Chart supported versions: 1.30.x and higher
This chart will deploy the following:
- Gravitee UI
- Gravitee API
- Gravitee Gateway
- MongoDB replica-set (optional dependency)
- Elasticsearch cluster (optional dependency)
- Add the Gravitee.io helm charts repo
$ helm repo add graviteeio https://helm.gravitee.io - Install it
$ helm install --name graviteeio-apim graviteeio/apim
To package this chart directory into a chart archive, run:
$ helm package .
To install the chart from the Helm repository with the release name graviteeio-apim:
$ helm install --name graviteeio-apim graviteeio/apimTo install the chart using the chart archive, run:
$ helm install apim-1.29.0.tgz
The following tables list the configurable parameters of the Gravitee chart and their default values.
To configure common features such as:
- chaos testing (see chaoskube chart)
- configuration database (see mongodb-replicaset chart)
- logs database (see elastichsearch chart)
| Parameter | Description | Default |
|---|---|---|
chaos.enabled |
Enable Chaos test | false |
inMemoryAuth.enabled |
Enable oauth login | true |
ldap.enabled |
Enable LDAP login | false |
There are three ways to configure MongoDB connections.
The most simple is to provide the MongoDB URI.
| Parameter | Description | Default |
|---|---|---|
mongo.uri |
Mongo URI | null |
If no mongo.uri is provided, you can provide a mongo.servers raw definition in combination with mongo.dbname, plus
eventual authentication configuration:
mongo:
servers: |
- host: mongo1
port: 27017
- host: mongo2
port: 27017
dbname: gravitee
auth:
enabled: false
username:
password:If neither mongo.uri or mongo.servers are provided, you have to define the following configuration options:
| Parameter | Description | Default |
|---|---|---|
mongo.rsEnabled |
Whether Mongo replicaset is enabled or not | true |
mongo.rs |
Mongo replicaset name | rs0 |
mongo.dbhost |
Mongo host address | mongo-mongodb-replicaset |
mongo.dbport |
Mongo host port | 27017 |
mongo.dbname |
Mongo DB name | gravitee |
mongo.auth.enabled |
Enable Mongo DB authentication | false |
mongo.auth.username |
Mongo DB username | null |
mongo.auth.password |
Mongo DB password | null |
| Parameter | Description | Default |
|---|---|---|
mongo.sslEnabled |
Enable SSL connection to MongoDB | false |
mongo.socketKeepAlive |
Enable keep alive for socket | false |
| Parameter | Description | Default |
|---|---|---|
mongo-replicaset.enable |
Enable deployment of Mongo replicaset | false |
See MongoDB replicaset for detailed documentation on helm chart.
| Parameter | Description | Default |
|---|---|---|
es.security.enabled |
Elasticsearch username and password enabled | false |
es.security.username |
Elasticsearch username | example |
es.security.password |
Elasticsearch username | example |
es.cluster |
Elasticsearch cluster name | elasticsearch |
es.index |
Elasticsearch index | gravitee |
es.endpoints |
Elasticsearch endpoint array | [http://elastic-elasticsearch-client.default.svc.cluster.local:9200] |
| Parameter | Description | Default |
|---|---|---|
elasticsearch.enable |
Enable deployment of Elasticsearch cluster | false |
See Elasticsearch for detailed documentation on optional requirements helm chart.
| Parameter | Description | Default |
|---|---|---|
ui.name |
UI service name | ui |
ui.baseURL |
Base URL to access to the Management API (if set to null, defaults to Management API ingress value) |
[apim.example.com]/management |
ui.title |
UI Portal title (if set to null, retrieved from the management repository) |
API Portal |
ui.managementTitle |
UI Management title (if set to null, retrieved from the management repository) |
API Management |
ui.documentationLink |
UI link to documentation (if set to null, retrieved from the management repository) |
http://docs.gravitee.io/ |
ui.portal.apikeyHeader |
API key header name (if set to null, retrieved from the management repository) |
X-Gravitee-Api-Key |
ui.portal.devMode.enabled |
Whether to enable developer mode (if set to null, retrieved from the management repository) |
false |
ui.portal.userCreation.enabled |
Whether to enable user creation (if set to null, retrieved from the management repository) |
false |
ui.portal.support.enabled |
Whether to enable support features (if set to null, retrieved from the management repository) |
true |
ui.portal.rating.enabled |
Whether to enable API rating (if set to null, retrieved from the management repository) |
false |
ui.portal.analytics.enabled |
Whether to enable analytics features (if set to null, retrieved from the management repository) |
false |
ui.portal.analytics.trackingId |
Tracking ID used for analytics (if set to null, retrieved from the management repository) |
"" |
ui.replicaCount |
How many replicas of the UI pod | 1 |
ui.image.repository |
Gravitee UI image repository | graviteeio/management-ui |
ui.image.tag |
Gravitee UI image tag | 1.29.5 |
ui.image.pullPolicy |
K8s image pull policy | Always |
ui.image.pullSecrets |
K8s image pull secrets, used to pull both Gravitee UI image and extraInitContainers |
null |
ui.autoscaling.enabled |
Whether auto-scaling is enabled or not | true |
ui.autoscaling.minReplicas |
If ui.autoscaling.enabled is true, what's the minimum number of replicas |
2 |
ui.autoscaling.maxReplicas |
If ui.autoscaling.enabled is true, what's the maximum number of replicas |
3 |
ui.autoscaling.targetAverageUtilization |
If ui.autoscaling.enabled what's the average target utilization (in %) before it auto-scale |
50 |
ui.service.name |
UI service name | nginx |
ui.service.type |
K8s publishing service type | ClusterIP |
ui.service.externalPort |
K8s UI service external port | 8082 |
ui.service.internalPort |
K8s UI service internal port (container) | 80 |
ui.ingress.enabled |
Whether Ingress is enabled or not | true |
ui.ingress.hosts |
If ui.ingress.enabled is enabled, set possible ingress hosts |
[apim.example.com] |
ui.ingress.annotations |
Supported Ingress annotations to configure ingress controller | [kubernetes.io/ingress.class: nginx, kubernetes.io/app-root: /management, kubernetes.io/rewrite-target: /management, ingress.kubernetes.io/configuration-snippet: "etag on;\nproxy_pass_header ETag;\n"] |
ui.ingress.tls.hosts |
Ingress TLS termination | [apim.example.com] |
ui.ingress.tls.secretName |
Ingress TLS K8s secret name containing the TLS private key and certificate | api-custom-cert |
ui.resources.limits.cpu |
K8s pod deployment limits definition for CPU | 100m |
ui.resources.limits.memory |
K8s pod deployment limits definition for memory | 128Mi |
ui.resources.requests.cpu |
K8s pod deployment requests definition for CPU | 50m |
ui.resources.requests.memory |
K8s pod deployment requests definition for memory | 64Mi |
ui.lifecycle.postStart |
K8s pod deployment postStart command definition | null |
ui.lifecycle.preStop |
K8s pod deployment preStop command definition | null |
| Parameter | Description | Default |
|---|---|---|
api.name |
API service name | api |
api.logging.debug |
Whether to enable API debug logging or not | false |
api.logging.graviteeLevel |
Logging level for Gravitee classes | DEBUG |
api.logging.jettyLevel |
Logging level for Jetty classes | INFO |
api.logging.stdout.encoderPattern |
Logback standard output encoder pattern | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n |
api.logging.file.enabled |
Whether to enable file logging or not | true |
api.logging.file.rollingPolicy |
Logback file rolling policy configuration | TimeBasedRollingPolicy for 30 days |
api.logging.file.encoderPattern |
Logback file encoder pattern | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n |
api.ssl.enabled |
API exposition through HTTPS protocol activation | false |
api.ssl.keystore.path |
Keystore path for API exposition through HTTPS protocol | null |
api.ssl.keystore.password |
Keystore password for API exposition through HTTPS protocol | null |
api.ssl.clientAuth |
Client authentication through 2 way TLS activation | false |
api.ssl.truststore.path |
Truststore path for client authentication through 2 way TLS | null |
api.ssl.truststore.password |
Truststore password for client authentication through 2 way TLS | null |
api.http.services.core.http.authentication.password |
HTTP core service authentication password | adminadmin |
api.http.api.entrypoint |
Listening path for the API | /management |
api.http.client.timeout |
HTTP client global timeout | 10000 |
api.http.client.proxy.type |
HTTP client proxy type | HTTP |
api.http.client.proxy.http.host |
HTTP client proxy host for HTTP protocol | localhost |
api.http.client.proxy.http.port |
HTTP client proxy port for HTTP protocol | 3128 |
api.http.client.proxy.http.username |
HTTP client proxy username for HTTP protocol | null |
api.http.client.proxy.http.password |
HTTP client proxy password for HTTP protocol | null |
api.http.client.proxy.https.host |
HTTP client proxy host for HTTPS protocol | localhost |
api.http.client.proxy.https.port |
HTTP client proxy port for HTTPS protocol | 3128 |
api.http.client.proxy.https.username |
HTTP client proxy username for HTTPS protocol | null |
api.http.client.proxy.https.password |
HTTP client proxy password for HTTPS protocol | null |
api.user.login.defaultApplication |
Whether to enable default application creation on first user authentication | true |
api.user.anonymizeOnDelete |
Whether to enable user anonymization on deletion | false |
api.supportEnabled |
Whether to enable support feature | true |
api.ratingEnabled |
Whether to enable API rating feature | true |
smtp.enabled |
Email sending activation | true |
smtp.host |
SMTP server host | smtp.example.com |
smtp.port |
SMTP server port | 25 |
smtp.from |
Email sending address | [email protected] |
smtp.username |
SMTP server username | [email protected] |
smtp.password |
SMTP server password | example.com |
smtp.subject |
Email subjects template | [gravitee] %s |
smtp.auth |
SMTP server authentication activation | true |
smtp.starttlsEnable |
SMTP server TLS activation | false |
api.restartPolicy |
Policy to restart K8 pod | OnFailure |
api.updateStrategy.type |
K8s deployment strategy type | RollingUpdate |
api.updateStrategy.rollingUpdate.maxUnavailable |
If api.updateStrategy.type is set to RollingUpdate, make sure to set a value here or your Deployment can have 100% unavailability by default. The Deployment controller will stop the bad rollout automatically, and will stop scaling up the new ReplicaSet. This depends on the rollingUpdate parameters (maxUnavailable specifically) that you have specified. Kubernetes by default sets the value to 1 and spec.replicas to 1 so if you haven’t cared about setting those parameters, your Deployment can have 100% unavailability by default! |
1 |
api.replicaCount |
How many replicas for the API pod | 1 |
api.image.repository |
Gravitee API image repository | graviteeio/management-api |
api.image.tag |
Gravitee API image tag | 1.29.5 |
api.image.pullPolicy |
K8s image pull policy | Always |
api.image.pullSecrets |
K8s image pull secrets, used to pull both Gravitee Management API image and extraInitContainers |
null |
api.service.type |
K8s publishing service type | ClusterIP |
api.service.externalPort |
K8s service external port | 83 |
api.service.internalPort |
K8s service internal port (container) | 8083 |
api.autoscaling.enabled |
Whether auto-scaling is enabled or not | true |
api.autoscaling.minReplicas |
If api.autoscaling.enabled is true, what's the minimum number of replicas |
2 |
api.autoscaling.maxReplicas |
If api.autoscaling.enabled is true, what's the maximum number of replicas |
3 |
api.autoscaling.targetAverageUtilization |
If api.autoscaling.enabled what's the average target utilization (in %) before it auto-scale |
50 |
api.ingress.enabled |
Whether Ingress is enabled or not | true |
api.ingress.path |
The ingress path which should match for incoming requests to the management API. | /management |
api.ingress.hosts |
If api.ingress.enabled is enabled, set possible ingress hosts |
[apim.example.com] |
api.ingress.annotations |
Supported Ingress annotations to configure ingress controller | [kubernetes.io/ingress.class: nginx, ingress.kubernetes.io/configuration-snippet: "etag on;\nproxy_pass_header ETag;\nproxy_set_header if-match \"\";\n"] |
api.ingress.tls.hosts |
Ingress TLS termination | [apim.example.com] |
api.ingress.tls.secretName |
Ingress TLS K8s secret name containing the TLS private key and certificate | api-custom-cert |
api.resources.limits.cpu |
K8s pod deployment limits definition for CPU | 500m |
api.resources.limits.memory |
K8s pod deployment limits definition for memory | 1024Mi |
api.resources.requests.cpu |
K8s pod deployment requests definition for CPU | 200m |
api.resources.requests.memory |
K8s pod deployment requests definition for memory | 512Mi |
api.lifecycle.postStart |
K8s pod deployment postStart command definition | null |
api.lifecycle.preStop |
K8s pod deployment preStop command definition | null |
| Parameter | Description | Default |
|---|---|---|
gateway.name |
Gateway service name | gateway |
gateway.logging.debug |
Whether to enable Gateway debug logging or not | false |
gateway.ssl.enabled |
API exposition through HTTPS protocol activation | false |
gateway.ssl.keystore.path |
Keystore path for API exposition through HTTPS protocol | null |
gateway.ssl.keystore.password |
Keystore password for API exposition through HTTPS protocol | null |
gateway.ssl.clientAuth |
Client authentication through 2 way TLS activation | false |
gateway.ssl.truststore.path |
Truststore path for client authentication through 2 way TLS | null |
gateway.ssl.truststore.password |
Truststore password for client authentication through 2 way TLS | null |
gateway.logging.graviteeLevel |
Logging level for Gravitee classes | DEBUG |
gateway.logging.jettyLevel |
Logging level for Jetty classes | INFO |
gateway.logging.stdout.encoderPattern |
Logback standard output encoder pattern | %d{HH:mm:ss.SSS} [%thread] [%X{api}] %-5level %logger{36} - %msg%n |
gateway.logging.file.enabled |
Whether to enable file logging or not | true |
gateway.logging.file.rollingPolicy |
Logback file rolling policy configuration | TimeBasedRollingPolicy for 30 days |
gateway.logging.file.encoderPattern |
Logback file encoder pattern | %d{HH:mm:ss.SSS} [%thread] [%X{api}] %-5level %logger{36} - %msg%n |
gateway.type |
Gateway deployment type: deployment or statefulSet |
deployment |
gateway.replicaCount |
How many replicas of the Gateway pod | 2 |
gateway.image.repository |
Gravitee Gateway image repository | graviteeio/gateway |
gateway.image.tag |
Gravitee Gateway image tag | 1.29.5 |
gateway.image.pullPolicy |
K8s image pull policy | Always |
gateway.image.pullSecrets |
K8s image pull secrets, used to pull both Gravitee Gateway image and extraInitContainers |
null |
gateway.service.type |
K8s publishing service type | ClusterIP |
gateway.service.externalPort |
K8s Gateway service external port | 82 |
gateway.service.internalPort |
K8s Gateway service internal port (container) | 8082 |
gateway.autoscaling.enabled |
Whether auto-scaling is enabled or not | true |
gateway.autoscaling.minReplicas |
If gateway.autoscaling.enabled is true, what's the minimum number of replicas |
2 |
gateway.autoscaling.maxReplicas |
If gateway.autoscaling.enabled is true, what's the maximum number of replicas |
3 |
gateway.autoscaling.targetAverageUtilization |
If gateway.autoscaling.enabled what's the average target utilization (in %) before it auto-scale |
50 |
gateway.websocket |
Whether websocket protocol is enabled or not | false |
gateway.sharding_tags |
Sharding tags (comma separated list) | `` |
gateway.ingress.enabled |
Whether Ingress is enabled or not | true |
gateway.ingress.path |
The ingress path which should match for incoming requests to the gateway. | /gateway |
gateway.ingress.hosts |
If gateway.ingress.enabled is enabled, set possible ingress hosts |
[apim.example.com] |
gateway.ingress.annotations |
Supported Ingress annotations to configure ingress controller | [kubernetes.io/ingress.class: nginx, nginx.ingress.kubernetes.io/ssl-redirect: "false", nginx.ingress.kubernetes.io/enable-rewrite-log: "true", kubernetes.io/app-root: /gateway, kubernetes.io/rewrite-target: /gateway] |
gateway.ingress.tls.hosts |
Ingress TLS termination | [apim.example.com] |
gateway.ingress.tls.secretName |
Ingress TLS K8s secret name containing the TLS private key and certificate | api-custom-cert |
gateway.resources.limits.cpu |
K8s pod deployment limits definition for CPU | 500m |
gateway.resources.limits.memory |
K8s pod deployment limits definition for memory | 512Mi |
gateway.resources.requests.cpu |
K8s pod deployment requests definition for CPU | 200m |
gateway.resources.requests.memory |
K8s pod deployment requests definition for memory | 256Mi |
gateway.lifecycle.postStart |
K8s pod deployment postStart command definition | null |
gateway.lifecycle.preStop |
K8s pod deployment preStop command definition | null |
Specify each parameter using the --set key=value[,key=value] argument to helm install.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
$ helm install --name my-release -f values.yaml graviteeTip: You can use the default values.yaml
One option is certainly to provide a custom Gravitee.io Portal image that includes the theme. However, if you prefer to stick with the official Gravitee.io Portal image, you can use an init container as theme provider.
Create your own portal theme and package it up into a Docker image.
FROM busybox
COPY mytheme /mytheme
In combination with an emptyDir that is shared with the Gravitee.io Portal container, configure an init container that
runs your theme image and copies the theme over to a temporary location plus a post script that copies the theme from
this temporary location to the right place where Gravitee.io will pick it up automatically.
ui:
lifecycle:
postStart: '[ "/bin/sh", "-c", "cp -R -u /tmp/mytheme/* /var/www/html/themes" ]'
extraInitContainers: |
- name: theme-provider
image: myuser/mytheme:1
imagePullPolicy: IfNotPresent
command:
- sh
args:
- -c
- |
echo "Copying theme..."
cp -R /mytheme/* /theme
volumeMounts:
- name: theme
mountPath: /theme
extraVolumeMounts: |
- name: theme
mountPath: /tmp/mytheme
extraVolumes: |
- name: theme
emptyDir: {}