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.wso2.deployment.am.websocket.ingress.className }} + ingressClassName: {{ .Values.wso2.deployment.am.websocket.ingress.className }} + {{- end }} + tls: + - hosts: + - {{ .Values.wso2.deployment.am.websocket.ingress.hostname }} + rules: + - host: {{ .Values.wso2.deployment.am.websocket.ingress.hostname }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ template "am-pattern-3.resource.prefix" . }}-am-gateway-service + port: + number: 8099 +{{- end -}} diff --git a/advanced/am-pattern-3/values.yaml b/advanced/am-pattern-3/values.yaml index 3095c80e..593900ba 100644 --- a/advanced/am-pattern-3/values.yaml +++ b/advanced/am-pattern-3/values.yaml @@ -117,6 +117,19 @@ wso2: annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # API Manager's WebSocket specific configurations + websocket: + # Configure Ingress + ingress: + enabled: true + # Name of the IngressClass to use + className: "" + # Hostname for Gateway (WebSocket) service + hostname: "websocket.am.wso2.com" + # Annotations for the API Manager Gateway (WebSocket) service Ingress + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # API Manager's Gateway specific configurations gateway: diff --git a/advanced/am-pattern-4/templates/am/control-plane/instance-1/wso2am-pattern-4-am-control-plane-conf.yaml b/advanced/am-pattern-4/templates/am/control-plane/instance-1/wso2am-pattern-4-am-control-plane-conf.yaml index 0361bc22..20bdf7e1 100644 --- a/advanced/am-pattern-4/templates/am/control-plane/instance-1/wso2am-pattern-4-am-control-plane-conf.yaml +++ b/advanced/am-pattern-4/templates/am/control-plane/instance-1/wso2am-pattern-4-am-control-plane-conf.yaml @@ -34,14 +34,14 @@ data: #discard_empty_caches = false server_role = "control-plane" + [user_store] + type = "database_unique_id" + [super_admin] username = "admin" password = "admin" create_admin_account = true - [user_store] - type = "database_unique_id" - [database.apim_db] type = "{{ .Values.wso2.deployment.am.cp.db.type }}" url = "{{ .Values.wso2.deployment.am.cp.db.apim.url }}" @@ -63,6 +63,11 @@ data: alias = "wso2carbon" key_password = "wso2carbon" + [truststore] + file_name = "client-truststore.jks" + type = "JKS" + password = "wso2carbon" + #[keystore.primary] #file_name = "wso2carbon.jks" #type = "JKS" @@ -84,11 +89,11 @@ data: display_in_api_console = true description = "This is a hybrid gateway that handles both production and sandbox token traffic." show_as_token_endpoint_url = true - service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-gateway-service:${mgt.transport.https.port}${carbon.context}services/" + service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-gateway-service:${mgt.transport.https.port}/services/" username= "${admin.username}" password= "${admin.password}" - ws_endpoint = "ws://localhost:9099" - wss_endpoint = "wss://localhost:8099" + ws_endpoint = "ws://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" + wss_endpoint = "wss://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" http_endpoint = "http://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" https_endpoint = "https://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" websub_event_receiver_http_endpoint = "http://{{ .Values.wso2.deployment.am.websub.ingress.hostname }}" @@ -122,23 +127,6 @@ data: #[apim.cache.tags] #expiry_time = "2m" - [apim.key_manager] - service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - username = "$ref{super_admin.username}" - password = "$ref{super_admin.password}" - #pool.init_idle_capacity = 50 - #pool.max_idle = 100 - #key_validation_handler_type = "default" - #key_validation_handler_type = "custom" - #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" - - #[apim.oauth_config] - #enable_outbound_auth_header = false - #auth_header = "Authorization" - #revoke_endpoint = "https://localhost:${https.nio.port}/revoke" - #enable_token_encryption = false - #enable_token_hashing = false - [apim.devportal] url = "https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal" #enable_application_sharing = false @@ -154,40 +142,48 @@ data: #enable_cross_tenant_subscriptions = true #default_reserved_username = "apim_reserved_user" - [apim.cors] - allow_origins = "*" - allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] - allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] - allow_credentials = false + [transport.https.properties] + proxyPort = 443 - [apim.throttling] + [apim.event_hub] + enable = true username= "$ref{super_admin.username}" password= "$ref{super_admin.password}" - enable_data_publishing = true - service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-service:${mgt.transport.https.port}/services/" + service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" + event_listening_endpoints = ["tcp://localhost:5672"] event_duplicate_url = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:5672"] - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-1-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-1-service:9711"] - type = "loadbalance" + [[apim.event_hub.publish.url_group]] + urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9611"] + auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9711"] + + [[apim.event_hub.publish.url_group]] + urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9611"] + auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9711"] - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:9711"] - type = "loadbalance" + [apim.key_manager] + service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" + username = "$ref{super_admin.username}" + password = "$ref{super_admin.password}" + type = "default" + #pool.init_idle_capacity = 50 + #pool.max_idle = 100 + #key_validation_handler_type = "default" + #key_validation_handler_type = "custom" + #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" - [apim.event_hub] - enable = true - username= "$ref{super_admin.username}" - password= "$ref{super_admin.password}" - service_url = "https://localhost:${mgt.transport.https.port}/services/" - event_listening_endpoints = ["tcp://localhost:5672"] + #[apim.oauth_config] + #enable_outbound_auth_header = false + #auth_header = "Authorization" + #revoke_endpoint = "https://localhost:${https.nio.port}/revoke" + #enable_token_encryption = false + #enable_token_hashing = false - #[[apim.throttling.url_group]] - #traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] - #traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] - #type = "failover" + [apim.cors] + allow_origins = "*" + allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] + allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] + allow_credentials = false #[apim.workflow] #enable = false @@ -247,22 +243,11 @@ data: order = 1 [event_listener.properties] - notification_endpoint = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/internal/data/v1/notify" + notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" username = "${admin.username}" password = "${admin.password}" 'header.X-WSO2-KEY-MANAGER' = "default" - [transport.https.properties] - proxyPort = 443 - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9711"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9711"] - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} [database.local] url = "jdbc:h2:/home/wso2carbon/solr/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" diff --git a/advanced/am-pattern-4/templates/am/control-plane/instance-2/wso2am-pattern-4-am-control-plane-conf.yaml b/advanced/am-pattern-4/templates/am/control-plane/instance-2/wso2am-pattern-4-am-control-plane-conf.yaml index 19775863..1e78aeaa 100644 --- a/advanced/am-pattern-4/templates/am/control-plane/instance-2/wso2am-pattern-4-am-control-plane-conf.yaml +++ b/advanced/am-pattern-4/templates/am/control-plane/instance-2/wso2am-pattern-4-am-control-plane-conf.yaml @@ -35,14 +35,14 @@ data: #discard_empty_caches = false server_role = "control-plane" + [user_store] + type = "database_unique_id" + [super_admin] username = "admin" password = "admin" create_admin_account = true - [user_store] - type = "database_unique_id" - [database.apim_db] type = "{{ .Values.wso2.deployment.am.cp.db.type }}" url = "{{ .Values.wso2.deployment.am.cp.db.apim.url }}" @@ -64,6 +64,11 @@ data: alias = "wso2carbon" key_password = "wso2carbon" + [truststore] + file_name = "client-truststore.jks" + type = "JKS" + password = "wso2carbon" + #[keystore.primary] #file_name = "wso2carbon.jks" #type = "JKS" @@ -85,11 +90,11 @@ data: display_in_api_console = true description = "This is a hybrid gateway that handles both production and sandbox token traffic." show_as_token_endpoint_url = true - service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-gateway-service:${mgt.transport.https.port}${carbon.context}services/" + service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-gateway-service:${mgt.transport.https.port}/services/" username= "${admin.username}" password= "${admin.password}" - ws_endpoint = "ws://localhost:9099" - wss_endpoint = "wss://localhost:8099" + ws_endpoint = "ws://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" + wss_endpoint = "wss://{{ .Values.wso2.deployment.am.websocket.ingress.hostname }}" http_endpoint = "http://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" https_endpoint = "https://{{ .Values.wso2.deployment.am.gateway.ingress.hostname }}" websub_event_receiver_http_endpoint = "http://{{ .Values.wso2.deployment.am.websub.ingress.hostname }}" @@ -123,23 +128,6 @@ data: #[apim.cache.tags] #expiry_time = "2m" - [apim.key_manager] - service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - username = "$ref{super_admin.username}" - password = "$ref{super_admin.password}" - #pool.init_idle_capacity = 50 - #pool.max_idle = 100 - #key_validation_handler_type = "default" - #key_validation_handler_type = "custom" - #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" - - #[apim.oauth_config] - #enable_outbound_auth_header = false - #auth_header = "Authorization" - #revoke_endpoint = "https://localhost:${https.nio.port}/revoke" - #enable_token_encryption = false - #enable_token_hashing = false - [apim.devportal] url = "https://{{ .Values.wso2.deployment.am.cp.ingress.hostname }}/devportal" #enable_application_sharing = false @@ -155,33 +143,48 @@ data: #enable_cross_tenant_subscriptions = true #default_reserved_username = "apim_reserved_user" - [apim.cors] - allow_origins = "*" - allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] - allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] - allow_credentials = false + [transport.https.properties] + proxyPort = 443 - [apim.throttling] + [apim.event_hub] + enable = true username= "$ref{super_admin.username}" password= "$ref{super_admin.password}" - enable_data_publishing = true - service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-service:${mgt.transport.https.port}/services/" + service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" + event_listening_endpoints = ["tcp://localhost:5672"] event_duplicate_url = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:5672"] - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-1-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-1-service:9711"] - type = "loadbalance" + [[apim.event_hub.publish.url_group]] + urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9611"] + auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9711"] + + [[apim.event_hub.publish.url_group]] + urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9611"] + auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9711"] + + [apim.key_manager] + service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" + username = "$ref{super_admin.username}" + password = "$ref{super_admin.password}" + type = "default" + #pool.init_idle_capacity = 50 + #pool.max_idle = 100 + #key_validation_handler_type = "default" + #key_validation_handler_type = "custom" + #key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler" - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:9711"] - type = "loadbalance" + #[apim.oauth_config] + #enable_outbound_auth_header = false + #auth_header = "Authorization" + #revoke_endpoint = "https://localhost:${https.nio.port}/revoke" + #enable_token_encryption = false + #enable_token_hashing = false - #[[apim.throttling.url_group]] - #traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] - #traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] - #type = "failover" + [apim.cors] + allow_origins = "*" + allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] + allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"] + allow_credentials = false #[apim.workflow] #enable = false @@ -241,29 +244,11 @@ data: order = 1 [event_listener.properties] - notification_endpoint = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/internal/data/v1/notify" + notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify" username = "${admin.username}" password = "${admin.password}" 'header.X-WSO2-KEY-MANAGER' = "default" - [apim.event_hub] - enable = true - username= "$ref{super_admin.username}" - password= "$ref{super_admin.password}" - service_url = "https://localhost:${mgt.transport.https.port}/services/" - event_listening_endpoints = ["tcp://localhost:5672"] - - [transport.https.properties] - proxyPort = 443 - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9711"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9711"] - {{ if .Values.wso2.deployment.persistentRuntimeArtifacts.apacheSolrIndexing.enabled }} [database.local] url = "jdbc:h2:/home/wso2carbon/solr/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" diff --git a/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-gateway-conf.yaml b/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-gateway-conf.yaml index 3d0692f5..8db5b1a0 100644 --- a/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-gateway-conf.yaml +++ b/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-gateway-conf.yaml @@ -58,24 +58,22 @@ data: type = "JKS" password = "wso2carbon" + [transport.http] + properties.port = 9763 + properties.proxyPort = 80 + + [transport.https.properties] + port = 9443 + proxyPort = 443 + # key manager implementation [apim.key_manager] service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" username= "$ref{super_admin.username}" password= "$ref{super_admin.password}" - # Event Listener configurations - [[event_listener]] - id = "token_revocation" - type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" - name = "org.wso2.is.notification.ApimOauthEventInterceptor" - order = 1 - - [event_listener.properties] - notification_endpoint = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/internal/data/v1/notify" - username = "${admin.username}" - password = "${admin.password}" - 'header.X-WSO2-KEY-MANAGER' = "default" + [apim.sync_runtime_artifacts.gateway] + gateway_labels =["Default"] [apim.event_hub] enable = true @@ -84,28 +82,6 @@ data: service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" event_listening_endpoints = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:5672","tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:5672"] - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9711"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9711"] - - # JWT Generation - [apim.jwt] - enable = true - encoding = "base64" # base64,base64url - #generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" - claim_dialect = "http://wso2.org/claims" - header = "X-JWT-Assertion" - signing_algorithm = "SHA256withRSA" - #enable_user_claims = true - #claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever" - - [apim.sync_runtime_artifacts.gateway] - gateway_labels =["Default"] - # Traffic Manager configurations [apim.throttling] username= "$ref{super_admin.username}" @@ -127,6 +103,17 @@ data: traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:9711"] type = "loadbalance" + # JWT Generation + [apim.jwt] + enable = true + encoding = "base64" # base64,base64url + #generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" + claim_dialect = "http://wso2.org/claims" + header = "X-JWT-Assertion" + signing_algorithm = "SHA256withRSA" + #enable_user_claims = true + #claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever" + {{ if .Values.wso2.choreoAnalytics.enabled }} [apim.analytics] enable = true @@ -161,10 +148,6 @@ data: allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction"] allow_credentials = false - [transport.https.properties] - port = 9443 - proxyPort = 443 - [transport.passthru_https.sender.parameters] HostnameVerifier = "AllowAll" diff --git a/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-gateway-service.yaml b/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-gateway-service.yaml index 97221148..940bc015 100644 --- a/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-gateway-service.yaml +++ b/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-gateway-service.yaml @@ -41,3 +41,9 @@ spec: - name: websub-https protocol: TCP port: 8021 + - name: websocket-http + protocol: TCP + port: 9099 + - name: websocket-https + protocol: TCP + port: 8099 diff --git a/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-websocket-ingress.yaml b/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-websocket-ingress.yaml new file mode 100644 index 00000000..793cafbd --- /dev/null +++ b/advanced/am-pattern-4/templates/am/gateway/wso2am-pattern-4-am-websocket-ingress.yaml @@ -0,0 +1,44 @@ +# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.wso2.deployment.am.websocket.ingress.enabled }} + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "am-pattern-4.resource.prefix" . }}-am-websocket-ingress + namespace : {{ .Release.Namespace }} +{{- if .Values.wso2.deployment.am.websocket.ingress.annotations }} + annotations: +{{ toYaml .Values.wso2.deployment.am.websocket.ingress.annotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.wso2.deployment.am.websocket.ingress.className }} + ingressClassName: {{ .Values.wso2.deployment.am.websocket.ingress.className }} + {{- end }} + tls: + - hosts: + - {{ .Values.wso2.deployment.am.websocket.ingress.hostname }} + rules: + - host: {{ .Values.wso2.deployment.am.websocket.ingress.hostname }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ template "am-pattern-4.resource.prefix" . }}-am-gateway-service + port: + number: 8099 +{{- end -}} diff --git a/advanced/am-pattern-4/templates/am/traffic-manager/instance-1/wso2am-pattern-4-am-trafficmanager-conf.yaml b/advanced/am-pattern-4/templates/am/traffic-manager/instance-1/wso2am-pattern-4-am-trafficmanager-conf.yaml index 1655bcb7..13f24a1e 100644 --- a/advanced/am-pattern-4/templates/am/traffic-manager/instance-1/wso2am-pattern-4-am-trafficmanager-conf.yaml +++ b/advanced/am-pattern-4/templates/am/traffic-manager/instance-1/wso2am-pattern-4-am-trafficmanager-conf.yaml @@ -34,14 +34,17 @@ data: #discard_empty_caches = false server_role = "traffic-manager" + [transport.https.properties] + proxyPort = 443 + + [user_store] + type = "database_unique_id" + [super_admin] username = "admin" password = "admin" create_admin_account = true - [user_store] - type = "database_unique_id" - [database.apim_db] type = "h2" url = "jdbc:h2:./repository/database/WSO2AM_DB;AUTO_SERVER=TRUE;DB_CLOSE_ON_EXIT=FALSE" @@ -61,6 +64,11 @@ data: alias = "wso2carbon" key_password = "wso2carbon" + [truststore] + file_name = "client-truststore.jks" + type = "JKS" + password = "wso2carbon" + #[keystore.primary] #file_name = "wso2carbon.jks" #type = "JKS" @@ -75,16 +83,18 @@ data: #alias = "wso2carbon" #key_password = "wso2carbon" - [apim.key_manager] - service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - username = "$ref{super_admin.username}" - password = "$ref{super_admin.password}" - [apim.oauth_config] revoke_endpoint = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/revoke" enable_token_encryption = false enable_token_hashing = false + [apim.event_hub] + enable = true + username = "$ref{super_admin.username}" + password = "$ref{super_admin.password}" + service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" + event_listening_endpoints = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:5672","tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:5672"] + [apim.throttling] event_duplicate_url = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:5672"] service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-service:${mgt.transport.https.port}/services/" @@ -94,21 +104,6 @@ data: #enable_persistence = true throttle_decision_endpoints = ["tcp://localhost:5672"] - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-1-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-1-service:9711"] - type = "loadbalance" - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:9711"] - type = "loadbalance" - - #[[apim.throttling.url_group]] - #traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] - #traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] - #type = "failover" - #[apim.notification] #from_address = "APIM.com" #username = "APIM" @@ -135,24 +130,6 @@ data: [service_provider] sp_name_regex = "^[\\sa-zA-Z0-9._-]*$" - [transport.https.properties] - proxyPort = 443 - - [apim.event_hub] - enable = true - username = "$ref{super_admin.username}" - password = "$ref{super_admin.password}" - service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - event_listening_endpoints = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:5672","tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:5672"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9711"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9711"] - [database.local] url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" diff --git a/advanced/am-pattern-4/templates/am/traffic-manager/instance-2/wso2am-pattern-4-am-trafficmanager-conf.yaml b/advanced/am-pattern-4/templates/am/traffic-manager/instance-2/wso2am-pattern-4-am-trafficmanager-conf.yaml index cbed1b6e..6c1d28f1 100644 --- a/advanced/am-pattern-4/templates/am/traffic-manager/instance-2/wso2am-pattern-4-am-trafficmanager-conf.yaml +++ b/advanced/am-pattern-4/templates/am/traffic-manager/instance-2/wso2am-pattern-4-am-trafficmanager-conf.yaml @@ -34,14 +34,17 @@ data: #discard_empty_caches = false server_role = "traffic-manager" + [transport.https.properties] + proxyPort = 443 + + [user_store] + type = "database_unique_id" + [super_admin] username = "admin" password = "admin" create_admin_account = true - [user_store] - type = "database_unique_id" - [database.apim_db] type = "h2" url = "jdbc:h2:./repository/database/WSO2AM_DB;AUTO_SERVER=TRUE;DB_CLOSE_ON_EXIT=FALSE" @@ -61,6 +64,11 @@ data: alias = "wso2carbon" key_password = "wso2carbon" + [truststore] + file_name = "client-truststore.jks" + type = "JKS" + password = "wso2carbon" + #[keystore.primary] #file_name = "wso2carbon.jks" #type = "JKS" @@ -75,16 +83,18 @@ data: #alias = "wso2carbon" #key_password = "wso2carbon" - [apim.key_manager] - service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - username = "$ref{super_admin.username}" - password = "$ref{super_admin.password}" - [apim.oauth_config] revoke_endpoint = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/revoke" enable_token_encryption = false enable_token_hashing = false + [apim.event_hub] + enable = true + username = "$ref{super_admin.username}" + password = "$ref{super_admin.password}" + service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" + event_listening_endpoints = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:5672","tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:5672"] + [apim.throttling] event_duplicate_url = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-1-service:5672"] service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-service:${mgt.transport.https.port}/services/" @@ -92,24 +102,8 @@ data: #enable_policy_deploy = true #enable_blacklist_condition = true #enable_persistence = true - #throttle_decision_endpoints = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-1-service:5672","tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:5672"] throttle_decision_endpoints = ["tcp://localhost:5672"] - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-1-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-1-service:9711"] - type = "loadbalance" - - [[apim.throttling.url_group]] - traffic_manager_urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:9611"] - traffic_manager_auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-trafficmanager-2-service:9711"] - type = "loadbalance" - - #[[apim.throttling.url_group]] - #traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"] - #traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"] - #type = "failover" - #[apim.notification] #from_address = "APIM.com" #username = "APIM" @@ -136,24 +130,6 @@ data: [service_provider] sp_name_regex = "^[\\sa-zA-Z0-9._-]*$" - [transport.https.properties] - proxyPort = 443 - - [apim.event_hub] - enable = true - username = "$ref{super_admin.username}" - password = "$ref{super_admin.password}" - service_url = "https://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-service:${mgt.transport.https.port}/services/" - event_listening_endpoints = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:5672","tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:5672"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-1-service:9711"] - - [[apim.event_hub.publish.url_group]] - urls = ["tcp://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9611"] - auth_urls = ["ssl://{{ template "am-pattern-4.resource.prefix" . }}-am-cp-2-service:9711"] - [database.local] url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE" diff --git a/advanced/am-pattern-4/values.yaml b/advanced/am-pattern-4/values.yaml index 4dc85ead..51885fa0 100644 --- a/advanced/am-pattern-4/values.yaml +++ b/advanced/am-pattern-4/values.yaml @@ -117,6 +117,20 @@ wso2: annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + + # API Manager's WebSocket specific configurations + websocket: + # Configure Ingress + ingress: + enabled: true + # Name of the IngressClass to use + className: "" + # Hostname for Gateway (WebSocket) service + hostname: "websocket.am.wso2.com" + # Annotations for the API Manager Gateway (WebSocket) service Ingress + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # API Manager's Gateway specific configurations gateway: