diff --git a/apigateway/helm/Chart.lock b/apigateway/helm/Chart.lock
index 5455e0f..3555b27 100644
--- a/apigateway/helm/Chart.lock
+++ b/apigateway/helm/Chart.lock
@@ -1,9 +1,9 @@
dependencies:
- name: common
repository: https://open-source.softwareag.com/webmethods-helm-charts/charts
- version: 1.0.2
+ version: 1.0.3
- name: prometheus-elasticsearch-exporter
repository: https://prometheus-community.github.io/helm-charts
version: 5.0.0
-digest: sha256:c8fd5d9ed3a3017059f47b0eca80f748d8c3c3c090bb15badb93f8473171901e
-generated: "2024-06-18T12:08:57.800872+02:00"
+digest: sha256:ca4d38e54226ff732696e5af73cb2ed423acece567769328f72d07fd38e6c15c
+generated: "2024-06-25T14:25:11.045085+02:00"
diff --git a/apigateway/helm/Chart.yaml b/apigateway/helm/Chart.yaml
index d50370e..e7e7047 100644
--- a/apigateway/helm/Chart.yaml
+++ b/apigateway/helm/Chart.yaml
@@ -33,7 +33,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.2.6
+version: 1.2.7
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
@@ -45,7 +45,7 @@ dependencies:
repository: "https://open-source.softwareag.com/webmethods-helm-charts/charts"
tags:
- softwareag-common
- version: 1.x.x
+ version: 1.0.3
- name: prometheus-elasticsearch-exporter
repository: "https://prometheus-community.github.io/helm-charts"
tags:
diff --git a/apigateway/helm/README.md b/apigateway/helm/README.md
index e2c8f45..83d9078 100644
--- a/apigateway/helm/README.md
+++ b/apigateway/helm/README.md
@@ -166,7 +166,8 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use
| `1.2.3` | Job template added to create house keeping (cron) jobs. |
| `1.2.4` | Added Kibana extra container configuration, set by Values.kibana.extraContainers.
Added ServiceMonitor matchLabel for a specific service. The service is set by .Values.serviceMonitor.serviceName defaulting to API Gateways runtime service. |
| `1.2.5` | Added possibility to read metering truststore password by secretKeyRef.
Added custom logging configuration for Kibana. |
-
+| `1.2.6` | Fixed commons dependency to enable metering change from 1.2.5. |
+| `1.2.7` | Added possibility to rename roleBinding for API Gateway, Kibana and Elasitcsearch. This allows for multiple deployments into the same namespace. |
## Values
| Key | Type | Default | Description |
@@ -187,7 +188,8 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use
| apigw.extraConfigSources | list | `[]` | Extra configuration sources for API Gateway Example: - type: YAML allowEdit: false properties: location: apigw-config.yml |
| apigw.extraLabels | object | `{}` | Additional labels to be added to apigw pod labels. |
| apigw.grpcPort | int | `4440` | gRPC port for High Availability and Fault Tolerance (HAFT) solution. This port must be manually setup after API Gateway was initizalized. |
-| apigw.initContainer | object | `{"securityContext":{}}` | SecurityContext for apigw initContainer Deactivated by default. Usage example: securityContext: runAsGroup: 1000 runAsUser: 1000 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL |
+| apigw.initContainer | object | `{"enabled":true,"securityContext":{}}` | SecurityContext for apigw initContainer Deactivated by default. Usage example: securityContext: runAsGroup: 1000 runAsUser: 1000 runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL |
+| apigw.initContainer.enabled | bool | `true` | If apigw initContainer for ES should be enabled |
| apigw.initMemory | string | `"1024Mi"` | |
| apigw.maxMemory | string | `"1024Mi"` | |
| apigw.readinessProbe.scheme | string | `"HTTP"` | The readinessprobe scheme (https or http). |
@@ -223,9 +225,10 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use
| elasticsearch.secretName | string | `""` | The secret name that holds the sag es user for API Gateway. |
| elasticsearch.secretPasswordKey | string | `""` | The key that holds the Elasticsearch password; defauls to "password" |
| elasticsearch.secretUserKey | string | `""` | The key that holds the Elasticsearch user; defauls to "username" |
-| elasticsearch.serviceAccount | object | `{"create":false,"name":"","roleName":""}` | Enable and configure service account creation. |
+| elasticsearch.serviceAccount | object | `{"create":false,"name":"","roleBindingName":"elasticsearch-rolebinding","roleName":""}` | Enable and configure service account creation. |
| elasticsearch.serviceAccount.create | bool | `false` | Whether to create a ServiceAccount for Elasticsearch |
| elasticsearch.serviceAccount.name | string | `""` | Name of the ServiceAccount for Elasticsearch |
+| elasticsearch.serviceAccount.roleBindingName | string | `"elasticsearch-rolebinding"` | Name of the ServiceAccount Rolebinding used by the Elasticsearch ServiceAccount. Requires create=true to work. |
| elasticsearch.serviceAccount.roleName | string | `""` | Name of the ServiceAccount Role used by the Elasticsearch ServiceAccount. Requires create=true to work. |
| elasticsearch.storage | string | `""` | |
| elasticsearch.storageClassName | string | `""` | |
@@ -333,9 +336,10 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use
| kibana.resources | object | `{}` | Resource Settings for Kibana Example: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi |
| kibana.secretName | string | `""` | The secret name that holds the kibana user for API Gateway. |
| kibana.securityContext | object | `{}` | The securityContext for kibana container. |
-| kibana.serviceAccount | object | `{"create":false,"name":"","roleName":""}` | Enable and configure service account creation. |
+| kibana.serviceAccount | object | `{"create":false,"name":"","roleBindingName":"kibana-rolebinding","roleName":""}` | Enable and configure service account creation. |
| kibana.serviceAccount.create | bool | `false` | Whether to create a ServiceAccount for Kibana |
| kibana.serviceAccount.name | string | `""` | Name of the ServiceAccount for Kibana |
+| kibana.serviceAccount.roleBindingName | string | `"kibana-rolebinding"` | Name of the ServiceAccount Rolebinding used by the Kibana ServiceAccount. Requires create=true to work. |
| kibana.serviceAccount.roleName | string | `""` | Name of the ServiceAccount Role used by the Kibana ServiceAccount. Requires create=true to work. |
| kibana.tls | object | `{"enabled":false,"secretName":"","trustStoreName":"","truststorePasswordSecret":"","verificationMode":"certificate"}` | Enable and configure tls connection from Kibana to Elasticsearch. |
| kibana.tls.enabled | bool | `false` | Whether to enable tls connection from Kibana to Elasticsearch. |
@@ -390,6 +394,7 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.create | bool | `true` | - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "common.names.roleName" . }} rules: - apiGroups: - "" resources: - pods - endpoints verbs: - get - list - watch |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| serviceAccount.roleBindingName | string | `"cluster-discovery-rolebinding"` | |
| serviceAccount.roleName | string | `""` | |
| serviceMonitor.enabled | bool | `false` | Create and enable CRD ServiceMonitor. The default is `false`. |
| serviceMonitor.serviceName | string | `""` | Set the monitored service which is connected by ServiceMonitor. Default (if not set) is the `rt` runtime service. |
diff --git a/apigateway/helm/README.md.gotmpl b/apigateway/helm/README.md.gotmpl
index 1fd15fe..4842690 100644
--- a/apigateway/helm/README.md.gotmpl
+++ b/apigateway/helm/README.md.gotmpl
@@ -167,5 +167,6 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use
| `1.2.3` | Job template added to create house keeping (cron) jobs. |
| `1.2.4` | Added Kibana extra container configuration, set by Values.kibana.extraContainers.
Added ServiceMonitor matchLabel for a specific service. The service is set by .Values.serviceMonitor.serviceName defaulting to API Gateways runtime service. |
| `1.2.5` | Added possibility to read metering truststore password by secretKeyRef.
Added custom logging configuration for Kibana. |
-
+| `1.2.6` | Fixed commons dependency to enable metering change from 1.2.5. |
+| `1.2.7` | Added possibility to rename roleBinding for API Gateway, Kibana and Elasitcsearch. This allows for multiple deployments into the same namespace. |
{{ template "chart.valuesSection" . }}
diff --git a/apigateway/helm/charts/common-1.0.2.tgz b/apigateway/helm/charts/common-1.0.2.tgz
deleted file mode 100644
index c958f96..0000000
Binary files a/apigateway/helm/charts/common-1.0.2.tgz and /dev/null differ
diff --git a/apigateway/helm/charts/common-1.0.3.tgz b/apigateway/helm/charts/common-1.0.3.tgz
new file mode 100644
index 0000000..c89d9b8
Binary files /dev/null and b/apigateway/helm/charts/common-1.0.3.tgz differ
diff --git a/apigateway/helm/templates/deployment.yaml b/apigateway/helm/templates/deployment.yaml
index 1765fa5..e79585d 100644
--- a/apigateway/helm/templates/deployment.yaml
+++ b/apigateway/helm/templates/deployment.yaml
@@ -59,6 +59,7 @@ spec:
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
+ {{- if or ( .Values.apigw.initContainer.enabled ) ( .Values.extraInitContainers ) }}
initContainers:
{{- if .Values.elasticsearch.deploy }}
- name: waitforelasticsearch
@@ -108,6 +109,7 @@ spec:
{{- if .Values.extraInitContainers }}
{{- toYaml .Values.extraInitContainers | nindent 8 }}
{{- end }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
diff --git a/apigateway/helm/templates/serviceaccount.yaml b/apigateway/helm/templates/serviceaccount.yaml
index f6f9f99..0be2706 100644
--- a/apigateway/helm/templates/serviceaccount.yaml
+++ b/apigateway/helm/templates/serviceaccount.yaml
@@ -25,7 +25,7 @@ metadata:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: cluster-discovery-rolebinding
+ name: {{ include "common.names.roleBindingName" . }}
roleRef:
kind: Role
name: {{ include "common.names.roleName" . }}
@@ -59,7 +59,7 @@ metadata:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: elasticsearch-rolebinding
+ name: {{ .Values.elasticsearch.serviceAccount.roleBindingName }}
roleRef:
kind: Role
name: {{ .Values.elasticsearch.serviceAccount.roleName }}
@@ -93,7 +93,7 @@ metadata:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: kibana-rolebinding
+ name: {{ .Values.kibana.serviceAccount.roleBindingName }}
roleRef:
kind: Role
name: {{ .Values.kibana.serviceAccount.roleName }}
diff --git a/apigateway/helm/values.yaml b/apigateway/helm/values.yaml
index 5c514c6..5469078 100644
--- a/apigateway/helm/values.yaml
+++ b/apigateway/helm/values.yaml
@@ -71,6 +71,8 @@ serviceAccount:
name: ""
# If not set and create is true, a name is generated using the fullname template
roleName: ""
+ # If not set and create is true, a name is generated using the fullname template
+ roleBindingName: "cluster-discovery-rolebinding"
# -- The name of the secret or configmap that contains the license key.
# Defaults to the release name + chart name + "-license".
@@ -328,6 +330,8 @@ apigw:
# - ALL
initContainer:
securityContext: {}
+ # -- If apigw initContainer for ES should be enabled
+ enabled: true
# -- Specifies the location and name of the configuration variables template
# or the directory containing templates for use with Microservices Runtime or
@@ -561,7 +565,7 @@ elasticsearch:
# Overwriting with custom PodDisruptionBudget Policy requires enabled=true.
# Examples can be seen here: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
data: {}
-
+
# -- Enable and configure service account creation.
serviceAccount:
# -- Whether to create a ServiceAccount for Elasticsearch
@@ -571,6 +575,9 @@ elasticsearch:
# -- Name of the ServiceAccount Role used by the Elasticsearch ServiceAccount.
# Requires create=true to work.
roleName: ""
+ # -- Name of the ServiceAccount Rolebinding used by the Elasticsearch ServiceAccount.
+ # Requires create=true to work.
+ roleBindingName: "elasticsearch-rolebinding"
# -- Whether the communication from APIGW and Kibana should be HTTPS
# Note: you will need to create certificate and a separate truststore for the communication.
@@ -704,6 +711,9 @@ kibana:
# -- Name of the ServiceAccount Role used by the Kibana ServiceAccount.
# Requires create=true to work.
roleName: ""
+ # -- Name of the ServiceAccount Rolebinding used by the Kibana ServiceAccount.
+ # Requires create=true to work.
+ roleBindingName: "kibana-rolebinding"
# -- Configure Kibana's readinessProbe.
readinessProbe: