Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
75eb4a1
[charts/portal] Helm-charts for Portal version 5.3.3 (#390)
ksaladi Jun 25, 2025
03c4048
[charts/gateway] update pm-tagger
gvermeulen7205 Jul 10, 2025
320a06d
added loadBalancerClass to services
gvermeulen7205 Jul 10, 2025
abce29b
Merge pull request #391 from CAAPIM/gateway_3_0_35
gvermeulen7205 Jul 10, 2025
8fc97b6
[charts/portal] Updating portal charts for 5.3.3.1 patch release. (#395)
meetpatel-broadcom Aug 5, 2025
0df81ab
[charts/portal] Updating the docs for openshift
ksaladi Aug 8, 2025
c67ac03
Updating command
ksaladi Aug 12, 2025
d8bc027
Merge pull request #397 from CAAPIM/ks_oc_doc
gvermeulen7205 Aug 12, 2025
ce6ee69
temporary switch to bitnami legacy
gvermeulen7205 Sep 19, 2025
befe817
setting global defaults for bitnami subCharts
gvermeulen7205 Sep 22, 2025
69fd9d5
removing gateway-otk chart, references and examples
gvermeulen7205 Sep 22, 2025
7735d13
switch to bitnamilegacy. (#403)
cuisimon Sep 22, 2025
10e5550
added readme note for bitnami image change
gvermeulen7205 Sep 22, 2025
4da2edc
Merge pull request #401 from CAAPIM/bitnami_legacy
gvermeulen7205 Sep 22, 2025
b48364d
[charts/gateway] Merge changes for 11.1.3 Gateway release (#406)
jennarddy Sep 29, 2025
2f0cf4c
[charts/gateway] Remove extra env section (#408)
davidchenbc Oct 3, 2025
39183df
[Charts/Portal] Charts for Portal 54 release (#419)
ksaladi Oct 28, 2025
788b7a3
[charts/portal] Fix DE651097 - stable - Make portal db-upgrade-portal…
cuisimon Nov 12, 2025
c24c421
[charts/gateway] Merge changes for 11.2.0 Gateway release (#425)
emilytzhang Nov 27, 2025
ce145be
Merge branch 'stable' of https://github.com/CAAPIM/apim-charts into k…
ksaladi Dec 4, 2025
2e0b740
Add default property for embedded gemfire
davidchenbc Dec 12, 2025
56d704b
Update release note
davidchenbc Dec 12, 2025
8facc85
Merge pull request #430 from davidchenbc/Add-default-gemfire-property
burbanski Dec 12, 2025
5133543
[charts/gateway] US1058306: Release OTK minor 4.6.x.x versions (#426)
ab-sub Dec 13, 2025
ff7224f
Merge remote-tracking branch 'origin/stable' into ks_develop_dec4
ksaladi Dec 16, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions charts/gateway/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
apiVersion: v2
appVersion: "11.1.3"
appVersion: "11.2.0"
description: This Helm Chart deploys the Layer7 Gateway in Kubernetes.
name: gateway
version: 3.0.39
version: 3.0.41
type: application
home: https://github.com/CAAPIM/apim-charts
maintainers:
Expand Down
154 changes: 106 additions & 48 deletions charts/gateway/README.md

Large diffs are not rendered by default.

15 changes: 11 additions & 4 deletions charts/gateway/production-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ disklessConfig:
# true - environment variables are used for gateway configuration
# false - node.properties is used for gateway configuration
enabled: true
# true - node.properties is set by initContainer and bootstrap script
# false - node.properties is set by existingSecret
setSecretByInitContainer: false
existingSecret: {}
# name: gateway-secret
# csi:
Expand All @@ -27,7 +30,7 @@ disklessConfig:
image:
registry: docker.io
repository: caapim/gateway
tag: 11.1.3
tag: 11.2.0
pullPolicy: IfNotPresent

# If you are using a Hazelcast 3.x server then you need to set hazelcast.legacy.enabled=true
Expand Down Expand Up @@ -560,15 +563,16 @@ config:
enabled: false
caches:
# Additional properties for embedded GemFire caches.
# additionalProperties: |-
additionalProperties: |-
statistic-sampling-enabled=false

externalLocators:
# The number of GemFire locator replicas to deploy when using embedded GemFire.
replicas: 2
image:
registry: docker.io
repository: gemfire/gemfire
tag: 10.1.3-jdk17
tag: 10.2.0-jdk21
pullPolicy: IfNotPresent
resources:
limits: {}
Expand Down Expand Up @@ -598,7 +602,7 @@ config:
image:
registry: docker.io
repository: gemfire/gemfire-management-console
tag: 1.3.1
tag: 1.4.1
pullPolicy: IfNotPresent


Expand Down Expand Up @@ -853,6 +857,9 @@ otk:
image:
repository: caapim/otk-install
tag: 4.6.4
# OTK 4.6.4 is presently the only version that provides seamless support for Gateway 11.2
# There are limitations in older versions (< OTK 4.6.4) with respect to Evaluate JSON Path Assertion (V1) assertion & other support limitations
# This requires specific actions as mentioned in the release notes Chart Version 3.0.41
pullPolicy: IfNotPresent
imagePullSecret:
enabled: false
Expand Down
35 changes: 31 additions & 4 deletions charts/gateway/release-notes.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,37 @@

Back to [Readme](./README.md#release-notes)

# Java 17
The Layer7 API Gateway is now running with Java 17 with the release of v11.1.00.
# Java 21
The Layer7 API Gateway is now running with Java 21 with the release of v11.2.0.

If you use Policy Manager, you will need to update to v11.1.00.
If you use Policy Manager, you will need to update to v11.2.0.

## 3.0.41 General Updates
For Specific compatibility changes related to OTK, please refer to [here](https://github.com/CAAPIM/apim-charts/blob/stable/charts/gateway/README.md#otk-compatibility-with-gateway-112) to have continuous support

## 3.0.40 General Updates
- Gemfire property statistic-sampling-enabled=false is added to disable Statistic sampling which is not supported for embedded gemfire on container gateway

## 3.0.39 General Updates
- Add using initContainer to mount secret
- Update GemFire version to 10.2.0 and GemFire management console version to 1.4.1

## 3.0.38 General Updates
- Remove extra gateway container env config

## 3.0.37 General Updates
- Added support for Dual Stack Network in Gateway
- Added GemFire configuration
- Updated pm-tagger image (docker.io/caapim/pm-tagger:1.0.3)

## 3.0.36 General Updates
Images for mysql, redis and grafana have been temporarily switched to [bitnamilegacy](https://community.broadcom.com/blogs/beltran-rueda-borrego/2025/08/18/how-to-prepare-for-the-bitnami-changes-coming-soon) to avoid disruption during the bitnami secure switch.

## 3.0.35 General Updates
This is a minor patch to update pm-tagger, fix the readme format and add optional loadBalancerClass for services.
- PM-Tagger image updated (docker.io/caapim/pm-tagger:1.0.2)
- Readme format fix
- Added loadBalancerClass for services (optional)

## 3.0.38 General Updates
- Remove extra gateway container env config
Expand Down Expand Up @@ -473,4 +500,4 @@ $ helm show values layer7/gateway > gateway-values.yaml
Inspect and update the new gateway-values.yaml

$ helm upgrade my-ssg --set-file "license.value=path/to/license.xml" --set "license.accept=true" -f ./gateway-values.yaml layer7/gateway
```
```
11 changes: 9 additions & 2 deletions charts/gateway/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# Copyright (c) 2025 Broadcom Inc. and its subsidiaries. All Rights Reserved.
apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down Expand Up @@ -195,10 +196,16 @@ spec:
- name: {{ template "gateway.fullname" . }}-system-properties
mountPath: /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties
subPath: system.properties
{{- if not .Values.disklessConfig.enabled }}
{{- if (not .Values.disklessConfig.enabled) }}
{{- if (not .Values.disklessConfig.setSecretByInitContainer)}}
- name: {{ template "gateway.fullname" . }}-node-properties
mountPath: /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties
subPath: node.properties
{{- else }}
- name: shared-secret
mountPath: /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties
subPath: node.properties
{{- end }}
{{- end }}
{{- if or (.Values.hazelcast.enabled) (.Values.hazelcast.external) }}
- name: {{ template "gateway.fullname" . }}-hazelcast-client
Expand Down Expand Up @@ -534,7 +541,7 @@ spec:
items:
- key: license
path: license.xml
{{- if not .Values.disklessConfig.enabled }}
{{- if and (not .Values.disklessConfig.enabled) (not .Values.disklessConfig.setSecretByInitContainer) }}
- name: {{ template "gateway.fullname" . }}-node-properties
{{- if .Values.disklessConfig.existingSecret.csi }}
csi: {{ toYaml .Values.disklessConfig.existingSecret.csi | nindent 12 }}
Expand Down
3 changes: 2 additions & 1 deletion charts/gateway/templates/node-properties-secret.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{{- if and (not .Values.disklessConfig.enabled) (not .Values.disklessConfig.existingSecret.name) }}
# Copyright (c) 2025 Broadcom Inc. and its subsidiaries. All Rights Reserved.
{{- if and (not .Values.disklessConfig.enabled) (not .Values.disklessConfig.existingSecret.name) (not .Values.disklessConfig.setSecretByInitContainer) }}
apiVersion: v1
kind: Secret
metadata:
Expand Down
15 changes: 11 additions & 4 deletions charts/gateway/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ disklessConfig:
# true - environment variables are used for gateway configuration
# false - node.properties is used for gateway configuration
enabled: true
# true - node.properties is set by initContainer and bootstrap script
# false - node.properties is set by existingSecret
setSecretByInitContainer: false
existingSecret: {}
# name: gateway-secret
# csi:
Expand All @@ -27,7 +30,7 @@ disklessConfig:
image:
registry: docker.io
repository: caapim/gateway
tag: 11.1.3
tag: 11.2.0
pullPolicy: IfNotPresent

# If you are using a Hazelcast 3.x server then you need to set hazelcast.legacy.enabled=true
Expand Down Expand Up @@ -560,15 +563,16 @@ config:
enabled: false
caches:
# Additional properties for embedded GemFire caches.
# additionalProperties: |-
additionalProperties: |-
statistic-sampling-enabled=false

externalLocators:
# The number of GemFire locator replicas to deploy when using embedded GemFire.
replicas: 2
image:
registry: docker.io
repository: gemfire/gemfire
tag: 10.1.3-jdk17
tag: 10.2.0-jdk21
pullPolicy: IfNotPresent
resources:
limits: {}
Expand Down Expand Up @@ -596,7 +600,7 @@ config:
image:
registry: docker.io
repository: gemfire/gemfire-management-console
tag: 1.3.1
tag: 1.4.1
pullPolicy: IfNotPresent

# In Gateway v11.1.1 shared state providers like redis (redis only currently) can be configured in a yaml file.
Expand Down Expand Up @@ -849,6 +853,9 @@ otk:
image:
repository: caapim/otk-install
tag: 4.6.4
# OTK 4.6.4 is presently the only version that provides seamless support for Gateway 11.2
# There are limitations in older versions (< OTK 4.6.4) with respect to Evaluate JSON Path Assertion (V1) assertion & other support limitations
# This requires specific actions as mentioned in the release notes Chart Version 3.0.41
pullPolicy: IfNotPresent
imagePullSecret:
enabled: false
Expand Down
2 changes: 1 addition & 1 deletion charts/portal/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
appVersion: "5.4"
description: CA API Developer Portal
name: portal
version: 2.3.21
version: 2.3.20
type: application
home: https://github.com/CAAPIM/apim-charts
maintainers:
Expand Down
16 changes: 9 additions & 7 deletions charts/portal/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,22 @@ This Chart deploys the Layer7 API Developer Portal on a Kubernetes Cluster using

## Release Notes

## 2.3.21 General Updates
## 2.3.20 General Updates
- This new version of the chart makes Portal db-upgrade-portal/rbac resource configurable per customer request.

## 2.3.20 General Updates
## 2.3.19 General Updates
- This new version of the chart supports API Portal 5.4
- DB container(for testing) upgraded to support 8.4.5 MySQL version.
- Upgrade to 2.3.19 is only supported from 2.3.12 chart version in compliance with the Portal version compatibility requirements.

## 2.3.18 General Updates
- Switch bitnami/mysql to bitnamilegacy/mysql.

## 2.3.17 General Updates
- Switch bitnami/mysql to bitnamilegacy/mysql.
- This new version of the chart supports API Portal 5.3.3.1

## 2.3.16 General Updates
- This new version of the chart supports API Portal 5.3.3.1
- This new version of the chart supports API Portal 5.3.3
- Upgrade to 2.3.17 is only supported from 2.3.10 chart version as per the Portal version.
- Updated the Openshift installation procedure through an example. Refer examples/portal folder.

Expand Down Expand Up @@ -141,7 +143,7 @@ This Chart deploys the Layer7 API Developer Portal on a Kubernetes Cluster using
Solutions & Patches](https://techdocs.broadcom.com/us/product-content/recommended-reading/technical-document-index/ca-api-developer-portal-solutions-and-patches.html) page.

### Production
- A dedicated MySQL 8.0.31/8.0.33/8.0.34/8.0.37/8.0.39/8.4.4 server [See TechDocs for more information](https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/5-4/install-configure-and-upgrade/install-portal-on-docker-swarm/configure-an-external-database.html)
- A dedicated MySQL 8.0.31/8.0.33/8.0.34/8.0.37/8.0.39/8.4.4/8.4.5 server [See TechDocs for more information](https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/5-4/install-configure-and-upgrade/install-portal-on-docker-swarm/configure-an-external-database.html)
- 3 Worker nodes with at least 4vcpu and 32GB ram - High Availability with analytics
- Access to a DNS Server
- Signed SSL Server Certificate
Expand Down Expand Up @@ -990,9 +992,9 @@ Resulting hostnames:
| API analytics | `dev-portal-analytics.example.com` | `analytics.example.com` |

## Installing in OpenShift
To install Portal >=5.4, refer examples/portal/openshift folder.
To install Portal >=5.3.3, refer examples/portal/openshift folder.

The below procedure works for portal < v5.4
The below procedure works for portal < v5.3.3

Fetch the OC namespace openshift.io/sa.scc.uid-range values(`<runAsUser-start>/<end>`) and openshift.io/sa.scc.supplemental-groups(`<fsGroupId-start>/<end>`) annotation values.
[Refer to OpenShift documentation](https://docs.openshift.com/dedicated/authentication/managing-security-context-constraints.html#security-context-constraints-pre-allocated-values_configuring-internal-oauth)
Expand Down
3 changes: 2 additions & 1 deletion charts/portal/templates/jobs/db-upgrade-job.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# Copyright (c) 2025 Broadcom Inc. and its subsidiaries. All Rights Reserved.
apiVersion: batch/v1
kind: Job
metadata:
Expand Down Expand Up @@ -38,7 +39,7 @@ spec:
{{- end }}
{{- if .Values.jobs.dbUpgradePortal.resources }}
resources: {{- toYaml .Values.jobs.dbUpgradePortal.resources | nindent 12 }}
{{- end }}
{{- end }}
env:
- name: HOST
{{ if .Values.global.setupDemoDatabase }}
Expand Down
3 changes: 2 additions & 1 deletion charts/portal/templates/jobs/rbac-upgrade-job.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# Copyright (c) 2025 Broadcom Inc. and its subsidiaries. All Rights Reserved.
apiVersion: batch/v1
kind: Job
metadata:
Expand Down Expand Up @@ -38,7 +39,7 @@ spec:
{{- end }}
{{- if .Values.jobs.dbUpgradeRbac.resources }}
resources: {{- toYaml .Values.jobs.dbUpgradeRbac.resources | nindent 12 }}
{{- end }}
{{- end }}
env:
- name: HOST
{{ if .Values.global.setupDemoDatabase }}
Expand Down
25 changes: 17 additions & 8 deletions examples/portal/openshift/README.md
Original file line number Diff line number Diff line change
@@ -1,25 +1,30 @@
# Deploy Portal in Openshift
The Portal Chart will not work without the custom SCC in an OSE that is restrictive.
This folder contains information on how to deploy the portal charts with Openshift.

The Portal Chart will not work without the custom SCC in an OSE that is restrictive.
This folder contains information on how to deploy the portal charts with Openshift.

## Prerequisite:
* Helm 3.x
* Openshift CLI (oc)
* Create a project(aka namespace) in Openshift.

- Helm 3.x
- Openshift CLI (oc)
- Create a project(aka namespace) in Openshift.

# Example

Throughout the example, it assumes the project/namespace that the portal will be installed is set as default.

The example creates an exception for uid/gid ranges 1001-1010 which means that you can deploy the Portal with minimal changes.

## Installation

1. Creates a SecurityContext for the namespace that was created with uid/gid ranges from 1001-1010.

```
$ oc apply -f portal-scc.yaml
```
```

2. Create a role referrring the above scc.

```
$ oc apply -f portal-role.yaml
```
Expand All @@ -29,30 +34,34 @@ $ oc apply -f portal-role.yaml
```
$ oc apply -f portal-sa.yaml
```

4. Create a role-binding that binds the role and service account created in Step 2 and 3.

```
$ oc apply -f portal-rolebinding.yaml
```

5. Instead of executing the above step by step, go to examples/portal/openshift and execute.

```
$ oc apply -f ./scc
```

6. Next is to use the service-account created in the Step 3 to refer in the Portal values.yaml. Refer sample [oc-portal-values.yaml](oc-portal-values.yaml).

```
$ helm install <release-name> --set-file "portal.registryCredentials=/path/to/docker-secret.yaml" layer7/portal -f oc-portal-values.yaml

```

7. [Create a new tenant](https://github.com/CAAPIM/apim-charts/tree/stable/utils)

8. Add new tenant route in Openshift.

```
$ oc process -f new-tenant-route-template.yaml -p TENANT_NAME=<YOUR-TENANT-NAME> -p PORTAL_DOMAIN=<PORTAL-DOMAIN> | oc apply -f -
```

## Note
Openshift works on routes(similar to ingress in k8s). so in the oc-portal-values.yaml, ingress.type.openshift set to true and ingress.type.kubernetes set to false.


Openshift works on routes(similar to ingress in k8s). so in the oc-portal-values.yaml, ingress.type.openshift set to true and ingress.type.kubernetes set to false.
1 change: 1 addition & 0 deletions utils/create-tenant.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#!/bin/bash
# Copyright (c) 2025 Broadcom Inc. and its subsidiaries. All Rights Reserved.

values=(adminEmail auditLogLevel multiclusterEnabled noReplyEmail performanceLogLevel portalLogLevel portalName subdomain tenantId tenantType termOfUse)

Expand Down
Loading