diff --git a/deployment/certs/ac-cert.pem b/deployment/certs/ac-cert.pem new file mode 100644 index 0000000..abaf275 --- /dev/null +++ b/deployment/certs/ac-cert.pem @@ -0,0 +1,28 @@ +Bag Attributes + friendlyName: webmethods + localKeyID: 54 69 6D 65 20 31 37 35 30 33 32 31 30 31 31 36 31 31 +subject=C=IN, ST=TamilNadu, L=Chennai, O=IBM, OU=IBM Software Labs, CN=IBM +issuer=C=IN, ST=TamilNadu, L=Chennai, O=IBM, OU=IBM Software Labs, CN=IBM +-----BEGIN CERTIFICATE----- +MIIDvjCCAqagAwIBAgIIcv6XX7l+QmowDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSU4xEjAQBgNVBAgTCVRhbWlsTmFkdTEQMA4GA1UEBxMHQ2hlbm5haTEMMAoG +A1UEChMDSUJNMRowGAYDVQQLExFJQk0gU29mdHdhcmUgTGFiczEMMAoGA1UEAxMD +SUJNMB4XDTI1MDYxOTA1MjE1MFoXDTI4MDYxODA1MjE1MFowazELMAkGA1UEBhMC +SU4xEjAQBgNVBAgTCVRhbWlsTmFkdTEQMA4GA1UEBxMHQ2hlbm5haTEMMAoGA1UE +ChMDSUJNMRowGAYDVQQLExFJQk0gU29mdHdhcmUgTGFiczEMMAoGA1UEAxMDSUJN +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/B6yQINrhcA0iWEJhsD +VubRsvuBUpToJ/rIGJNhLJuDoz6hh1RJ/mJ02ZfF+1K/99H1jJVXqbOCUh1+XKm8 +OtdNM7l749veVAFTKHliJu18FSSpmSe5UjtTe6Q2QLZU5MGUzanKFTOmjoOAjwaN +Uh79uUS6fgF8OBvBvdungmmc7WJXaqbN48wW+TlCFgct0ZuMnMdZNkNeXZ2UYKlI +h5Bd7Nt2lnyMcNyQOymveZlyP8Fw0vx2D8YRu1ht/CFyJFOLTMfc+Tbc3GuuWOO+ +vOOn+3+Ve+BGEPkmj14L/wpu/w0IkeS+Cec6FxpFDErgqCgh3C/cVodVHBa5Tb9V +zQIDAQABo2YwZDAdBgNVHQ4EFgQUI3/E5ZoUQNHWAnLqS3X11aTuhrwwQwYDVR0R +BDwwOoIMYXNzZXRjYXRhbG9nghBhc3NldGNhdGFsb2ctc3Zjgglsb2NhbGhvc3SC +DWFzc2V0LWNhdGFsb2cwDQYJKoZIhvcNAQELBQADggEBAAr4Ifrw7BLQ5udCH8iu +qia38OK3CBVLi9Sc6pbPjd4bSoYrmZ55KqRK1EzPrEDicd7NVXXvWA/oCamPlAXS +Mbbwq+jOTu/4IT9WdbnmrMTqXfNi2dgeTB+l0dfoF+kqvkQ56BL/wEeiVjH14CsF +fiblIB/abY7OQzC7/2wB3Nag/PXnDwEAEs+1N751ZlOr+TNObbaswoxfnZOQ501T +GOPN+HUKt1YXPkZ1TXNMNCxrZkxW9dlUCcqhPBwR/XSLo9ZJDT9GGqVePMP1/p9U +if4EFCfd1n4p7J14ENqPQKlilm3SicRvz4fjMNFEXLZH63TvPs1Vy3gOmroC6YYv +kio= +-----END CERTIFICATE----- diff --git a/deployment/certs/ac-key.pem b/deployment/certs/ac-key.pem new file mode 100644 index 0000000..94a996f --- /dev/null +++ b/deployment/certs/ac-key.pem @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: webmethods + localKeyID: 54 69 6D 65 20 31 37 35 30 33 32 31 30 31 31 36 31 31 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCH8HrJAg2uFwDS +JYQmGwNW5tGy+4FSlOgn+sgYk2Esm4OjPqGHVEn+YnTZl8X7Ur/30fWMlVeps4JS +HX5cqbw6100zuXvj295UAVMoeWIm7XwVJKmZJ7lSO1N7pDZAtlTkwZTNqcoVM6aO +g4CPBo1SHv25RLp+AXw4G8G926eCaZztYldqps3jzBb5OUIWBy3Rm4ycx1k2Q15d +nZRgqUiHkF3s23aWfIxw3JA7Ka95mXI/wXDS/HYPxhG7WG38IXIkU4tMx9z5Ntzc +a65Y476846f7f5V74EYQ+SaPXgv/Cm7/DQiR5L4J5zoXGkUMSuCoKCHcL9xWh1Uc +FrlNv1XNAgMBAAECggEABxZxwHM79Vy7rTlJh5cW+Hv2aQeV+ZFL/XGk5ysgAOxm +06cbUuwBI6NMhl/UccMhwTEQRXEv7egvHkrtYLV02/iHzO+Z1wqKsASVqmGRzYfK +VWvg79xTXEc9lg+8yGj5SigRsxtsLujPgVS36j0kNyjof7Vmp9U5/c7srhJ6zGDT +2rtFukunDJJwcGYZcFPmPuuvfIsJHpR7ci1KAx5rV/qijeT6A1M/4PYeVQKZQv2j +mikPOpg+2J5SeYlwRTrSHeemPU0COk+Z8dmIcHbR3ducfnKnRDaBpkzL9vUcuw4U +EYArv31BioG7HRF4DUUUI0BHpn4DdMOodATNZspvXQKBgQC7jhDvjTwow0WgcHF9 +oDvCyA/zXm7+D/aje214TOpECnG/0d73FN06Me/mhsfZ/+HKcNA5ZiOHXCbJ+h2/ +ahrXH7mw7WpWFOm4B0EXwuxkHSnGGwGu0gO5k9nupuLGjihLgTSd3pIZj6Sh9gqy +R0bTdtQbMtMHUfIQ2ek93Keh6wKBgQC5jFXKpCZK6DleuNadGGtnOtj1wIQiY7BL +za4JBFr3H4v1y+gNTm7CFbgMI6SRGs1DSAmccU6ZFC5Lb7kpFrORmUJC45RnQHcU +ZDoTLVvyNdQ6Rwurj+GnUw8EFQ2Jmu1xNvQeTtr+ZhYe2XgTucSjmzuvP2Bunpvr +DbcAwQtBJwKBgD6rB4mjfXh5Vuh26dT6Fz3ML1g4M4n8t4KEmV1bBePaQYvAimmw +tQLe8LPsURbMYxuLemfTcweliOhwBESTJYi/9wHhMmi08CsncV6JKQeCnxSsrXFG +hywY9PbDGH8TvO8NqxEc72BPGMltNsG/AzFhQRodb1nAzctHpKGg+volAoGAJtDS +ybeZQyZdihFE5ExNe6T16kNB4SfVo6X9eGlu1i/FScBEZTQ5O2Trwa5bKPfgZOjX +CeEyPhfYr3NJ2uyi2BylnfSaARedUai99XERwRO9uAtQx60r2aMoiwQUdurwLTT/ +0K9SZNHaYs2/rvC30DoTPFAXzkxj9cJCvGemARUCgYADcUWoBOd6xtBlz9qPEd5/ +edY78NSd0QVG7Y2n6nLUzhU5bG+k2PgEffb/QSSlVk8qB2/c1REvHS/v5Gq9Yjrd +upmhw+L8M7SmwGuF0uoKbD5oYzWKe/3M7GZOyZr5sbCGnWY3z0hUSQcpVBKsi2vA +4WYuCvg+FqFx+a8A4o7kbw== +-----END PRIVATE KEY----- diff --git a/deployment/certs/en-cert.pem b/deployment/certs/en-cert.pem new file mode 100644 index 0000000..d77525a --- /dev/null +++ b/deployment/certs/en-cert.pem @@ -0,0 +1,27 @@ +Bag Attributes + friendlyName: webmethods + localKeyID: 54 69 6D 65 20 31 37 35 30 33 32 30 39 39 35 38 37 37 +subject=C=IN, ST=TamilNadu, L=Chennai, O=IBM, OU=IBM Software Labs, CN=IBM +issuer=C=IN, ST=TamilNadu, L=Chennai, O=IBM, OU=IBM Software Labs, CN=IBM +-----BEGIN CERTIFICATE----- +MIIDpDCCAoygAwIBAgIJAKg/azK8EnDqMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV +BAYTAklOMRIwEAYDVQQIEwlUYW1pbE5hZHUxEDAOBgNVBAcTB0NoZW5uYWkxDDAK +BgNVBAoTA0lCTTEaMBgGA1UECxMRSUJNIFNvZnR3YXJlIExhYnMxDDAKBgNVBAMT +A0lCTTAeFw0yNTA2MTkwNTIyMjhaFw0yODA2MTgwNTIyMjhaMGsxCzAJBgNVBAYT +AklOMRIwEAYDVQQIEwlUYW1pbE5hZHUxEDAOBgNVBAcTB0NoZW5uYWkxDDAKBgNV +BAoTA0lCTTEaMBgGA1UECxMRSUJNIFNvZnR3YXJlIExhYnMxDDAKBgNVBAMTA0lC +TTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANNmavv0/e6z5SyyKlya +yMlWESO2pFnxy+wYeOf6qBhJIKN8M2Aj2Yi8oOTlyHCDoGaBdEPUDublWsze+iBs +Cl6VTg7E2me1RRYKhUyoN0m1Hfk41ClEI8aa5mUnn3ELp416sdHSbRc0CZHZ3w+C +GYB4Nu0F6Q/FKgqZ+qLizSGWNbE/YXXQHuSw4P9flZsh9IAnGahfZ6aVA0vO1zX8 +llNx1ATXlWv2IjRkWbNSdq/Xf74b0ajZ575UI7EtIDH9bWLab31tqLvLPOOHwqzp +J2bI05CGfLPyg6bf0Ev2z0H8FkthLKgxd0qSUtzReegUSFna4KB956yFKTEpmwqf +Fz0CAwEAAaNLMEkwHQYDVR0OBBYEFBoBOtcQdrDTgQXIz1087ZOqbw/SMCgGA1Ud +EQQhMB+CBmVuZ2luZYIKZW5naW5lLXN2Y4IJbG9jYWxob3N0MA0GCSqGSIb3DQEB +CwUAA4IBAQBi1oTrFD8trPSGrTWpy7cfJxZh0GW0hDlCUBsIMn74nOetUgwSbUqQ +anAgpr84kIdtlMPNhIPG8gSydecWgpbfubdShHahKSWD266bWHaEVXn70AyHxmw3 +VZqDZPPS+O+i03sjjs6tFhhwQL5otVfr/V7/flxkoghuZ/ChqFt+bOG21Mm64OZV +Yqbc3tfJW/oMEYpmPgO+Y7l4dPmH6XoST9jV5M2r//uihJKlVWObtgVDvToq5S6L +u5fall1JvIKBT50TtZ36EQq4Dh/SPxnZpaKju8LjQIwJOluRQFkMBsTh7Jmys5XO +POiuBLd7Vyu+a/E36ti09+0atIUSjyUW +-----END CERTIFICATE----- diff --git a/deployment/certs/en-key.pem b/deployment/certs/en-key.pem new file mode 100644 index 0000000..7c53fd6 --- /dev/null +++ b/deployment/certs/en-key.pem @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: webmethods + localKeyID: 54 69 6D 65 20 31 37 35 30 33 32 30 39 39 35 38 37 37 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDTZmr79P3us+Us +sipcmsjJVhEjtqRZ8cvsGHjn+qgYSSCjfDNgI9mIvKDk5chwg6BmgXRD1A7m5VrM +3vogbApelU4OxNpntUUWCoVMqDdJtR35ONQpRCPGmuZlJ59xC6eNerHR0m0XNAmR +2d8PghmAeDbtBekPxSoKmfqi4s0hljWxP2F10B7ksOD/X5WbIfSAJxmoX2emlQNL +ztc1/JZTcdQE15Vr9iI0ZFmzUnav13++G9Go2ee+VCOxLSAx/W1i2m99bai7yzzj +h8Ks6SdmyNOQhnyz8oOm39BL9s9B/BZLYSyoMXdKklLc0XnoFEhZ2uCgfeeshSkx +KZsKnxc9AgMBAAECggEAIkADsVKeGaB3zugGyP4i7cvN9xVOR2xPd673V85akaS3 +bwVeZYMpaWf2QV+hO+l3gWQT7DFdQLeEIJE3wSz/+RcDkI0APbE2wj1uH19Zpc18 +T7aPWSg7C6BpF5Z11KDowplQWghXuFyr+D9uTlrrus6/R2OfwPhWuWT9IIrSZVBf +N5hLAeigLEMbK55MbfwNOwrLk2/CWkfV+F70nAsUzTLSdW4Ffe3Qe1AbeyV+mODx +Nz6ZkpFXM5xhc9TxV7IgNgta9LqLI8UO9CiURWKl92A6nhUB56yBuZn4iIXmWqlp +3929s3frJ3uICH4hczbwpLoSKW5ZvVJtJ5tJk6ejgQKBgQD9NHo4I+2AsHUbct0t +CLS9AzqAt3ZjIH0T5X00Svq5NpsTSj8KrYi72Y3lPxsd2sPfi9kR3gPXCIog4i/u +M1cRBY43jo70KSfrkd+xp4zGfQkNVUgQnXujgELOurAAZeDKDzd3a8CH3ek5K0rh +E9iBXSFe1ZQA6bcwHFL7DP7AkQKBgQDVu842VZtlI2wNt3x57KJ4dlFEEXmJwTTo +yd7yEje0gTGbi5Hdie63Sf6mt5qvtz1Vc2kQfAXPAvOAtLMZ3oxTAXL2l8vzcbLs +adN0QjE8v1vpLvTvbDCJfzNmrET0XIWof0tgPkheAeKKxM9QaxrAANq1i3GczKMw +ufsyBsJB7QKBgDouW8MYplNCuLYE78OQU4929XNsNJzUc0kmG13vuKrkXD/TeKbo +dxnLBKrflEiI4yczyD4tyK4ZfTvPHXpbe68imqozbK+34T9k9oSo3lUhl/njVbrT +pPxN1YwRI64DuuJTGsirDsNpf1SumPcdC0u2bZuP8gE/suMwLvUW6FaxAoGAUhOH +0ee3//PFV9MhcvTDQ300Ie6P/K18MvTqr4z9ZUzDjxbe0fNY/3vj1YPmXBoC7KCg +NRtbY66fccpyiLmkq2+ABWAvivIbopvU/u04WTqnAfntR1AFp5d4VrJK3If3L8iK +WpAwXCFfLKj9b8VhhWAOnO7Kl0siU+DnrMNZr9UCgYEAxtqjmm3Zl9h5BjE7/T9Y +tyAOyGAaMhawdlq+s3UV79T8eMZ6hBGDMPsUWXl7I1t9zRUtra8LW6UnTFYeZB0n +eOSOqnu3GPcmJitZqPRl2G+TUkdhSQocv/kNfgeZKyeWStAqDnHn9QF7cpBI7Wpd +X6y7rOqVVCei81x383Mh1WU= +-----END PRIVATE KEY----- diff --git a/deployment/certs/in-cert.pem b/deployment/certs/in-cert.pem new file mode 100644 index 0000000..16843d2 --- /dev/null +++ b/deployment/certs/in-cert.pem @@ -0,0 +1,27 @@ +Bag Attributes + friendlyName: webmethods + localKeyID: 54 69 6D 65 20 31 37 35 30 33 32 31 36 31 33 32 38 38 +subject=C=IN, ST=TamilNadu, L=Chennai, O=IBM, OU=IBM Software Labs, CN=IBM +issuer=C=IN, ST=TamilNadu, L=Chennai, O=IBM, OU=IBM Software Labs, CN=IBM +-----BEGIN CERTIFICATE----- +MIIDpjCCAo6gAwIBAgIJAJTAdJ7AJ2sfMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV +BAYTAklOMRIwEAYDVQQIEwlUYW1pbE5hZHUxEDAOBgNVBAcTB0NoZW5uYWkxDDAK +BgNVBAoTA0lCTTEaMBgGA1UECxMRSUJNIFNvZnR3YXJlIExhYnMxDDAKBgNVBAMT +A0lCTTAeFw0yNTA2MTkwNTIyMTZaFw0yODA2MTgwNTIyMTZaMGsxCzAJBgNVBAYT +AklOMRIwEAYDVQQIEwlUYW1pbE5hZHUxEDAOBgNVBAcTB0NoZW5uYWkxDDAKBgNV +BAoTA0lCTTEaMBgGA1UECxMRSUJNIFNvZnR3YXJlIExhYnMxDDAKBgNVBAMTA0lC +TTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSKRWITRq7QIrrnUtAp +dAszIzpTdGDWaHvXb1PEXyzd11TMkkvP9NHiZUWkiOesS/iSI66gTE3kPGbdwm0b +cNys/I71tFwW2IG+kVc4HGdV8h1v/o1TFVUNrODJDsZ81agSRYhCWeoZPJ1TNkfi +jPr4+MxjgKX0lnVB0dElAv4iin9kbaodPsGtz7ts20MUQFgU2NJncvqY9nKinOP5 +qpItmfdmQCcoC7jeFfTZXNkgov3XIjk9XzIjYjYRTYp7kvuByhHIVa1AiJpGglVx +mJpmdoihyZcEQOinnr4i3cltFiWgJe59TBXRCnPNoZMY/+jY+Lluf5BOFJsil227 +6EkCAwEAAaNNMEswHQYDVR0OBBYEFIdBPu+LeYmAFspbRFGqim1chKBGMCoGA1Ud +EQQjMCGCB2luZ3Jlc3OCC2luZ3Jlc3Mtc3Zjgglsb2NhbGhvc3QwDQYJKoZIhvcN +AQELBQADggEBAHNMr+j8kjXQFSxiC89ZtqY8fTFbrUpLt4pAqXDGOwoTTWXwHaXw +QE/u/H+Rqm73Ab3Q6Ywq0dOYzy3t/t4D2ooBpkTIdXjvXnWCqii9hXour5bN0n9M +toOI8sGPyi4bSjxnzfnaK06z5WapeeR2NF93oUV+bu+jubbl+ApkUHXxEryMUyJJ +d42ss0mMoJawwkqFCf+6t7s0KYI8gjduLRkpZAEI85kyn+uFYjOPYnPrC88oBzbP +8wieMHFy7zhG6NCc5zlmnmUVozfiFs75XIIJJw1B3gvUk9WRu6R3WM6xLZMPv5cm +5j/ALGMNV21+q5j6sRhg8Pnxcla6gz5Cgrg= +-----END CERTIFICATE----- diff --git a/deployment/certs/in-key.pem b/deployment/certs/in-key.pem new file mode 100644 index 0000000..efb0a72 --- /dev/null +++ b/deployment/certs/in-key.pem @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: webmethods + localKeyID: 54 69 6D 65 20 31 37 35 30 33 32 31 36 31 33 32 38 38 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCUikViE0au0CK6 +51LQKXQLMyM6U3Rg1mh7129TxF8s3ddUzJJLz/TR4mVFpIjnrEv4kiOuoExN5Dxm +3cJtG3DcrPyO9bRcFtiBvpFXOBxnVfIdb/6NUxVVDazgyQ7GfNWoEkWIQlnqGTyd +UzZH4oz6+PjMY4Cl9JZ1QdHRJQL+Iop/ZG2qHT7Brc+7bNtDFEBYFNjSZ3L6mPZy +opzj+aqSLZn3ZkAnKAu43hX02VzZIKL91yI5PV8yI2I2EU2Ke5L7gcoRyFWtQIia +RoJVcZiaZnaIocmXBEDop56+It3JbRYloCXufUwV0QpzzaGTGP/o2Pi5bn+QThSb +Ipdtu+hJAgMBAAECggEADw7Nzg2Jcaz+ik8rK1g6b+y3DmF5p5vwo1ZBbj7WzZ3v +B2UGExqhlTnDvam6aa7jFC+fX6NXHOHNWDm0jRo2KJ6+KxFgH2I/ADcU9YAmC/kv +1jldVw8EN3cvjml/XpJ218cDZrbgNc2pYgL2mpauJz6APTr8hoZLDte1aQPdH+0x +rYtplBVuMa6bUylUULH66SO531FdAXR1CjwK6VKGEqMat03OutTVLCy7uV1+60Qu +fwsqMXzHRbTehQfKdtKHjtMMlqgETEgrGF570Nl7LCr8qOOplKKCFyW2k/pKih1c +Sr3Fmzn7gtHKGN/YAu+Zz+H+sOdGcrplMgVMIXdiUQKBgQC/vl4WwCASYIVzmj9X +t0RDteSonYsa4g5o3ReyrhY9Rv9MNsg631p6hIMX/ukxamUgS9mBRE9m1WCXuCr4 +YzWKWf1l65T7SsKr0EFZoMHSfn+1dFFWVwtIqfs2cnDyKI7VP9bh6fww/8R+Y/LC +hdHVoY35r/6eoLt3ComiOzWymQKBgQDGUXyrj9rM+gbF6/eXpl6kaXs8bLSanHOM +iBOxQkPNbYHSBqGS8np+jKI+aJDe98HkYLpJpi7sGsRy5m2kYMoWM0KNDczbR/ow +jw+0hS7a/jhJlUW7+/j2Be5pLylR06sb73+4qs9i7eLHxb0ZY9Qtai2ARXzLAWj0 +Vc0LREchMQKBgDne9v7e1c82GpEdiOisg4n8KBtMEWP3vmmf8TsYl9W+y+bw0dYS ++3fm7robUb58YjExM2B0gZKD7DdeenmlV89+AaD1TW3azo6UuGSYxGcHjvvxM2tf +siQoSY3RVI2B+Docnnpo6JjRWTjcabSUNxTHQdaOa8bstCfloky4mihhAoGAKeee +CEJlYVqTg87QimLFLMh9Gc9+eg0E/XTjdFkkKowxGkf8bCiAaa0du0ItGnAPsEog +Et/imlEtoXm/QTSSfw5lyZhY6RzUaN5R2zspI20ER8ga7BXaDWJDdkZY3Ml1Jnn8 +6vBs0eKiQMQvqOXHN7Fv2+LS87JgkwBuSysqPIECgYEAry5xN/XDZVWroFpgSaeU +a6QTXlJkI5/LO/o/xT8qSKErO/n/Wf5TLkyISmxeC5oTr6SJzFo2eCpZJ4RyJgG0 +v8+QZtoTWLYYXYncqhh2teyyFJYWJdKTqp7YRKIwvpHmpGkQ6p7ysF14diEOXJAK +RZE/ciADe3E3qOmHZbtOZ5c= +-----END PRIVATE KEY----- diff --git a/deployment/certs/jwt_keystore.jks b/deployment/certs/jwt_keystore.jks new file mode 100644 index 0000000..c15a01a Binary files /dev/null and b/deployment/certs/jwt_keystore.jks differ diff --git a/deployment/certs/keystore-ac.jks b/deployment/certs/keystore-ac.jks new file mode 100644 index 0000000..712a633 Binary files /dev/null and b/deployment/certs/keystore-ac.jks differ diff --git a/deployment/certs/keystore-en.jks b/deployment/certs/keystore-en.jks new file mode 100644 index 0000000..3c7ae0a Binary files /dev/null and b/deployment/certs/keystore-en.jks differ diff --git a/deployment/certs/keystore-in.jks b/deployment/certs/keystore-in.jks new file mode 100644 index 0000000..15b3a78 Binary files /dev/null and b/deployment/certs/keystore-in.jks differ diff --git a/deployment/certs/keystore-nginx.jks b/deployment/certs/keystore-nginx.jks new file mode 100644 index 0000000..7c0f8f2 Binary files /dev/null and b/deployment/certs/keystore-nginx.jks differ diff --git a/deployment/certs/keystore-os.jks b/deployment/certs/keystore-os.jks new file mode 100644 index 0000000..a970c7b Binary files /dev/null and b/deployment/certs/keystore-os.jks differ diff --git a/deployment/certs/keystore-ui.jks b/deployment/certs/keystore-ui.jks new file mode 100644 index 0000000..81b5232 Binary files /dev/null and b/deployment/certs/keystore-ui.jks differ diff --git a/deployment/certs/nginx-cert.crt b/deployment/certs/nginx-cert.crt new file mode 100644 index 0000000..08ffdfc --- /dev/null +++ b/deployment/certs/nginx-cert.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjzCCAnegAwIBAgIIJp+BBRbOd/gwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSU4xEjAQBgNVBAgTCVRhbWlsTmFkdTEQMA4GA1UEBxMHQ2hlbm5haTEMMAoG +A1UEChMDSUJNMRowGAYDVQQLExFJQk0gU29mdHdhcmUgTGFiczEMMAoGA1UEAxMD +SUJNMB4XDTI1MDYxOTA4MTYwN1oXDTI4MDYxODA4MTYwN1owazELMAkGA1UEBhMC +SU4xEjAQBgNVBAgTCVRhbWlsTmFkdTEQMA4GA1UEBxMHQ2hlbm5haTEMMAoGA1UE +ChMDSUJNMRowGAYDVQQLExFJQk0gU29mdHdhcmUgTGFiczEMMAoGA1UEAxMDSUJN +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzGNFROOg3drfINtMOEI +fj5QzjrP+nnAufH8RcFg+p7XknuAr+VxLtGBfOj9JacB/3w92Cb9nube9U9XS/f/ +J6lCwimWopPNeL7vtzIgZ9BE7J0drrsABFKWPByubGNJSJ2jzyNiA/Xn7ld2ufWo +7eULERHLxlmyKU3RjzPOPWS13lwCbl4O9k5eJSl7+mMLlPQHzob46leOdgby/Qrp +ouPnbXvzRjrAh2HuXzjV/ES6UcJFc85SBQnSS38Yox5NJH6vjav1EPhW2EI9KQym +KuJvNYbUyq2av2/QfjdjF5LoLhv2vs+A3EjC9JGWcf/dKXnUBOwDfk0+Z0pg9oqm +WQIDAQABozcwNTAdBgNVHQ4EFgQUoj+98ELTunt5cyDYcj57pPN5t7owFAYDVR0R +BA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBAQAsV6sFM/R/KFccdtWJ +GappyMcc/OsxEV5Rao1zw9ycOWcBwCjPRtRTLXwX9JWEseWAtT+rpv4HKAuJyjXa +KsQGx3TUy+4m1gz/+D3mkXV/2UsAiAMgHCiHfAU6a9ADn4nJc64FEvWoUU6mY6Ry +nP2L4j4fLgxYQ5pEz7HhgI2l9pl89m4QdaLfPsFWdOMUtZkD69zBSsKOzaaUNcsM +rhoekHamRSPhArSU+nEiR1Imhza32BCXyM8kvae8wlxLnmHEca44MG/v4l1SI07a +sWt9YoTcPOQqiTMU/1ixPjupB1j1HOAYnbEHLaSloYXyWJfs+zhNVhcGCE9NCU9w +zLKA +-----END CERTIFICATE----- diff --git a/deployment/certs/nginx-key.key b/deployment/certs/nginx-key.key new file mode 100644 index 0000000..a783bfe --- /dev/null +++ b/deployment/certs/nginx-key.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/MY0VE46Dd2t8 +g20w4Qh+PlDOOs/6ecC58fxFwWD6nteSe4Cv5XEu0YF86P0lpwH/fD3YJv2e5t71 +T1dL9/8nqULCKZaik814vu+3MiBn0ETsnR2uuwAEUpY8HK5sY0lInaPPI2ID9efu +V3a59ajt5QsREcvGWbIpTdGPM849ZLXeXAJuXg72Tl4lKXv6YwuU9AfOhvjqV452 +BvL9Cumi4+dte/NGOsCHYe5fONX8RLpRwkVzzlIFCdJLfxijHk0kfq+Nq/UQ+FbY +Qj0pDKYq4m81htTKrZq/b9B+N2MXkuguG/a+z4DcSML0kZZx/90pedQE7AN+TT5n +SmD2iqZZAgMBAAECggEAB4EOIMTk+8942kj9ROUcNHpFKScBSTs0n4e6J1G8+PE5 +lFABH8ZBYD1MWAb8ApmQuEKb2ctD+pPkrduomTx5WQjpbB3+QdDLyICz/2x5/aEc +x22uP9CqokDMkTzt8qad9nnrd0KUAwRIj2AC8q8L65RpEAkzBoy4M6tQfY6iumGT +RoF3F5m+l9pHKyMba/f7ijClWoNUfNpPWqjSdK4eYznPdkPvS/bVtafQ74VFdWVa +HIw5kzeW9TeE+TkqXJPaPowXugRLFoVEAiTVxMphWu978duS84PfbuMshcK9ZRCg +Bk4E8sLtc5VdoBtlv+7qhPW+yjxw9COUMGad1l9FQQKBgQDCAUSOPfHczghpVuF3 ++VA5Vvel+bdVxkrTvJmwbuwakfHLIQ7wU63pUj8s/fIH9zIsG6O/ZNlVbmrcrylw +Km2Y5VN/wvetyUdJ+tmAc6HGH/F/w0aVl6rw+2ulaPAxjdTViIQOwikNrAGxRip6 +rtFAqM/l4iBCqbtaZQlCMGYd+QKBgQD8SkuFGgVrGaGXNk5UXLHVojZzLrAJ1MY4 +mZyFtWZic5Q3T8uHLMIrCEw5DHY0fN5BSh1qq5dK4g/swPhrtn+B33FsV1RNXpi9 +GwepEKp7MZjkw2LGl6vb0zuWTTWP9K3EVCD5mXy0E7UlfTxaNJ9mv0mkF5OT/KZc +ItFn7NJjYQKBgQC/r+T+7nG1i9V/z5pDopEDtsxGsG/XTm/MugLY8yBSOHXCEM3j +46poaR2G5Ptpp3NpZX3rtEeRQ+JOXrwA2cskUSKpkAiNK91GWZbidl4XlqRVaqqp +UAxUwvbfnsoFDHCI87QXqPxLR/L8J6n9QhH7Y1DXgRADDhXSARae0Zd0cQKBgQCX +sWA5Fo09eTrUvZ1ZUibHKfKNTPwh3SKWM56OMqTt+0qZ+0uH6lyRHTsfbiPAqXfF +T/fiBGxCZSxoERsNQLzn7N644sVYg9FYmuD/QXsP+aFRoz1H5Tg7Q4XneGMFPHwi +uObezO/TIqpfcS6RmmRhlhCELnzYlSe97F12nElf4QKBgQCyPSTQe5LtnHCpIHsl +q6gbQzS3OhVKywBuuO0neoKgwhWQGcEH3CjvmKFhrVIKPDJa4BZ69kWYGoH5mZ7+ +tk/kCKtf1qyKQLgu+6yrliEcIlcVE1jYWPCASsUhgSeL+3okwsZeEUG4BZo7CV+y +0AfhAvoc75ViipbvswTcbDPznA== +-----END PRIVATE KEY----- diff --git a/deployment/certs/os-cert.pem b/deployment/certs/os-cert.pem new file mode 100644 index 0000000..880f3cb --- /dev/null +++ b/deployment/certs/os-cert.pem @@ -0,0 +1,27 @@ +Bag Attributes + friendlyName: webmethods + localKeyID: 54 69 6D 65 20 31 37 35 30 33 32 31 37 36 31 36 36 39 +subject=C=IN, ST=TamilNadu, L=Chennai, O=IBM, OU=IBM Software Labs, CN=IBM +issuer=C=IN, ST=TamilNadu, L=Chennai, O=IBM, OU=IBM Software Labs, CN=IBM +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIJAJv2DBe+lLawMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV +BAYTAklOMRIwEAYDVQQIEwlUYW1pbE5hZHUxEDAOBgNVBAcTB0NoZW5uYWkxDDAK +BgNVBAoTA0lCTTEaMBgGA1UECxMRSUJNIFNvZnR3YXJlIExhYnMxDDAKBgNVBAMT +A0lCTTAeFw0yNTA2MTkwNTI3MjVaFw0yODA2MTgwNTI3MjVaMGsxCzAJBgNVBAYT +AklOMRIwEAYDVQQIEwlUYW1pbE5hZHUxEDAOBgNVBAcTB0NoZW5uYWkxDDAKBgNV +BAoTA0lCTTEaMBgGA1UECxMRSUJNIFNvZnR3YXJlIExhYnMxDDAKBgNVBAMTA0lC +TTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4wpNRJl0tBJwZtTmZY +nNI6VI73yTjRwJr8a6A7ZMGhsa+giHqn1Quk2N10fWMMd8mBf5gybKKvv/Z4N3x5 +ik9ThOFu/2myS4f137j9Skk2Sp8rQuWnpwgWAfXGHeb4gPucnVnhTRcwIk+9OuTJ +AoEPlR8VCrnjndhvGIxT9ph//e7KYI/m2+vCryEbZ0OiBDXyAraIeBWqqeumryjl +4HlkT0H3cUsHlJGXcg9lWWKFgYqSIhAZPVFuypBXz13C2zU1p+Yhm2dyLLjGWZbR +0vKYXzqYJF+pNvAvbBHJlGT/rCL/rQ9yrqsNVnM7OfqP3Xf35X47wP8qz/C92cZ1 +Xa0CAwEAAaNeMFwwHQYDVR0OBBYEFE6RygAwnHKH+Z30uJwxIMLrBnPqMDsGA1Ud +EQQ0MDKCDGRhdGFzdG9yZS1jcIIJZGF0YXN0b3JlggxkYXRhc3RvcmUtbGKCCWxv +Y2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAuJnrOCPFaPIMyN7mPlNQM8AL6rT1 +0Kj6VLbE1AzKkecrBtmGvH98bZvv2Y2gAHKL/DiwTF98MSam5K7sXo4YZxro25Mp +2shHrUulXEk3ZabuvGw0/58nYWSoW6hX1jr1qNFn97QjwCoXyw6kHVQrvXWn0z5i +9TCCGd80kMTPc2dNFTaEyDwqpQv+1cuVSewUpAn6AfP/V6/MAkVlmPg0nrCi0oTU +lyzTthN47Nv4/84ao/KbiRBL0Uk7DGDW3iwJlWm91q+YmvA1IgCg40bA19eDZVaM +cMOnxojuvyGyDaC80A/YosGwbPV+4kkrRpiR/gieXBDLKGlSQgHY6AleCQ== +-----END CERTIFICATE----- diff --git a/deployment/certs/os-key.pem b/deployment/certs/os-key.pem new file mode 100644 index 0000000..350a572 --- /dev/null +++ b/deployment/certs/os-key.pem @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: webmethods + localKeyID: 54 69 6D 65 20 31 37 35 30 33 32 31 37 36 31 36 36 39 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+MKTUSZdLQScG +bU5mWJzSOlSO98k40cCa/GugO2TBobGvoIh6p9ULpNjddH1jDHfJgX+YMmyir7/2 +eDd8eYpPU4Thbv9pskuH9d+4/UpJNkqfK0Llp6cIFgH1xh3m+ID7nJ1Z4U0XMCJP +vTrkyQKBD5UfFQq5453YbxiMU/aYf/3uymCP5tvrwq8hG2dDogQ18gK2iHgVqqnr +pq8o5eB5ZE9B93FLB5SRl3IPZVlihYGKkiIQGT1RbsqQV89dwts1NafmIZtnciy4 +xlmW0dLymF86mCRfqTbwL2wRyZRk/6wi/60Pcq6rDVZzOzn6j9139+V+O8D/Ks/w +vdnGdV2tAgMBAAECggEACt+3HNgUSV4xQAHR4LIiTTa+jOoH3DLJ41KZSLD8osF+ +6j6wburXmHHVYFv/q0EUPDYmOGpxoZ+QxyO6cGh2ivCIgWcaPU3PWbeqEeaRb7wl +6hHMIltChojTldy86u68WSZsLK5f/Ppoi8yS6G/Br+VXLk7CrTwhUzWO3r8SM0fM +skKneI/XVgFwl/spwXffWbF2EtzTgJS7gKOtDOZPTewhKgYnNjAekG/dskKPFw0v +nGw96pZjm3EXywXNCSYylIL/SzCfXFTvVWkFdnF1x6qyRtamxFA81+xsn6/Qx4GN +16XJHv5235x7mZiO5jd2HpM8iRWeSa8k/42cjJnCVQKBgQDERKVxlYqPxsBfoDeV +VYhnRrq29VGXw6NFOzejcMtn24hSh+9wUsu4C9vSgqAspa7+qIz6MB4gg+x1vbrN +up7Y0CcCOG+Que8ptidwy8az9xpLv5vKs9FUKvUI6VlEVjZTmLAgE6JgpCwX0WyC +qpm6n3o+2B+IbzQdCpZKivPf7wKBgQD4EnJtoYWAjrepqKtnlDbvbY4Ude5cxii6 +ebI6EevcsQcpDoXnZOkSqcb0mfBUdX3abeJJ6R12/5vvkAca/OYg9EmfLNjhAUDm +SqzshOH58Y2oP2oZ7gveHRItUCv1pYyEHZGQnqbXwetXfuJtVfL4amaefygVWzCo +MXimYP5AIwKBgCU8qO794kYY/VKnQSRyD+kYQECKFqrmkUmHTK0Tr2PLAPg3ljQH +YWNPzKsJ4X3XCXaDYAvvqSeeH/TOxGxX5d9Yzq3bKz+YJ0oQpzb9Unu+fBy3A8XX +i/WeGNNSAn+2o6QEqhXL49jWDQ+PyjiYSYZgz36w3nqyLn78DTujVVW9AoGBANcD +DiENhWvWx0OKyP2ezjqZpzL+wFmy+ywdPKfuTpNa8MzaJJ9ZrFYbxzDMmCxsJWgE +I8VSAtLYW2y5Vh9DIadgdMs9EMF816aDBPx/dGmxvskcJbdRxwF+Cvoxadig43jD +NB64E/4fuv58IH8Jpu0/M7Cen7xa7IJrVppGqTgnAoGAK0t1d8ttkjTneLtFAYtp +nrk8uDZ5dYV4M5b/VIsCDCeQ8QxmdoTk0jEAXfe0Gi1CkCbFHyghSsi/Oebtv4le +9pF+rYonx/4cldwSmR0AbF3paZAc1r0yIOHM0p1T2EWxvToznFwhCXtrirjnzWVg +NDEEwDUtH8Z8H42xaRpV4aI= +-----END PRIVATE KEY----- diff --git a/deployment/certs/truststore-ac.jks b/deployment/certs/truststore-ac.jks new file mode 100644 index 0000000..ce7105c Binary files /dev/null and b/deployment/certs/truststore-ac.jks differ diff --git a/deployment/certs/truststore-en.jks b/deployment/certs/truststore-en.jks new file mode 100644 index 0000000..b0d6d26 Binary files /dev/null and b/deployment/certs/truststore-en.jks differ diff --git a/deployment/certs/truststore-in.jks b/deployment/certs/truststore-in.jks new file mode 100644 index 0000000..aaeb19e Binary files /dev/null and b/deployment/certs/truststore-in.jks differ diff --git a/deployment/certs/truststore-os.jks b/deployment/certs/truststore-os.jks new file mode 100644 index 0000000..4e9a5e6 Binary files /dev/null and b/deployment/certs/truststore-os.jks differ diff --git a/deployment/certs/truststore-ui.jks b/deployment/certs/truststore-ui.jks new file mode 100644 index 0000000..1521eea Binary files /dev/null and b/deployment/certs/truststore-ui.jks differ diff --git a/deployment/certs/ui-cert.pem b/deployment/certs/ui-cert.pem new file mode 100644 index 0000000..1050241 --- /dev/null +++ b/deployment/certs/ui-cert.pem @@ -0,0 +1,27 @@ +Bag Attributes + friendlyName: webmethods + localKeyID: 54 69 6D 65 20 31 37 35 30 33 32 31 30 32 34 37 32 32 +subject=C=IN, ST=TamilNadu, L=Chennai, O=IBM, OU=IBM Software Labs, CN=IBM +issuer=C=IN, ST=TamilNadu, L=Chennai, O=IBM, OU=IBM Software Labs, CN=IBM +-----BEGIN CERTIFICATE----- +MIIDmzCCAoOgAwIBAgIIHtkfloKwRs0wDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSU4xEjAQBgNVBAgTCVRhbWlsTmFkdTEQMA4GA1UEBxMHQ2hlbm5haTEMMAoG +A1UEChMDSUJNMRowGAYDVQQLExFJQk0gU29mdHdhcmUgTGFiczEMMAoGA1UEAxMD +SUJNMB4XDTI1MDYxOTA1MjMyNFoXDTI4MDYxODA1MjMyNFowazELMAkGA1UEBhMC +SU4xEjAQBgNVBAgTCVRhbWlsTmFkdTEQMA4GA1UEBxMHQ2hlbm5haTEMMAoGA1UE +ChMDSUJNMRowGAYDVQQLExFJQk0gU29mdHdhcmUgTGFiczEMMAoGA1UEAxMDSUJN +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGvVnci/Hu+X6UD1/KMt +DUeFO0Lq7YRvGVsQiaratDvIaT+sHp37R4uDauOV+K0ErlQSxoi1yxDnG2W+vyTT +pZNMuM2Mh6ii42l/18harNxILEfglJ5sKX9OSqYiP5eAfdDS6WungtSlXb0LPBzA +9tgwoTH/m058+azlOoKWGLZW5/aFKcQaUr+5UneI5CzfXkyhD/OBt2MBcsDOwtY/ +UxbrApr1wFGduPg6eECNrhHUJetRHEq2j/8BgH67igZaOj2dAUhKIQOxh0xmj9Ae +ouSFm4+fq1EEqyHZkntmFOKBWyBV5u01GFavIagWEVL95RD4c0ARa6bI6C3w7wa/ +TwIDAQABo0MwQTAdBgNVHQ4EFgQUIO1NigCtFruzZKQgWd4uyW8xdu4wIAYDVR0R +BBkwF4ICdWmCBnVpLXN2Y4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBAQCV +a2aJo3im5Lutx3Eqgisit+prpEvR02P4occYApI7/giPCKDpgMO7HSuk7YSwW9x7 +hKQH1Pmf1jSgdDU7GK9Nub9IxyIaLTquod+CIKhP+JWhtAWbo7O1FAbfoi1ZAysV +u5tHTs7neamo+SL97Pdb8iNinKtMdntlmrNDJX7n0qfdpGV+u/NQkMDoTrHXaBCh +bedvNJMxuuECxDIyHL0xWosI4ehFxkERitupPLjxVYMDQZtkVVWWRVJkiapAm40F +I24zSJQSWTox4MH7ZRie4QJgZn3G9A8Va253UgbMw9ZkzpMz7ZzzLiBanOnM4i1O +Ly+I+15wnEIMmdvbAhFe +-----END CERTIFICATE----- diff --git a/deployment/certs/ui-key.pem b/deployment/certs/ui-key.pem new file mode 100644 index 0000000..71f5813 --- /dev/null +++ b/deployment/certs/ui-key.pem @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: webmethods + localKeyID: 54 69 6D 65 20 31 37 35 30 33 32 31 30 32 34 37 32 32 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDMa9WdyL8e75fp +QPX8oy0NR4U7QurthG8ZWxCJqtq0O8hpP6wenftHi4Nq45X4rQSuVBLGiLXLEOcb +Zb6/JNOlk0y4zYyHqKLjaX/XyFqs3EgsR+CUnmwpf05KpiI/l4B90NLpa6eC1KVd +vQs8HMD22DChMf+bTnz5rOU6gpYYtlbn9oUpxBpSv7lSd4jkLN9eTKEP84G3YwFy +wM7C1j9TFusCmvXAUZ24+Dp4QI2uEdQl61EcSraP/wGAfruKBlo6PZ0BSEohA7GH +TGaP0B6i5IWbj5+rUQSrIdmSe2YU4oFbIFXm7TUYVq8hqBYRUv3lEPhzQBFrpsjo +LfDvBr9PAgMBAAECggEAIxRsQ5f0CEyIbqxJqlGcRRedavaIVzsvT5QbiexqfJx3 +v2wATv7AZN4xrrGghly2nW3rDOvf+pmLd12l9qpMsbDN7TbE43DShyEPIcoNmXVx +4ztwdECdgh+JIXFSFkSa9bxUvV7Oj7qLKENtPqMWkCW4bqkkWpQFCVmcusY3GMU/ +Kxgm0Zg7q56wzvV8LLM52Zti1mdnhh/0SyP3ZY0WE0I1s+XimTLfcjEqmzzmVYPl +4JfDZVWPqH3dlyrsscotKpXwCPbO4KGT5eXhfOKtvaV+7LRg0YglOL5cRxrEsrtt +e9Bnzii2HvoqYmE0iH9qYn2vCY/l99I4ttHsVa11bQKBgQDfyqqtIf7YTzYUl+68 +LiF8AmThZKxiMB7RnOQ1sbTlkDpO2YkJ6IvhzErytGrYFpoPp9eYn/zsFaNmEg7F +DsNIJnSy9zM34PcrlKRfvv2Z/pTlxGcVkfJVCg9a5unUXJH/ShklEUwi3UPpu0m0 +GkSfibbk1QVebW1aCu6Lvmx/qwKBgQDp13zDQ+WY+G7DLoDaOlfbqdD/q8XppgfS +e9F0ay3+DdXcnEIh8p8gFwwF5F+0yRizq83RHM3gX9mnRGfincAVgit8LYEpzK1x +aqHCE+8mkV38aVsbKt0gcX8YSN5os6JHJrwbAO9J5HpMeOsOySgMKcAh3KVaU91M +7JkQrmeq7QKBgQDaREFI0SJMeJ1HYpOup9NyrqcTievza/ly+XE+yU6ko5Gq+9ID +fvKHTIhAxSR8Ezc5U7scGdZFsCkI0U3kdiySfydMsXsb4edQcw4KcC3J9xnkKzVb +PVg8Bq7JOvQOcibW9b8mfwNh8apeGZOd/Ay4CUn/T6CH43RG4OieFSCfNwKBgH2w +f7UNF6njTtXGdyfVWEgPvPDPyW9O+MFgIDMtMOlvUlZj/v/0Qyeie6nnGLI5rPdW +DyipDNffbUQE9rnOBOMKtojmhJiNFWTy5cNFp7PZSuVTU88EeRrpJmFNOY6Zj04j +OdRh6jyTfFECZYXrBYWUI1uQF6i3jym7uoJG3B35AoGANr0poMYbLwWXyiXd3lj0 +Y5pmrI2tUB4/AeBkCOKm3r+HEjS/kKdSTGjyYhz+WYUlOntWHEbfb7uwVMLlLKpP +F09KX1PwHbFVffsZcko820VQxyq64NA74xXLr0ZrffWt/og0WhL0f3U10dgA9bfw +HqzgfBJoGAwF+0An1dBPSyI= +-----END PRIVATE KEY----- diff --git a/deployment/certs/webmethods_not_for_production.jks b/deployment/certs/webmethods_not_for_production.jks deleted file mode 100644 index 5d75827..0000000 Binary files a/deployment/certs/webmethods_not_for_production.jks and /dev/null differ diff --git a/deployment/docker/.env b/deployment/docker/.env index 58bee65..cacc6f2 100644 --- a/deployment/docker/.env +++ b/deployment/docker/.env @@ -4,44 +4,41 @@ UI_PUBLISH_PORT=8085 ENGINE_PUBLISH_PORT=8082 ASSETCATALOG_PUBLISH_PORT=8081 ELASTICSEARCH_PUBLISH_PORT=9200 +DATASTORE_PUBLISH_PORT=9200 # Images -INGRESS_IMAGE="cp.icr.io/cp/webmethods/api/api-control-plane-ingress:11.1.2" -UI_IMAGE="cp.icr.io/cp/webmethods/api/api-control-plane-ui:11.1.2" -ENGINE_IMAGE="cp.icr.io/cp/webmethods/api/api-control-plane-engine:11.1.2" -ASSETCATALOG_IMAGE="cp.icr.io/cp/webmethods/api/api-control-plane-assetcatalog:11.1.2" -ELASTICSEARCH_IMAGE="docker.elastic.co/elasticsearch/elasticsearch:8.14.3" +# INGRESS_IMAGE="cp.icr.io/cp/webmethods/api/api-control-plane-ingress:11.1.2" +# UI_IMAGE="cp.icr.io/cp/webmethods/api/api-control-plane-ui:11.1.2" +# ENGINE_IMAGE="cp.icr.io/cp/webmethods/api/api-control-plane-engine:11.1.2" +# ASSETCATALOG_IMAGE="cp.icr.io/cp/webmethods/api/api-control-plane-assetcatalog:11.1.2" +INGRESS_IMAGE="cp.stg.icr.io/cp/webmethods/api/api-control-plane-ingress:suite-int-stable" +UI_IMAGE="cp.stg.icr.io/cp/webmethods/api/api-control-plane-ui:suite-int-stable" +ENGINE_IMAGE="cp.stg.icr.io/cp/webmethods/api/api-control-plane-engine:suite-int-stable" +ASSETCATALOG_IMAGE="cp.stg.icr.io/cp/webmethods/api/api-control-plane-assetcatalog:suite-int-stable" +DATASTORE_IMAGE="cp.stg.icr.io/cp/webmethods/api/api-control-plane/third-party/opensearch:2.19.1" -# Elasticsearch config -ELASTICSEARCH_HOST="elasticsearch" -ELASTICSEARCH_ENDPOINT="http://elasticsearch:9200" -# If elastic search is secured only please set the below three variables -#with proper values or else leave it blank -ELASTICSEARCH_USERNAME= -ELASTICSEARCH_PASSWORD= -ELASTICSEARCH_CERTPATH= -#ELASTICSEARCH_CERTPATH=/usr/share/elasticsearch/config/certs/ca/ca.crt +# Datastore configuration +DATASTORE_HOST=datastore-cp +DATASTORE_USERNAME=admin +DATASTORE_PASSWORD=MyPassword@123 # JAEGER Tracing JAEGER_TRACING_IMAGE=jaegertracing/all-in-one:latest JAEGER_COLLECTOR_PORT=4317 JAEGER_UI_PORT=16686 -#NGINX images +#NGINX configuration NGINX_CERTPATH="/usr/share/certs/" NGINX_DOMAIN_NAME="localhost" -NGINX_HTTP_PORT="81" NGINX_HTTPS_PORT="444" NGINX_CER_SUBJECT="/C=GB/ST=London/L=London/O=demo/OU=demo" -CERTIFICATE_FILENAME=webmethods_not_for_production.jks - SERVER_PORT=8443 SERVER_SSL_ENABLED=true -SERVER_SSL_KEY_ALIAS=controlplane -SERVER_SSL_KEY_PASSWORD= +SERVER_SSL_KEY_ALIAS=webmethods +SERVER_SSL_KEY_PASSWORD=webmethods SERVER_SSL_KEY_STORE_PASSWORD=webmethods SERVER_SSL_KEY_STORE_TYPE=JKS -SERVER_SSL_KEY_STORE=file:/opt/softwareag/certs/${CERTIFICATE_FILENAME} - -LICENSE_FILE_NAME=my_cp_license.xml +SERVER_SSL_KEY_STORE=/certs/keystore.jks # Mounted path +SERVER_SSL_TRUST_STORE=/certs/truststore.jks # Mounted path +SERVER_SSL_TRUST_STORE_PASSWORD=webmethods diff --git a/deployment/docker/asset-catalog/asset-catalog-config.env b/deployment/docker/asset-catalog/asset-catalog-config.env index baa39c9..48150b5 100644 --- a/deployment/docker/asset-catalog/asset-catalog-config.env +++ b/deployment/docker/asset-catalog/asset-catalog-config.env @@ -3,5 +3,20 @@ # Open telemetry agent OTEL_JAVAAGENT_ENABLED=false -# Microservice Endpoint -APICP_ENGINE_ENDPOINT=http://engine:8080 +# Connectivity to other services +APICP_ENGINE_ENDPOINT=https://engine:8080 + +# JWKS URI +APICP_AUTH_JWKS_URI=https://ingress:8443/api/ingress/v1/discovery/keys + +# Https Configurations +server.port=8443 +server.ssl.enabled=true +server.ssl.key-store=${SERVER_SSL_KEY_STORE} +server.ssl.key-alias=${SERVER_SSL_KEY_ALIAS} +server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD} +server.ssl.key-store-password=${SERVER_SSL_KEY_STORE_PASSWORD} +server.ssl.key-store-type=${SERVER_SSL_KEY_STORE_TYPE} +server.ssl.trust-store=${SERVER_SSL_TRUST_STORE} +server.ssl.trust-store-password=${SERVER_SSL_TRUST_STORE_PASSWORD} +server.ssl.client-auth=NEED \ No newline at end of file diff --git a/deployment/docker/asset-catalog/asset-catalog-config.debug.env b/deployment/docker/asset-catalog/asset-catalog-config.otel.env similarity index 82% rename from deployment/docker/asset-catalog/asset-catalog-config.debug.env rename to deployment/docker/asset-catalog/asset-catalog-config.otel.env index 3996c84..18be8ed 100644 --- a/deployment/docker/asset-catalog/asset-catalog-config.debug.env +++ b/deployment/docker/asset-catalog/asset-catalog-config.otel.env @@ -1,4 +1,4 @@ -# Asset Catalog service configurations for debug mode +# Asset Catalog service configurations for OpenTelemetry # Open telemetry agent OTEL_JAVAAGENT_ENABLED=true diff --git a/deployment/docker/asset-catalog/asset-catalog.yaml b/deployment/docker/asset-catalog/asset-catalog.yaml index e8b890b..125adf0 100644 --- a/deployment/docker/asset-catalog/asset-catalog.yaml +++ b/deployment/docker/asset-catalog/asset-catalog.yaml @@ -14,25 +14,26 @@ services: restart_policy: condition: "no" env_file: - - asset-catalog-config.env - - ../elasticsearch/es-config.env + - asset-catalog-config.env + - ../datastore/datastore-config.env healthcheck: - test: ["CMD", "curl", "-f", "http://asset-catalog:8080/api/assetcatalog/health"] + test: ["CMD", "curl", "-fk", "--cert", "/certs/ac-cert.pem", "--key", "/certs/ac-key.pem", "https://asset-catalog:8443/api/assetcatalog/health"] interval: 30s timeout: 10s retries: 5 + volumes: + - ../../certs/keystore-ac.jks:/certs/keystore.jks + - ../../certs/truststore-ac.jks:/certs/truststore.jks + - ../../certs/ac-cert.pem:/certs/ac-cert.pem + - ../../certs/ac-key.pem:/certs/ac-key.pem networks: - - ibm-webmethods-api-management - asset-catalog-debug: + - ibm-wm-api-cp-nw + + asset-catalog-otel: <<: *asset-catalog-service env_file: - - asset-catalog-config.env - - asset-catalog-config.debug.env - - ../elasticsearch/es-config.env + - asset-catalog-config.env + - asset-catalog-config.otel.env + - ../datastore/datastore-config.env ports: - - ${ASSETCATALOG_PUBLISH_PORT}:8080 - - asset-catalog-secure-es: - <<: *asset-catalog-service - volumes: - - es-certs:/usr/share/elasticsearch/config/certs + - ${ASSETCATALOG_PUBLISH_PORT}:8443 diff --git a/deployment/docker/control-plane-secure-es.yaml b/deployment/docker/control-plane-secure-es.yaml deleted file mode 100644 index adb3d2b..0000000 --- a/deployment/docker/control-plane-secure-es.yaml +++ /dev/null @@ -1,77 +0,0 @@ -version: '3.8' -services: - nginx: - extends: - file: nginx/nginx.yaml - service: nginx - depends_on: - ingress: - condition: service_healthy - nginx_setup: - extends: - file: nginx/nginx.yaml - service: nginx_setup - ingress: - extends: - file: ingress/ingress.yaml - service: ingress-secure-es - depends_on: - engine: - condition: service_healthy - asset-catalog: - condition: service_healthy - ui: - condition: service_healthy - environment: - - server.forward-headers-strategy=NATIVE - ui: - extends: - file: ui/ui.yaml - service: ui-secure-es - depends_on: - engine: - condition: service_healthy - asset-catalog: - condition: service_healthy - engine: - extends: - file: engine/engine.yaml - service: engine-secure-es - depends_on: - asset-catalog: - condition: service_healthy - asset-catalog: - extends: - file: asset-catalog/asset-catalog.yaml - service: asset-catalog-secure-es - depends_on: - elasticsearch: - condition: service_healthy - elasticsearch: - extends: - file: elasticsearch/elasticsearch-secure.yaml - service: elasticsearch-secure - certificates_setup: - extends: - file: elasticsearch/elasticsearch-secure.yaml - service: certificates_setup - jaeger-tracing: - extends: - file: jaeger-tracing/jaeger-tracing.yaml - service: jaeger-tracing - -volumes: - es-data: - driver: local - es-certs: - driver: local - nginx-certs: - driver: local - conf.d: - driver: local - - -networks: - ibm-webmethods-api-management: - name: ibm-webmethods-api-management - driver: bridge \ No newline at end of file diff --git a/deployment/docker/control-plane.debug.yaml b/deployment/docker/control-plane.debug.yaml index 6bc3db3..5b60b0b 100644 --- a/deployment/docker/control-plane.debug.yaml +++ b/deployment/docker/control-plane.debug.yaml @@ -1,20 +1,20 @@ version: '3.8' services: nginx: - extends: - file: nginx/nginx.yaml - service: nginx depends_on: ingress: condition: service_healthy + nginx_setup: + condition: service_completed_successfully + extends: + file: nginx/nginx.yaml + service: nginx nginx_setup: extends: file: nginx/nginx.yaml service: nginx_setup + ingress: - extends: - file: ingress/ingress.yaml - service: ingress depends_on: engine: condition: service_healthy @@ -22,42 +22,50 @@ services: condition: service_healthy ui: condition: service_healthy + extends: + file: ingress/ingress.yaml + service: ingress-otel environment: - server.forward-headers-strategy=NATIVE + ui: - extends: - file: ui/ui.yaml - service: ui-debug depends_on: engine: condition: service_healthy asset-catalog: condition: service_healthy - engine: extends: - file: engine/engine.yaml - service: engine-debug + file: ui/ui.yaml + service: ui-otel + + engine: depends_on: asset-catalog: condition: service_healthy - asset-catalog: extends: - file: asset-catalog/asset-catalog.yaml - service: asset-catalog-debug + file: engine/engine.yaml + service: engine-otel + + asset-catalog: depends_on: - elasticsearch: + datastore-cp: condition: service_healthy - elasticsearch: extends: - file: elasticsearch/elasticsearch.yaml - service: elasticsearch + file: asset-catalog/asset-catalog.yaml + service: asset-catalog-otel + + datastore-cp: + extends: + file: datastore/datastore.yaml + service: datastore + jaeger-tracing: extends: file: jaeger-tracing/jaeger-tracing.yaml service: jaeger-tracing volumes: - es-data: + datastore-cp-data: driver: local nginx-certs: driver: local @@ -65,6 +73,6 @@ volumes: driver: local networks: - ibm-webmethods-api-management: - name: ibm-webmethods-api-management + ibm-wm-api-cp-nw: + name: ibm-wm-api-cp-nw driver: bridge \ No newline at end of file diff --git a/deployment/docker/control-plane.gainsight.yaml b/deployment/docker/control-plane.gainsight.yaml index 62b9e95..c789ca0 100644 --- a/deployment/docker/control-plane.gainsight.yaml +++ b/deployment/docker/control-plane.gainsight.yaml @@ -1,20 +1,20 @@ version: '3.8' services: nginx: - extends: - file: nginx/nginx.yaml - service: nginx depends_on: ingress: condition: service_healthy + nginx_setup: + condition: service_completed_successfully + extends: + file: nginx/nginx.yaml + service: nginx nginx_setup: extends: file: nginx/nginx.yaml service: nginx_setup + ingress: - extends: - file: ingress/ingress.yaml - service: ingress-gainsight depends_on: engine: condition: service_healthy @@ -22,38 +22,45 @@ services: condition: service_healthy ui: condition: service_healthy + extends: + file: ingress/ingress.yaml + service: ingress-gainsight environment: - server.forward-headers-strategy=NATIVE + ui: - extends: - file: ui/ui.yaml - service: ui-gainsight depends_on: engine: condition: service_healthy asset-catalog: condition: service_healthy - engine: extends: - file: engine/engine.yaml - service: engine-debug + file: ui/ui.yaml + service: ui-gainsight + + engine: depends_on: asset-catalog: condition: service_healthy - asset-catalog: extends: - file: asset-catalog/asset-catalog.yaml - service: asset-catalog-debug + file: engine/engine.yaml + service: engine + + asset-catalog: depends_on: - elasticsearch: + datastore-cp: condition: service_healthy - elasticsearch: extends: - file: elasticsearch/elasticsearch.yaml - service: elasticsearch + file: asset-catalog/asset-catalog.yaml + service: asset-catalog + + datastore-cp: + extends: + file: datastore/datastore.yaml + service: datastore volumes: - es-data: + datastore-cp-data: driver: local nginx-certs: driver: local @@ -61,6 +68,6 @@ volumes: driver: local networks: - ibm-webmethods-api-management: - name: ibm-webmethods-api-management + ibm-wm-api-cp-nw: + name: ibm-wm-api-cp-nw driver: bridge \ No newline at end of file diff --git a/deployment/docker/control-plane.yaml b/deployment/docker/control-plane.yaml index de60d44..681e6c8 100644 --- a/deployment/docker/control-plane.yaml +++ b/deployment/docker/control-plane.yaml @@ -1,20 +1,20 @@ version: '3.8' services: nginx: - extends: - file: nginx/nginx.yaml - service: nginx depends_on: ingress: condition: service_healthy + nginx_setup: + condition: service_completed_successfully + extends: + file: nginx/nginx.yaml + service: nginx nginx_setup: extends: file: nginx/nginx.yaml service: nginx_setup + ingress: - extends: - file: ingress/ingress.yaml - service: ingress depends_on: engine: condition: service_healthy @@ -22,49 +22,59 @@ services: condition: service_healthy ui: condition: service_healthy + extends: + file: ingress/ingress.yaml + service: ingress environment: - server.forward-headers-strategy=NATIVE + ui: - extends: - file: ui/ui.yaml - service: ui depends_on: engine: condition: service_healthy asset-catalog: condition: service_healthy + extends: + file: ui/ui.yaml + service: ui + engine: + depends_on: + asset-catalog: + condition: service_healthy extends: file: engine/engine.yaml service: engine + + asset-catalog: depends_on: - asset-catalog: + datastore-cp: condition: service_healthy - asset-catalog: extends: file: asset-catalog/asset-catalog.yaml service: asset-catalog - depends_on: - elasticsearch: - condition: service_healthy - elasticsearch: + + datastore-cp: extends: - file: elasticsearch/elasticsearch.yaml - service: elasticsearch + file: datastore/datastore.yaml + service: datastore + jaeger-tracing: extends: file: jaeger-tracing/jaeger-tracing.yaml service: jaeger-tracing volumes: - es-data: + datastore-cp-data: driver: local nginx-certs: driver: local conf.d: driver: local + pem_files: + driver: local networks: - ibm-webmethods-api-management: - name: ibm-webmethods-api-management + ibm-wm-api-cp-nw: + name: ibm-wm-api-cp-nw driver: bridge \ No newline at end of file diff --git a/deployment/docker/datastore/datastore-config.env b/deployment/docker/datastore/datastore-config.env new file mode 100644 index 0000000..5188fba --- /dev/null +++ b/deployment/docker/datastore/datastore-config.env @@ -0,0 +1,17 @@ +# Datastore service configurations + +# Connectivity config +APICP_STORE_ASSETS_HOST=${DATASTORE_HOST} +APICP_STORE_ASSETS_PORT=9200 +APICP_STORE_ASSETS_USERNAME=${DATASTORE_USERNAME} +APICP_STORE_ASSETS_PASSWORD=${DATASTORE_PASSWORD} + +# SSL config +APICP_STORE_ASSETS_ENABLE_SSL=true + +APICP_STORE_ASSETS_KEYSTORE_FILE_PATH=/certs/keystore.jks +APICP_STORE_ASSETS_KEYSTORE_PASSWORD=webmethods +APICP_STORE_ASSETS_KEYSTORE_ALIAS_NAME=webmethods + +APICP_STORE_ASSETS_TRUSTSTORE_FILE_PATH=/certs/truststore.jks +APICP_STORE_ASSETS_TRUSTSTORE_PASSWORD=webmethods \ No newline at end of file diff --git a/deployment/docker/datastore/datastore.yaml b/deployment/docker/datastore/datastore.yaml new file mode 100644 index 0000000..b7dfd14 --- /dev/null +++ b/deployment/docker/datastore/datastore.yaml @@ -0,0 +1,51 @@ +services: + datastore: &datastore-service + image: ${DATASTORE_IMAGE} + container_name: datastore-cp + hostname: datastore-cp + restart: "on-failure" + deploy: + resources: + limits: + memory: 2G + cpus: '1' + reservations: + memory: 2G + cpus: '1' + ports: + - ${DATASTORE_PUBLISH_PORT}:9200 + environment: + - discovery.type=single-node + - node.name=webmethods + - cluster.name=webmethods + - bootstrap.memory_lock=true + - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${DATASTORE_PASSWORD} + - plugins.security.ssl.http.enabled=true + - plugins.security.ssl.http.keystore_type=JKS + - plugins.security.ssl.http.keystore_filepath=/usr/share/opensearch/config/certs/keystore.jks + - plugins.security.ssl.http.keystore_alias=webmethods + - plugins.security.ssl.http.keystore_password=webmethods + - plugins.security.ssl.http.keystore_keypassword=webmethods + - plugins.security.ssl.http.truststore_type=JKS + - plugins.security.ssl.http.truststore_filepath=/usr/share/opensearch/config/certs/truststore.jks + - plugins.security.ssl.http.truststore_password=webmethods + - plugins.security.ssl.http.clientauth_mode=REQUIRE + - plugins.index_state_management.history.max_age=7d + - plugins.index_state_management.history.rollover_retention_period=0ms + ulimits: + memlock: + soft: -1 + hard: -1 + healthcheck: + test: [ "CMD-SHELL", "curl -fk --cert /certs/os-cert.pem --key /certs/os-key.pem https://localhost:9200 -u \"${DATASTORE_USERNAME}:${DATASTORE_PASSWORD}\"" ] + interval: 10s + timeout: 10s + retries: 10 + volumes: + - datastore-cp-data:/usr/share/opensearch/data + - ../../certs/keystore-os.jks:/usr/share/opensearch/config/certs/keystore.jks + - ../../certs/truststore-os.jks:/usr/share/opensearch/config/certs/truststore.jks + - ../../certs/os-cert.pem:/certs/os-cert.pem + - ../../certs/os-key.pem:/certs/os-key.pem + networks: + - ibm-wm-api-cp-nw diff --git a/deployment/docker/engine/engine-config.env b/deployment/docker/engine/engine-config.env index e2fe02b..74b576a 100644 --- a/deployment/docker/engine/engine-config.env +++ b/deployment/docker/engine/engine-config.env @@ -4,4 +4,19 @@ OTEL_JAVAAGENT_ENABLED=false # Connectivity to other services -APICP_ASSET_CATALOG_ENDPOINT=http://asset-catalog:8080 \ No newline at end of file +APICP_ASSET_CATALOG_ENDPOINT=https://asset-catalog:8443 + +# JWKS URI +APICP_AUTH_JWKS_URI=https://ingress:8443/api/ingress/v1/discovery/keys + +# Https Configurations +server.port=8443 +server.ssl.enabled=true +server.ssl.key-store=${SERVER_SSL_KEY_STORE} +server.ssl.key-alias=${SERVER_SSL_KEY_ALIAS} +server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD} +server.ssl.key-store-password=${SERVER_SSL_KEY_STORE_PASSWORD} +server.ssl.key-store-type=${SERVER_SSL_KEY_STORE_TYPE} +server.ssl.trust-store=${SERVER_SSL_TRUST_STORE} +server.ssl.trust-store-password=${SERVER_SSL_TRUST_STORE_PASSWORD} +server.ssl.client-auth=NEED \ No newline at end of file diff --git a/deployment/docker/engine/engine-config.debug.env b/deployment/docker/engine/engine-config.otel.env similarity index 83% rename from deployment/docker/engine/engine-config.debug.env rename to deployment/docker/engine/engine-config.otel.env index c686ffa..4b6241d 100644 --- a/deployment/docker/engine/engine-config.debug.env +++ b/deployment/docker/engine/engine-config.otel.env @@ -1,4 +1,4 @@ -# Engine service configurations for debug mode +# Engine service configurations for OpenTelemetry # Open telemetry agent OTEL_JAVAAGENT_ENABLED=true diff --git a/deployment/docker/engine/engine.yaml b/deployment/docker/engine/engine.yaml index ce2b843..988e683 100644 --- a/deployment/docker/engine/engine.yaml +++ b/deployment/docker/engine/engine.yaml @@ -14,25 +14,26 @@ services: restart_policy: condition: "no" env_file: - - engine-config.env - - ../elasticsearch/es-config.env + - engine-config.env + - ../datastore/datastore-config.env healthcheck: - test: ["CMD", "curl", "-f", "http://engine:8080/api/engine/health"] + test: ["CMD", "curl", "-fk", "--cert", "/certs/en-cert.pem", "--key", "/certs/en-key.pem", "https://engine:8443/api/engine/health"] interval: 30s timeout: 10s retries: 5 + volumes: + - ../../certs/keystore-en.jks:/certs/keystore.jks + - ../../certs/truststore-en.jks:/certs/truststore.jks + - ../../certs/en-cert.pem:/certs/en-cert.pem + - ../../certs/en-key.pem:/certs/en-key.pem networks: - - ibm-webmethods-api-management - engine-debug: + - ibm-wm-api-cp-nw + + engine-otel: <<: *engine-service env_file: - - engine-config.env - - engine-config.debug.env - - ../elasticsearch/es-config.env + - engine-config.env + - engine-config.otel.env + - ../datastore/datastore-config.env ports: - - ${ENGINE_PUBLISH_PORT}:8080 - - engine-secure-es: - <<: *engine-service - volumes: - - es-certs:/usr/share/elasticsearch/config/certs \ No newline at end of file + - ${ENGINE_PUBLISH_PORT}:8443 \ No newline at end of file diff --git a/deployment/docker/ingress/ingress-config.env b/deployment/docker/ingress/ingress-config.env index 68cabb1..c0800e0 100644 --- a/deployment/docker/ingress/ingress-config.env +++ b/deployment/docker/ingress/ingress-config.env @@ -12,7 +12,10 @@ com.softwareag.api.umc.oauth.api.secrets= com.softwareag.api.umc.oauth.authorize.endpoint= com.softwareag.api.umc.oauth.access.endpoint= com.softwareag.api.umc.oauth.user.endpoint= +com.softwareag.api.umc.notification.passwordResetRequested.template=/template/PasswordResetRequestTemplate.html +com.softwareag.api.umc.notification.passwordChanged.template=/template/password_changed.html com.softwareag.api.umc.loadbalancer.url=https://localhost:${INGRESS_PUBLISH_PORT} +com.softwareag.api.umc.notification.smtp.host=fakesmtp # Software AG Cloud URL. Leave empty if not using Software AG Cloud for user management. APICP_SAG_CLOUD_URL= @@ -21,15 +24,25 @@ APICP_SAG_CLOUD_URL= OTEL_JAVAAGENT_ENABLED=false # Connectivity to other services -APICP_ENGINE_ENDPOINT='http://engine:8080' -APICP_ASSET_CATALOG_ENDPOINT='http://asset-catalog:8080' -APICP_UI_ENDPOINT='http://ui:8080' +APICP_ENGINE_ENDPOINT=https://engine:8443 +APICP_ASSET_CATALOG_ENDPOINT=https://asset-catalog:8443 +APICP_UI_ENDPOINT=https://ui:8443 +# Https Configurations server.ssl.enabled=${SERVER_SSL_ENABLED} server.ssl.key_alias=${SERVER_SSL_KEY_ALIAS} server.ssl.key_password=${SERVER_SSL_KEY_PASSWORD} server.ssl.key_store_password=${SERVER_SSL_KEY_STORE_PASSWORD} server.ssl.key_store_type=${SERVER_SSL_KEY_STORE_TYPE} server.ssl.key_store=${SERVER_SSL_KEY_STORE} +server.ssl.trust-store=${SERVER_SSL_TRUST_STORE} +server.ssl.trust-store-password=${SERVER_SSL_TRUST_STORE_PASSWORD} +server.ssl.client-auth=NEED -APICP_LICENSE_PATH=/home/license/${LICENSE_FILE_NAME} \ No newline at end of file +APICP_STUDIO_ENABLED=false + +# JWT properties +APICP_INGRESS_TOKEN_SIGNATURE_KEY_STORE=/certs/jwt_keystore.jks +APICP_INGRESS_TOKEN_SIGNATURE_KEY_STORE_PASSWORD=webmethods +APICP_INGRESS_TOKEN_SIGNATURE_KEY_ALIAS=ibm +APICP_INGRESS_TOKEN_SIGNATURE_KEY_PASSWORD=webmethods \ No newline at end of file diff --git a/deployment/docker/ingress/ingress-config.debug.env b/deployment/docker/ingress/ingress-config.otel.env similarity index 83% rename from deployment/docker/ingress/ingress-config.debug.env rename to deployment/docker/ingress/ingress-config.otel.env index 1869bd8..b78deec 100644 --- a/deployment/docker/ingress/ingress-config.debug.env +++ b/deployment/docker/ingress/ingress-config.otel.env @@ -1,4 +1,4 @@ -# Ingress service configurations for debug mode +# Ingress service configurations for OpenTelemetry # Open telemetry agent OTEL_JAVAAGENT_ENABLED=true diff --git a/deployment/docker/ingress/ingress.yaml b/deployment/docker/ingress/ingress.yaml index 8a026fe..c20835b 100644 --- a/deployment/docker/ingress/ingress.yaml +++ b/deployment/docker/ingress/ingress.yaml @@ -14,44 +14,36 @@ services: restart_policy: condition: "no" env_file: - - ingress-config.env - - ../elasticsearch/es-config.env - ports: - - ${INGRESS_PUBLISH_PORT}:8443 + - ingress-config.env + - ../datastore/datastore-config.env healthcheck: - test: ["CMD", "curl", "-fk", "https://ingress:8443/api/ingress/health"] + test: ["CMD", "curl", "-fk", "--cert", "/certs/in-cert.pem", "--key", "/certs/in-key.pem", "https://ingress:8443/api/ingress/health"] interval: 30s timeout: 10s retries: 5 - networks: - - ibm-webmethods-api-management volumes: - - ../../license/${LICENSE_FILE_NAME}:/home/license/${LICENSE_FILE_NAME} - - ../../certs/${CERTIFICATE_FILENAME}:/opt/softwareag/certs/${CERTIFICATE_FILENAME} + - ./PasswordResetRequestTemplate.html:/template/PasswordResetRequestTemplate.html:ro + - ./password_changed.html:/template/password_changed.html + - ../../certs/jwt_keystore.jks:/certs/jwt_keystore.jks + - ../../certs/keystore-in.jks:/certs/keystore.jks + - ../../certs/truststore-in.jks:/certs/truststore.jks + - ../../certs/in-cert.pem:/certs/in-cert.pem + - ../../certs/in-key.pem:/certs/in-key.pem + networks: + - ibm-wm-api-cp-nw - ingress-debug: + ingress-otel: <<: *ingress-service env_file: - - ingress-config.env - - ingress-config.debug.env - - ../elasticsearch/es-config.env - volumes: - - ../../license/${LICENSE_FILE_NAME}:/home/license/${LICENSE_FILE_NAME} - - ../../certs/${CERTIFICATE_FILENAME}:/opt/softwareag/certs/${CERTIFICATE_FILENAME} + - ingress-config.env + - ingress-config.otel.env + - ../datastore/datastore-config.env + ports: + - ${INGRESS_PUBLISH_PORT}:8443 ingress-gainsight: <<: *ingress-service env_file: - ingress-config.env - ingress-config.gainsight.env - - ../elasticsearch/es-config.env - volumes: - - ../../license/${LICENSE_FILE_NAME}:/home/license/${LICENSE_FILE_NAME} - - ../../certs/${CERTIFICATE_FILENAME}:/opt/softwareag/certs/${CERTIFICATE_FILENAME} - - ingress-secure-es: - <<: *ingress-service - volumes: - - es-certs:/usr/share/elasticsearch/config/certs - - ../../license/${LICENSE_FILE_NAME}:/home/license/${LICENSE_FILE_NAME} - - ../../certs/${CERTIFICATE_FILENAME}:/opt/softwareag/certs/${CERTIFICATE_FILENAME} + - ../datastore/datastore-config.env diff --git a/deployment/docker/nginx/nginx.yaml b/deployment/docker/nginx/nginx.yaml index e6ef165..3ae7468 100644 --- a/deployment/docker/nginx/nginx.yaml +++ b/deployment/docker/nginx/nginx.yaml @@ -7,18 +7,19 @@ services: restart_policy: condition: "on-failure" ports: - - "${NGINX_HTTP_PORT}:80" + - "80:80" - "${NGINX_HTTPS_PORT}:443" healthcheck: - test: ["CMD", "curl", "-f", "http://nginx:80"] + test: ["CMD", "curl", "-fk", "https://nginx:443"] interval: 30s timeout: 10s retries: 5 volumes: - conf.d:/etc/nginx/conf.d - nginx-certs:/etc/nginx/certs + - ../../certs:/usr/share/certs networks: - - ibm-webmethods-api-management + - ibm-wm-api-cp-nw nginx_setup: @@ -40,7 +41,7 @@ services: proxy_pass https://ingress:8443; proxy_set_header X-Forwarded-Proto http; proxy_set_header Host ${NGINX_DOMAIN_NAME}; - proxy_set_header X-Forwarded-Port ${NGINX_HTTP_PORT}; + proxy_set_header X-Forwarded-Port "80"; } } server { @@ -49,21 +50,24 @@ services: ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; - ssl_certificate /etc/nginx/certs/${NGINX_DOMAIN_NAME}.crt; - ssl_certificate_key /etc/nginx/certs/${NGINX_DOMAIN_NAME}.key; + ssl_certificate /usr/share/certs/nginx-cert.crt; + ssl_certificate_key /usr/share/certs/nginx-key.key; + location / { proxy_pass https://ingress:8443; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host ${NGINX_DOMAIN_NAME}; proxy_set_header X-Forwarded-Port ${NGINX_HTTPS_PORT}; + + # Configure Nginx as a client using self-signed certs + proxy_ssl_certificate /usr/share/certs/nginx-cert.crt; + proxy_ssl_certificate_key /usr/share/certs/nginx-key.key; + + #proxy_ssl_trusted_certificate /usr/share/certs/in-cert.pem; + proxy_ssl_verify off; } } " > /usr/share/conf.d/default.conf ' - healthcheck: - test: ["CMD-SHELL"] - interval: 1s - timeout: 5s - retries: 120 networks: - - ibm-webmethods-api-management \ No newline at end of file + - ibm-wm-api-cp-nw \ No newline at end of file diff --git a/deployment/docker/ui/ui-config.env b/deployment/docker/ui/ui-config.env index 191a622..a578248 100644 --- a/deployment/docker/ui/ui-config.env +++ b/deployment/docker/ui/ui-config.env @@ -4,5 +4,21 @@ OTEL_JAVAAGENT_ENABLED=false # Connectivity to other services -APICP_ENGINE_ENDPOINT=http://engine:8080 -APICP_ASSET_CATALOG_ENDPOINT=http://asset-catalog:8080 +APICP_ENGINE_ENDPOINT=https://engine:8443 +APICP_ASSET_CATALOG_ENDPOINT=https://asset-catalog:8443 + +# JWKS URI +APICP_AUTH_JWKS_URI=http://ingress:8080/api/ingress/v1/discovery/keys + +# Https Configurations +server.port=8443 +server.ssl.enabled=true +server.ssl.key-store=${SERVER_SSL_KEY_STORE} +server.ssl.key-alias=${SERVER_SSL_KEY_ALIAS} +server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD} +server.ssl.key-store-password=${SERVER_SSL_KEY_STORE_PASSWORD} +server.ssl.key-store-type=${SERVER_SSL_KEY_STORE_TYPE} + +server.ssl.trust-store=${SERVER_SSL_TRUST_STORE} +server.ssl.trust-store-password=${SERVER_SSL_TRUST_STORE_PASSWORD} +server.ssl.client-auth=NEED \ No newline at end of file diff --git a/deployment/docker/ui/ui-config.debug.env b/deployment/docker/ui/ui-config.otel.env similarity index 100% rename from deployment/docker/ui/ui-config.debug.env rename to deployment/docker/ui/ui-config.otel.env diff --git a/deployment/docker/ui/ui.yaml b/deployment/docker/ui/ui.yaml index cd67a9f..d138785 100644 --- a/deployment/docker/ui/ui.yaml +++ b/deployment/docker/ui/ui.yaml @@ -14,29 +14,32 @@ services: restart_policy: condition: "no" env_file: - - ui-config.env + - ui-config.env healthcheck: - test: ["CMD", "curl", "-f", "http://ui:8080/controlplane/api/ui/health"] + test: ["CMD", "curl", "-fk", "--cert", "/certs/ui-cert.pem", "--key", "/certs/ui-key.pem", "https://ui:8443/controlplane/api/ui/health"] interval: 30s timeout: 10s retries: 5 + volumes: + - ../../certs/keystore-ui.jks:/certs/keystore.jks + - ../../certs/truststore-ui.jks:/certs/truststore.jks + - ../../certs/ui-cert.pem:/certs/ui-cert.pem + - ../../certs/ui-key.pem:/certs/ui-key.pem networks: - - ibm-webmethods-api-management - ui-debug: + - ibm-wm-api-cp-nw + + ui-otel: <<: *ui-service env_file: - - ui-config.env - - ui-config.debug.env + - ui-config.env + - ui-config.otel.env ports: - - ${UI_PUBLISH_PORT}:8080 + - ${UI_PUBLISH_PORT}:8443 + ui-gainsight: <<: *ui-service env_file: - ui-config.env - ui-config.gainsight.env ports: - - ${UI_PUBLISH_PORT}:8080 - ui-secure-es: - <<: *ui-service - volumes: - - es-certs:/usr/share/elasticsearch/config/certs \ No newline at end of file + - ${UI_PUBLISH_PORT}:8443 \ No newline at end of file diff --git a/deployment/helm/templates/assetcatalog_configmap.yaml b/deployment/helm/templates/assetcatalog_configmap.yaml index b06ec0e..ea54389 100644 --- a/deployment/helm/templates/assetcatalog_configmap.yaml +++ b/deployment/helm/templates/assetcatalog_configmap.yaml @@ -1,16 +1,42 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: v1 kind: ConfigMap metadata: name: {{ .Values.applications.assetcatalog.name }}-config data: - SERVICE_ELASTICSEARCH_HOST: {{ .Values.applications.es.name }}-lb - SERVICE_ELASTICSEARCH_PORT: "9200" - SERVICE_ELASTICSEARCH_CERTPATH: "" + APICP_STORE_ASSETS_HOST: {{ .Values.applications.datastore.name }}-lb + APICP_STORE_ASSETS_PORT: "9200" + APICP_STORE_ASSETS_USERNAME: "admin" + APICP_STORE_ASSETS_PASSWORD: "MyPassword@123" + APICP_STORE_ASSETS_ENABLE_SSL: "true" + APICP_STORE_ASSETS_KEYSTORE_FILE_PATH: "/certs/keystore-ac.jks" + APICP_STORE_ASSETS_KEYSTORE_PASSWORD: "webmethods" + APICP_STORE_ASSETS_KEYSTORE_ALIAS_NAME: "webmethods" + APICP_STORE_ASSETS_TRUSTSTORE_FILE_PATH: "/certs/truststore-ac.jks" + APICP_STORE_ASSETS_TRUSTSTORE_PASSWORD: "webmethods" + + + APICP_ENGINE_ENDPOINT: "https://{{ .Values.applications.engine.name }}-svc:8443" + APICP_AUTH_JWKS_URI: "https://{{ .Values.applications.ingress.name }}-svc:8443/api/ingress/v1/discovery/keys" + + SERVER_PORT: "8443" + SERVER_SSL_ENABLED: "true" + SERVER_SSL_KEY_ALIAS: "webmethods" + SERVER_SSL_KEY_PASSWORD: "webmethods" + SERVER_SSL_KEY_STORE: "/certs/keystore-ac.jks" + SERVER_SSL_KEY_STORE_PASSWORD: "webmethods" + SERVER_SSL_KEY_STORE_TYPE: "JKS" + + SERVER_SSL_TRUST_STORE: "/certs/truststore-ac.jks" + SERVER_SSL_TRUST_STORE_PASSWORD: "webmethods" + SERVER_SSL_CLIENT_AUTH: "NEED" + OTEL_JAVAAGENT_ENABLED: "{{ .Values.applications.jaegertracing.enabled }}" {{- if .Values.applications.jaegertracing.enabled }} OTEL_METRICS_EXPORTER: "none" - APICP_ENGINE_ENDPOINT: "http://{{ .Values.applications.engine.name }}-svc:8080" JAVA_OPTS: "-Dotel.exporter.otlp.endpoint=http://{{ .Values.applications.jaegertracing.name }}-svc:{{ .Values.applications.jaegertracing.port }} -Dotel.resource.attributes=service.name={{ .Values.applications.assetcatalog.name }}" LOGGING_LEVEL_COM_SOFTWAREAG_CONTROLPLANE: "{{ .Values.applications.assetcatalog.logLevel }}" {{- end }} ---- \ No newline at end of file +--- diff --git a/deployment/helm/templates/assetcatalog_deployment.yaml b/deployment/helm/templates/assetcatalog_deployment.yaml index 43e5d46..e80a287 100644 --- a/deployment/helm/templates/assetcatalog_deployment.yaml +++ b/deployment/helm/templates/assetcatalog_deployment.yaml @@ -1,3 +1,6 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: apps/v1 kind: Deployment metadata: @@ -21,9 +24,17 @@ spec: date: "{{ now | unixEpoch }}" spec: automountServiceAccountToken: false + volumes: + - name: certs + secret: + secretName: {{ .Values.secrets.certs.name }} containers: - image: {{ .Values.applications.assetcatalog.imageName }}:{{ .Values.applications.assetcatalog.imageTag }} name: {{ .Values.applications.assetcatalog.name }} + volumeMounts: + - name: certs + mountPath: {{ .Values.secrets.certs.mountPath }} + readOnly: true envFrom: - configMapRef: name: {{ .Values.applications.assetcatalog.name }}-config @@ -39,29 +50,31 @@ spec: cpu: {{ .Values.applications.assetcatalog.resources.requests.cpu }} memory: {{ .Values.applications.assetcatalog.resources.requests.memory }} ports: - - containerPort: 8080 + - containerPort: 8443 name: http readinessProbe: - httpGet: - path: /api/assetcatalog/health/readiness - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 + exec: + command: + - sh + - -c + - "curl -fk -s --cert /certs/ac-cert.pem --key /certs/ac-key.pem https://localhost:8443/api/assetcatalog/health/readiness || exit 1" + initialDelaySeconds: 100 periodSeconds: 20 successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 5 + timeoutSeconds: 15 livenessProbe: - httpGet: - path: /api/assetcatalog/health/liveness - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 + exec: + command: + - sh + - -c + - "curl -fk -s --cert /certs/ac-cert.pem --key /certs/ac-key.pem https://localhost:8443/api/assetcatalog/health/liveness || exit 1" + initialDelaySeconds: 100 periodSeconds: 20 successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 5 + timeoutSeconds: 15 terminationGracePeriodSeconds: 30 imagePullSecrets: - - name: {{ .Values.imagePullSecretName }} + - name: regcred --- \ No newline at end of file diff --git a/deployment/helm/templates/assetcatalog_service.yaml b/deployment/helm/templates/assetcatalog_service.yaml index d5a75b2..4183525 100644 --- a/deployment/helm/templates/assetcatalog_service.yaml +++ b/deployment/helm/templates/assetcatalog_service.yaml @@ -1,3 +1,6 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: v1 kind: Service metadata: @@ -5,9 +8,9 @@ metadata: namespace: {{ default "control-plane" .Release.Namespace }} spec: ports: - - port: 8080 + - port: 8443 protocol: TCP - targetPort: 8080 + targetPort: 8443 name: http selector: app: {{ .Values.applications.assetcatalog.name }} diff --git a/deployment/helm/templates/datastore_configmap.yaml b/deployment/helm/templates/datastore_configmap.yaml new file mode 100644 index 0000000..f4eb51f --- /dev/null +++ b/deployment/helm/templates/datastore_configmap.yaml @@ -0,0 +1,29 @@ +# +# Copyright IBM Corp. 2024, 2025 +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.applications.datastore.name }}-config +data: + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + cluster.initial_cluster_manager_nodes: "{{ .Values.applications.datastore.cluster.initial_cluster_manager_nodes }}" + discovery.seed_hosts: "{{ .Values.applications.datastore.name }}-headless" + cluster.name: {{ .Values.applications.datastore.name }}-cluster + network.host: "0.0.0.0" + + OPENSEARCH_INITIAL_ADMIN_PASSWORD: "MyPassword@123" + plugins.security.ssl.http.enabled: "true" + plugins.security.ssl.http.keystore_type: "JKS" + plugins.security.ssl.http.keystore_filepath: "/usr/share/opensearch/config/certs/keystore-os.jks" + plugins.security.ssl.http.keystore_alias: "webmethods" + plugins.security.ssl.http.keystore_password: "webmethods" + plugins.security.ssl.http.keystore_keypassword: "webmethods" + plugins.security.ssl.http.truststore_type: "JKS" + plugins.security.ssl.http.truststore_filepath: "/usr/share/opensearch/config/certs/truststore-os.jks" + plugins.security.ssl.http.truststore_password: "webmethods" + plugins.security.ssl.http.clientauth_mode: "REQUIRE" + + plugins.index_state_management.history.max_age: 7d + plugins.index_state_management.history.rollover_retention_period: 0ms +--- \ No newline at end of file diff --git a/deployment/helm/templates/elasticsearch_service.yaml b/deployment/helm/templates/datastore_service.yaml similarity index 52% rename from deployment/helm/templates/elasticsearch_service.yaml rename to deployment/helm/templates/datastore_service.yaml index f4a7ee4..4324cee 100644 --- a/deployment/helm/templates/elasticsearch_service.yaml +++ b/deployment/helm/templates/datastore_service.yaml @@ -1,11 +1,13 @@ +# Copyright IBM Corp. 2024, 2025 +# apiVersion: v1 kind: Service metadata: - name: {{ .Values.applications.es.name }}-lb + name: {{ .Values.applications.datastore.name }}-lb spec: type: ClusterIP selector: - app: {{ .Values.applications.es.name }} + app: {{ .Values.applications.datastore.name }} ports: - name: http protocol: TCP @@ -15,11 +17,11 @@ spec: apiVersion: v1 kind: Service metadata: - name: {{ .Values.applications.es.name }}-headless + name: {{ .Values.applications.datastore.name }}-headless spec: clusterIP: None selector: - app: {{ .Values.applications.es.name }} + app: {{ .Values.applications.datastore.name }} ports: - name: transport port: 9300 diff --git a/deployment/helm/templates/datastore_statefulset.yaml b/deployment/helm/templates/datastore_statefulset.yaml new file mode 100644 index 0000000..cf3d37f --- /dev/null +++ b/deployment/helm/templates/datastore_statefulset.yaml @@ -0,0 +1,110 @@ +# +# Copyright IBM Corp. 2024, 2025 +# +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Values.applications.datastore.name }} + labels: + app: {{ .Values.applications.datastore.name }} +spec: + serviceName: {{ .Values.applications.datastore.name }}-headless + podManagementPolicy: Parallel + replicas: {{ .Values.applications.datastore.replicas }} + selector: + matchLabels: + app: {{ .Values.applications.datastore.name }} + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: {{ .Values.applications.datastore.name }}-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.applications.datastore.storage }} + template: + metadata: + annotations: + sensor.falcon-system.crowdstrike.com/injection: disabled + labels: + app: {{ .Values.applications.datastore.name }} + spec: + securityContext: + fsGroup: 1000 + imagePullSecrets: + - name: regcred + initContainers: + - name: init-sysctl + image: cp.stg.icr.io/cp/webmethods/api/api-control-plane/third-party/busybox:latest + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + runAsUser: 0 + command: ["sysctl", "-w", "vm.max_map_count=262144"] + volumes: + - name: logs + emptyDir: {} + - name: certs + secret: + secretName: {{ .Values.secrets.certs.name }} + containers: + - name: {{ .Values.applications.datastore.name }} + resources: + limits: + cpu: {{ .Values.applications.datastore.resources.limits.cpu }} + memory: {{ .Values.applications.datastore.resources.limits.memory }} + requests: + cpu: {{ .Values.applications.datastore.resources.requests.cpu }} + memory: {{ .Values.applications.datastore.resources.requests.memory }} + securityContext: + privileged: true + runAsUser: 1000 + capabilities: + add: + - IPC_LOCK + - SYS_RESOURCE + - SYS_ADMIN + - DAC_OVERRIDE + - DAC_READ_SEARCH + image: {{ .Values.applications.datastore.imageName }}:{{ .Values.applications.datastore.imageTag }} + imagePullPolicy: "IfNotPresent" + envFrom: + - configMapRef: + name: {{ .Values.applications.datastore.name }}-config + env: + - name: node.name + valueFrom: + fieldRef: + fieldPath: metadata.name + readinessProbe: + exec: + command: + - curl + - -fk + - --cert + - /usr/share/opensearch/config/certs/in-cert.pem + - --key + - /usr/share/opensearch/config/certs/in-key.pem + - -u + - admin:MyPassword@123 + - https://localhost:9200 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 10 + ports: + - containerPort: 9200 + name: http + - containerPort: 9300 + name: transport + volumeMounts: + - name: {{ .Values.applications.datastore.name }}-data + mountPath: /usr/share/opensearch/data + - name: logs + mountPath: /usr/share/opensearch/logs + - name: certs + mountPath: /usr/share/opensearch/config/certs + readOnly: true \ No newline at end of file diff --git a/deployment/helm/templates/elasticsearch_configmap.yaml b/deployment/helm/templates/elasticsearch_configmap.yaml deleted file mode 100644 index 8f3e5ba..0000000 --- a/deployment/helm/templates/elasticsearch_configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.applications.es.name }}-config -data: - ES_JAVA_OPTS: "-Xms512m -Xmx512m" - cluster.initial_master_nodes: "{{ .Values.applications.es.cluster.initial_master_nodes }}" - discovery.seed_hosts: "{{ .Values.applications.es.name }}-headless" - cluster.name: {{ .Values.applications.es.name }}-cluster - network.host: "0.0.0.0" - xpack.ml.enabled: "false" - xpack.security.enabled: "false" ---- \ No newline at end of file diff --git a/deployment/helm/templates/elasticsearch_statefulset.yaml b/deployment/helm/templates/elasticsearch_statefulset.yaml deleted file mode 100644 index 25f2444..0000000 --- a/deployment/helm/templates/elasticsearch_statefulset.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ .Values.applications.es.name }} - labels: - app: {{ .Values.applications.es.name }} -spec: - serviceName: {{ .Values.applications.es.name }}-headless - podManagementPolicy: Parallel - replicas: {{ .Values.applications.es.replicas }} - selector: - matchLabels: - app: {{ .Values.applications.es.name }} - updateStrategy: - type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: {{ .Values.applications.es.name }}-data - spec: - accessModes: - - ReadWriteOnce - {{- if .Values.applications.es.storageClassName }} - storageClassName: {{ .Values.applications.es.storageClassName }} - {{- end }} - resources: - requests: - storage: {{ .Values.applications.es.storage }} - template: - metadata: - annotations: - sensor.falcon-system.crowdstrike.com/injection: disabled - labels: - app: {{ .Values.applications.es.name }} - spec: - securityContext: - fsGroup: 1000 - initContainers: - - name: init-sysctl - image: public.ecr.aws/docker/library/busybox:latest - imagePullPolicy: IfNotPresent - securityContext: - privileged: true - runAsUser: 0 - command: ["sysctl", "-w", "vm.max_map_count=262144"] - volumes: - - name: logs - emptyDir: {} - containers: - - name: {{ .Values.applications.es.name }} - resources: - limits: - cpu: {{ .Values.applications.es.resources.limits.cpu }} - memory: {{ .Values.applications.es.resources.limits.memory }} - requests: - cpu: {{ .Values.applications.es.resources.requests.cpu }} - memory: {{ .Values.applications.es.resources.requests.memory }} - securityContext: - privileged: true - runAsUser: 1000 - capabilities: - add: - - IPC_LOCK - - SYS_RESOURCE - - SYS_ADMIN - - DAC_OVERRIDE - - DAC_READ_SEARCH - image: {{ .Values.applications.es.imageName }}:{{ .Values.applications.es.imageTag }} - imagePullPolicy: "IfNotPresent" - envFrom: - - configMapRef: - name: {{ .Values.applications.es.name }}-config - env: - - name: node.name - valueFrom: - fieldRef: - fieldPath: metadata.name - readinessProbe: - httpGet: - scheme: HTTP - path: /_cluster/health?local=true - port: 9200 - initialDelaySeconds: 20 - periodSeconds: 20 - successThreshold: 1 - timeoutSeconds: 5 - failureThreshold: 3 - ports: - - containerPort: 9200 - name: http - - containerPort: 9300 - name: transport - volumeMounts: - - name: {{ .Values.applications.es.name }}-data - mountPath: /usr/share/elasticsearch/data - - name: logs - mountPath: /usr/share/elasticsearch/logs \ No newline at end of file diff --git a/deployment/helm/templates/engine_configmap.yaml b/deployment/helm/templates/engine_configmap.yaml index fd028f9..7e35ce9 100644 --- a/deployment/helm/templates/engine_configmap.yaml +++ b/deployment/helm/templates/engine_configmap.yaml @@ -1,12 +1,38 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: v1 kind: ConfigMap metadata: name: {{ .Values.applications.engine.name }}-config data: - APICP_ASSET_CATALOG_ENDPOINT: "http://{{ .Values.applications.assetcatalog.name }}-svc:8080" - SERVICE_ELASTICSEARCH_HOST: {{ .Values.applications.es.name }}-lb - SERVICE_ELASTICSEARCH_PORT: "9200" - SERVICE_ELASTICSEARCH_CERTPATH: "" + APICP_ASSET_CATALOG_ENDPOINT: "https://{{ .Values.applications.assetcatalog.name }}-svc:8443" + + APICP_STORE_ASSETS_HOST: {{ .Values.applications.datastore.name }}-lb + APICP_STORE_ASSETS_PORT: "9200" + APICP_STORE_ASSETS_USERNAME: "admin" + APICP_STORE_ASSETS_PASSWORD: "MyPassword@123" + APICP_STORE_ASSETS_ENABLE_SSL: "true" + APICP_STORE_ASSETS_KEYSTORE_FILE_PATH: "/certs/keystore-en.jks" + APICP_STORE_ASSETS_KEYSTORE_PASSWORD: "webmethods" + APICP_STORE_ASSETS_KEYSTORE_ALIAS_NAME: "webmethods" + APICP_STORE_ASSETS_TRUSTSTORE_FILE_PATH: "/certs/truststore-en.jks" + APICP_STORE_ASSETS_TRUSTSTORE_PASSWORD: "webmethods" + + APICP_AUTH_JWKS_URI: "https://{{ .Values.applications.ingress.name }}-svc:8443/api/ingress/v1/discovery/keys" + + SERVER_PORT: "8443" + SERVER_SSL_ENABLED: "true" + SERVER_SSL_KEY_ALIAS: "webmethods" + SERVER_SSL_KEY_PASSWORD: "webmethods" + SERVER_SSL_KEY_STORE: "/certs/keystore-en.jks" + SERVER_SSL_KEY_STORE_PASSWORD: "webmethods" + SERVER_SSL_KEY_STORE_TYPE: "JKS" + SERVER_SSL_TRUST_STORE: "/certs/truststore-en.jks" + SERVER_SSL_TRUST_STORE_PASSWORD: "webmethods" + SERVER_SSL_CLIENT_AUTH: "NEED" + + OTEL_JAVAAGENT_ENABLED: "true" {{- if .Values.applications.jaegertracing.enabled }} OTEL_METRICS_EXPORTER: "none" diff --git a/deployment/helm/templates/engine_deployment.yaml b/deployment/helm/templates/engine_deployment.yaml index e616e8d..eebad6b 100644 --- a/deployment/helm/templates/engine_deployment.yaml +++ b/deployment/helm/templates/engine_deployment.yaml @@ -1,3 +1,6 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: apps/v1 kind: Deployment metadata: @@ -21,9 +24,17 @@ spec: date: "{{ now | unixEpoch }}" spec: automountServiceAccountToken: false + volumes: + - name: certs + secret: + secretName: {{ .Values.secrets.certs.name }} containers: - name: {{ .Values.applications.engine.name }} image: {{ .Values.applications.engine.imageName }}:{{ .Values.applications.engine.imageTag }} + volumeMounts: + - name: certs + mountPath: {{ .Values.secrets.certs.mountPath }} + readOnly: true envFrom: - configMapRef: name: {{ .Values.applications.engine.name }}-config @@ -39,29 +50,31 @@ spec: cpu: {{ .Values.applications.engine.resources.requests.cpu }} memory: {{ .Values.applications.engine.resources.requests.memory }} ports: - - containerPort: 8080 + - containerPort: 8443 name: http readinessProbe: - httpGet: - path: /api/engine/health/readiness - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 + exec: + command: + - sh + - -c + - "curl -fk -s --cert /certs/en-cert.pem --key /certs/en-key.pem https://localhost:8443/api/engine/health/readiness || exit 1" + initialDelaySeconds: 100 periodSeconds: 20 successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 5 + timeoutSeconds: 15 livenessProbe: - httpGet: - path: /api/engine/health/liveness - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 + exec: + command: + - sh + - -c + - "curl -fk -s --cert /certs/en-cert.pem --key /certs/en-key.pem https://localhost:8443/api/engine/health/liveness || exit 1" + initialDelaySeconds: 100 periodSeconds: 20 successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 5 + timeoutSeconds: 15 terminationGracePeriodSeconds: 30 imagePullSecrets: - - name: {{ .Values.imagePullSecretName }} + - name: regcred --- \ No newline at end of file diff --git a/deployment/helm/templates/engine_service.yaml b/deployment/helm/templates/engine_service.yaml index 609666d..848cd2f 100644 --- a/deployment/helm/templates/engine_service.yaml +++ b/deployment/helm/templates/engine_service.yaml @@ -1,3 +1,6 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: v1 kind: Service metadata: @@ -5,10 +8,11 @@ metadata: namespace: {{ default "control-plane" .Release.Namespace }} spec: ports: - - port: 8080 + - name: http + port: 8443 protocol: TCP - targetPort: http - name: http + targetPort: 8443 + selector: app: {{ .Values.applications.engine.name }} type: ClusterIP diff --git a/deployment/helm/templates/ingress_configmap.yaml b/deployment/helm/templates/ingress_configmap.yaml index ce96d74..5c969aa 100644 --- a/deployment/helm/templates/ingress_configmap.yaml +++ b/deployment/helm/templates/ingress_configmap.yaml @@ -1,31 +1,47 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: v1 kind: ConfigMap metadata: name: {{ .Values.applications.ingress.name }}-config data: -{{ (.Files.Glob "license/*").AsConfig | indent 2 }} -{{ if eq .Values.applications.ingress.sslEnabled true }} SERVER_SSL_ENABLED: "true" - SERVER_PORT: "8443" - SERVER_SSL_KEY_ALIAS: "controlplane" - SERVER_SSL_KEY_PASSWORD: "" - SERVER_SSL_KEY_STORE: "file:/opt/softwareag/certs/webmethods_not_for_production.jks" + SERVER_SSL_KEY_ALIAS: "webmethods" + SERVER_SSL_KEY_PASSWORD: "webmethods" + SERVER_SSL_KEY_STORE: "/certs/keystore-in.jks" SERVER_SSL_KEY_STORE_PASSWORD: "webmethods" SERVER_SSL_KEY_STORE_TYPE: "JKS" - {{ else }} - SERVER_SSL_ENABLED: "false" - SERVER_PORT: "8080" - {{ end }} - APICP_ENGINE_ENDPOINT: "http://{{ .Values.applications.engine.name }}-svc:8080" - APICP_ASSET_CATALOG_ENDPOINT: "http://{{ .Values.applications.assetcatalog.name }}-svc:8080" - APICP_UI_ENDPOINT: "http://{{ .Values.applications.ui.name }}-svc:8080" - APICP_TENANT_ID: "{{ .Values.applications.ingress.tenantId }}" - APICP_SAG_CLOUD_URL: "" - APICP_LICENSE_PATH: "/home/license/{{ .Values.applications.ingress.licenseFileName }}" - SERVICE_ELASTICSEARCH_HOST: {{ .Values.applications.es.name }}-lb - SERVICE_ELASTICSEARCH_PORT: "9200" + SERVER_SSL_TRUST_STORE: "/certs/truststore-in.jks" + SERVER_SSL_TRUST_STORE_PASSWORD: "webmethods" + SERVER_SSL_CLIENT_AUTH: "NEED" + + APICP_ENGINE_ENDPOINT: "https://{{ .Values.applications.engine.name }}-svc:8443" + APICP_ASSET_CATALOG_ENDPOINT: "https://{{ .Values.applications.assetcatalog.name }}-svc:8443" + APICP_UI_ENDPOINT: "https://{{ .Values.applications.ui.name }}-svc:8443" + APICP_STORE_ASSETS_HOST: {{ .Values.applications.datastore.name }}-lb + APICP_STORE_ASSETS_PORT: "9200" + APICP_STORE_ASSETS_USERNAME: "admin" + APICP_STORE_ASSETS_PASSWORD: "MyPassword@123" + APICP_STORE_ASSETS_ENABLE_SSL: "true" + APICP_STORE_ASSETS_KEYSTORE_FILE_PATH: "/certs/keystore-in.jks" + APICP_STORE_ASSETS_KEYSTORE_PASSWORD: "webmethods" + APICP_STORE_ASSETS_KEYSTORE_ALIAS_NAME: "webmethods" + APICP_STORE_ASSETS_TRUSTSTORE_FILE_PATH: "/certs/truststore-in.jks" + APICP_STORE_ASSETS_TRUSTSTORE_PASSWORD: "webmethods" MANAGEMENT_HEALTH_ELASTICSEARCH_ENABLED: "false" + CONTROL_PLANE_TENANTID: "{{ .Values.applications.ingress.tenantId }}" + APICP_TENANT_ID: "{{ .Values.applications.ingress.tenantId }}" com.softwareag.api.umc.loadbalancer.url: "http://{{ .Values.domainName }}" + SAGCLOUD_URL: "" + APICP_SAG_CLOUD_URL: "" + APICP_LICENSE_PATH: "/home/license.xml" + APICP_STUDIO_ENABLED: "false" + APICP_INGRESS_TOKEN_SIGNATURE_KEY_STORE: "/certs/jwt_keystore.jks" + APICP_INGRESS_TOKEN_SIGNATURE_KEY_STORE_PASSWORD: "webmethods" + APICP_INGRESS_TOKEN_SIGNATURE_KEY_ALIAS: "ibm" + APICP_INGRESS_TOKEN_SIGNATURE_KEY_PASSWORD: "webmethods" + com.softwareag.api.umc.users.system.password: "manage" com.softwareag.api.umc.oauth.active: "" com.softwareag.api.umc.oauth.providers: "" com.softwareag.api.umc.oauth.api.keys: "" @@ -33,6 +49,9 @@ data: com.softwareag.api.umc.oauth.authorize.endpoint: "" com.softwareag.api.umc.oauth.access.endpoint: "" com.softwareag.api.umc.oauth.user.endpoint: "" + + JAVA_OPTS: "-Xms256m -Xmx256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp/ingress_heap_dump.hprof -Dcom.softwareag.api.umc.config.file=umc-defaults-controlplane.properties" + OTEL_JAVAAGENT_ENABLED: "{{ .Values.applications.jaegertracing.enabled }}" {{- if .Values.applications.jaegertracing.enabled }} JAVA_OPTS: "-Dotel.exporter.otlp.endpoint=http://{{ .Values.applications.jaegertracing.name }}-svc:{{ .Values.applications.jaegertracing.port }} -Dotel.resource.attributes=service.name={{ .Values.applications.ingress.name }}" @@ -42,4 +61,5 @@ data: {{- if .Values.applications.gainsight.enabled }} APICP_INGRESS_SECURITYCONFIG_HEADERS_CONTENT_SECURITY_POLICY : "default-src 'self'; img-src * 'self' data: *.aptrinsic.com storage.googleapis.com; object-src 'none'; script-src 'self' *.aptrinsic.com; style-src 'self' 'unsafe-inline' *.aptrinsic.com 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.aptrinsic.com" {{- end }} + --- diff --git a/deployment/helm/templates/ingress_deployment.yaml b/deployment/helm/templates/ingress_deployment.yaml index 3a91238..d7aa85d 100644 --- a/deployment/helm/templates/ingress_deployment.yaml +++ b/deployment/helm/templates/ingress_deployment.yaml @@ -1,3 +1,6 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: apps/v1 kind: Deployment metadata: @@ -25,12 +28,18 @@ spec: - name: license-file configMap: name: {{ .Values.applications.ingress.name }}-config + - name: certs + secret: + secretName: {{ .Values.secrets.certs.name }} containers: - image: {{ .Values.applications.ingress.imageName }}:{{ .Values.applications.ingress.imageTag }} name: {{ .Values.applications.ingress.name }} volumeMounts: - name: license-file - mountPath: /home/license + mountPath: /home + - name: certs + mountPath: /certs + readOnly: true envFrom: - configMapRef: name: {{ .Values.applications.ingress.name }}-config @@ -45,50 +54,34 @@ spec: requests: cpu: {{ .Values.applications.ingress.resources.requests.cpu }} memory: {{ .Values.applications.ingress.resources.requests.memory }} -# should be enabled if the certificate from host system is being mounted -# volumeMounts: -# - name: hostpath-volume -# mountPath: /opt/softwareag/certs/webmethods_not_for_production.jks ports: - - containerPort: 8080 + - containerPort: 8443 name: http + - containerPort: 8080 + name: internal readinessProbe: - httpGet: - path: /api/ingress/health/readiness - {{ if eq .Values.applications.ingress.sslEnabled true }} - port: 8443 - scheme: HTTPS - {{ else }} - port: 8080 - scheme: HTTP - {{ end }} + exec: + command: + - sh + - -c + - "curl -fk -s --cert /certs/in-cert.pem --key /certs/in-key.pem https://localhost:8443/api/ingress/health/readiness || exit 1" initialDelaySeconds: 100 periodSeconds: 20 successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 5 + timeoutSeconds: 15 livenessProbe: - httpGet: - path: /api/ingress/health/liveness - {{ if eq .Values.applications.ingress.sslEnabled true }} - port: 8443 - scheme: HTTPS - {{ else }} - port: 8080 - scheme: HTTP - {{ end }} + exec: + command: + - sh + - -c + - "curl -fk -s --cert /certs/in-cert.pem --key /certs/in-key.pem https://localhost:8443/api/ingress/health/liveness || exit 1" initialDelaySeconds: 100 periodSeconds: 20 successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 5 -# should be enabled if the certificate from host system is being mounted -# volumes: -# - name: hostpath-volume -# hostPath: -# path: /mnt/path/in/your/host/webmethods_not_for_production.jks -# type: File + timeoutSeconds: 15 terminationGracePeriodSeconds: 30 imagePullSecrets: - - name: {{ .Values.imagePullSecretName }} + - name: regcred --- diff --git a/deployment/helm/templates/ingress_service.yaml b/deployment/helm/templates/ingress_service.yaml index 0c04e05..d4a8f2b 100644 --- a/deployment/helm/templates/ingress_service.yaml +++ b/deployment/helm/templates/ingress_service.yaml @@ -1,3 +1,6 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: v1 kind: Service metadata: @@ -6,13 +9,13 @@ metadata: spec: ports: - name: http - port: 8080 + port: 8443 protocol: TCP - {{ if eq .Values.applications.ingress.sslEnabled true }} targetPort: 8443 - {{ else }} + - name: internal # Only for the JWT related internal communication. + port: 8080 + protocol: TCP targetPort: 8080 - {{ end }} selector: app: {{ .Values.applications.ingress.name }} type: ClusterIP diff --git a/deployment/helm/templates/jaegar_configmap.yaml b/deployment/helm/templates/jaegar_configmap.yaml deleted file mode 100644 index 5ccc774..0000000 --- a/deployment/helm/templates/jaegar_configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.applications.jaegertracing.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.applications.jaegertracing.name }}-config -data: - COLLECTOR_ZIPKIN_HOST_PORT: "9411" - COLLECTOR_OTLP_ENABLED: "true" ---- -{{- end }} \ No newline at end of file diff --git a/deployment/helm/templates/jaegar_service.yaml b/deployment/helm/templates/jaegar_service.yaml deleted file mode 100644 index e4c06ab..0000000 --- a/deployment/helm/templates/jaegar_service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.applications.jaegertracing.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.applications.jaegertracing.name }}-svc - namespace: {{ default "control-plane" .Release.Namespace }} -spec: - ports: - - port: {{ .Values.applications.jaegertracing.port }} - protocol: TCP - targetPort: {{ .Values.applications.jaegertracing.port }} - name: http - selector: - app: {{ .Values.applications.jaegertracing.name }} - type: ClusterIP ---- -{{- end }} \ No newline at end of file diff --git a/deployment/helm/templates/jaegar_ui_service.yaml b/deployment/helm/templates/jaegar_ui_service.yaml deleted file mode 100644 index 52b754a..0000000 --- a/deployment/helm/templates/jaegar_ui_service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.applications.jaegertracing.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.applications.jaegertracing.name }}-ui-svc - namespace: {{ default "control-plane" .Release.Namespace }} -spec: - ports: - - port: {{ .Values.applications.jaegertracing.uiPort }} - protocol: TCP - targetPort: {{ .Values.applications.jaegertracing.uiPort }} - name: http-ui - nodePort: {{ .Values.applications.jaegertracing.extPort }} - selector: - app: {{ .Values.applications.jaegertracing.name }} - type: NodePort ---- -{{- end }} \ No newline at end of file diff --git a/deployment/helm/templates/jaeger_deployment.yaml b/deployment/helm/templates/jaeger_deployment.yaml deleted file mode 100644 index c8f5d0b..0000000 --- a/deployment/helm/templates/jaeger_deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.applications.jaegertracing.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Values.applications.jaegertracing.name }} - namespace: {{ default "control-plane" .Release.Namespace }} -spec: - replicas: {{ .Values.applications.jaegertracing.replicaCount }} - selector: - matchLabels: - app: {{ .Values.applications.jaegertracing.name }} - template: - metadata: - labels: - app: {{ .Values.applications.jaegertracing.name }} - annotations: - spec: - automountServiceAccountToken: false - containers: - - image: {{ .Values.applications.jaegertracing.imageName }}:{{ .Values.applications.jaegertracing.imageTag }} - name: {{ .Values.applications.jaegertracing.name }} - envFrom: - - configMapRef: - name: {{ .Values.applications.jaegertracing.name }}-config - imagePullPolicy: Always - livenessProbe: - httpGet: - path: / - port: http-ui - initialDelaySeconds: 60 - periodSeconds: 20 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: http-ui - initialDelaySeconds: 60 - periodSeconds: 20 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 5 - securityContext: - runAsNonRoot: true - runAsUser: 1724 - resources: - limits: - cpu: {{ .Values.applications.jaegertracing.resources.limits.cpu }} - memory: {{ .Values.applications.jaegertracing.resources.limits.memory }} - requests: - cpu: {{ .Values.applications.jaegertracing.resources.requests.cpu }} - memory: {{ .Values.applications.jaegertracing.resources.requests.memory }} - ports: - - name: http - containerPort: {{ .Values.applications.jaegertracing.port }} - protocol: TCP - - name: http-ui - containerPort: 16686 - protocol: TCP - terminationGracePeriodSeconds: 30 ---- -{{- end }} \ No newline at end of file diff --git a/deployment/helm/templates/nginx_configmap.yaml b/deployment/helm/templates/nginx_configmap.yaml new file mode 100644 index 0000000..aec1b42 --- /dev/null +++ b/deployment/helm/templates/nginx_configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config +data: + default.conf: | + server { + server_name localhost; + listen 443 ssl ; + ssl_session_timeout 5m; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_certificate /etc/nginx/certs/nginx-cert.crt; + ssl_certificate_key /etc/nginx/certs/nginx-key.key; + + location / { + proxy_pass https://{{ .Values.applications.ingress.name }}-svc:8443; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host {{ .Values.domainName }}; + proxy_set_header X-Forwarded-Port 443; + + # Configure Nginx as a client using self-signed certs + proxy_ssl_certificate /etc/nginx/certs/nginx-cert.crt; + proxy_ssl_certificate_key /etc/nginx/certs/nginx-key.key; + + #proxy_ssl_trusted_certificate /etc/nginx/certs/in-cert.pem; + proxy_ssl_verify off; + } + } \ No newline at end of file diff --git a/deployment/helm/templates/nginx_deployment.yaml b/deployment/helm/templates/nginx_deployment.yaml new file mode 100644 index 0000000..3b7e9e8 --- /dev/null +++ b/deployment/helm/templates/nginx_deployment.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: cp.stg.icr.io/cp/webmethods/api/api-control-plane/third-party/nginx:latest + imagePullPolicy: Always + securityContext: + privileged: true + runAsUser: 0 + ports: + - containerPort: 443 + volumeMounts: + - name: nginx-config + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + - name: certs + mountPath: /etc/nginx/certs + readOnly: true + volumes: + - name: nginx-config + configMap: + name: nginx-config + - name: certs + secret: + secretName: {{ .Values.secrets.certs.name }} + imagePullSecrets: + - name: regcred + \ No newline at end of file diff --git a/deployment/helm/templates/nginx_ingress.yaml b/deployment/helm/templates/nginx_ingress.yaml deleted file mode 100644 index 874551c..0000000 --- a/deployment/helm/templates/nginx_ingress.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: control-plane - namespace: {{ default "control-plane" .Release.Namespace }} - annotations: - {{ if eq .Values.applications.ingress.sslEnabled true }} - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - {{ end }} -spec: - ingressClassName: {{ .Values.ingressClassName | default "nginx" }} - rules: - - host: {{ .Values.domainName }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ .Values.applications.ingress.name }}-svc - port: - {{- if eq .Values.applications.ingress.sslEnabled true }} - number: 8443 - {{- else }} - number: 8080 - {{- end }} diff --git a/deployment/helm/templates/nginx_service.yaml b/deployment/helm/templates/nginx_service.yaml new file mode 100644 index 0000000..47d62ad --- /dev/null +++ b/deployment/helm/templates/nginx_service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx +spec: + type: LoadBalancer + selector: + app: nginx + ports: + - protocol: TCP + port: 443 + targetPort: 443 \ No newline at end of file diff --git a/deployment/helm/templates/ui_configmap.yaml b/deployment/helm/templates/ui_configmap.yaml index 17bd2aa..2536259 100644 --- a/deployment/helm/templates/ui_configmap.yaml +++ b/deployment/helm/templates/ui_configmap.yaml @@ -1,10 +1,29 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: v1 kind: ConfigMap metadata: name: {{ .Values.applications.ui.name }}-config data: - APICP_ENGINE_ENDPOINT: "http://{{ .Values.applications.engine.name }}-svc:8080" - APICP_ASSET_CATALOG_ENDPOINT: "http://{{ .Values.applications.assetcatalog.name }}-svc:8080" + APICP_ENGINE_ENDPOINT: "https://{{ .Values.applications.engine.name }}-svc:8443" + APICP_ASSET_CATALOG_ENDPOINT: "https://{{ .Values.applications.assetcatalog.name }}-svc:8443" + APICP_AUTH_JWKS_URI: "https://{{ .Values.applications.ingress.name }}-svc:8443/api/ingress/v1/discovery/keys" + SPRING_CODEC_MAX_IN_MEMORY_SIZE: "{{ .Values.applications.ui.springCodecMaxMemorySize }}" + # JAVA_OPTS: "-Xms256m -Xmx256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp/ui_heap_dump.hprof" + + SERVER_PORT: "8443" + SERVER_SSL_ENABLED: "true" + SERVER_SSL_KEY_ALIAS: "webmethods" + SERVER_SSL_KEY_PASSWORD: "webmethods" + SERVER_SSL_KEY_STORE: "/certs/keystore-ui.jks" + SERVER_SSL_KEY_STORE_PASSWORD: "webmethods" + SERVER_SSL_KEY_STORE_TYPE: "JKS" + SERVER_SSL_TRUST_STORE: "/certs/truststore-ui.jks" + SERVER_SSL_TRUST_STORE_PASSWORD: "webmethods" + SERVER_SSL_CLIENT_AUTH: "NEED" + + OTEL_JAVAAGENT_ENABLED: "{{ .Values.applications.jaegertracing.enabled }}" {{- if .Values.applications.jaegertracing.enabled }} LOGGING_LEVEL_COM_SOFTWAREAG_CONTROLPLANE: "{{ .Values.applications.ui.logLevel }}" diff --git a/deployment/helm/templates/ui_deployment.yaml b/deployment/helm/templates/ui_deployment.yaml index 2914f0a..9d59c93 100644 --- a/deployment/helm/templates/ui_deployment.yaml +++ b/deployment/helm/templates/ui_deployment.yaml @@ -1,3 +1,6 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: apps/v1 kind: Deployment metadata: @@ -21,9 +24,17 @@ spec: date: "{{ now | unixEpoch }}" spec: automountServiceAccountToken: false + volumes: + - name: certs + secret: + secretName: {{ .Values.secrets.certs.name }} containers: - name: {{ .Values.applications.ui.name }} image: {{ .Values.applications.ui.imageName }}:{{ .Values.applications.ui.imageTag }} + volumeMounts: + - name: certs + mountPath: {{ .Values.secrets.certs.mountPath }} + readOnly: true envFrom: - configMapRef: name: {{ .Values.applications.ui.name }}-config @@ -39,29 +50,31 @@ spec: cpu: {{ .Values.applications.ui.resources.requests.cpu }} memory: {{ .Values.applications.ui.resources.requests.memory }} ports: - - containerPort: 8080 + - containerPort: 8443 name: http readinessProbe: - httpGet: - path: /controlplane/api/ui/health/readiness - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 + exec: + command: + - sh + - -c + - "curl -fk -s --cert /certs/ui-cert.pem --key /certs/ui-key.pem https://localhost:8443/controlplane/api/ui/health/readiness || exit 1" + initialDelaySeconds: 100 periodSeconds: 20 successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 5 + timeoutSeconds: 15 livenessProbe: - httpGet: - path: /controlplane/api/ui/health/liveness - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 + exec: + command: + - sh + - -c + - "curl -fk -s --cert /certs/ui-cert.pem --key /certs/ui-key.pem https://localhost:8443/controlplane/api/ui/health/liveness || exit 1" + initialDelaySeconds: 100 periodSeconds: 20 successThreshold: 1 failureThreshold: 3 - timeoutSeconds: 5 + timeoutSeconds: 15 terminationGracePeriodSeconds: 30 imagePullSecrets: - - name: {{ .Values.imagePullSecretName }} + - name: regcred --- \ No newline at end of file diff --git a/deployment/helm/templates/ui_service.yaml b/deployment/helm/templates/ui_service.yaml index 4be598e..1179bea 100644 --- a/deployment/helm/templates/ui_service.yaml +++ b/deployment/helm/templates/ui_service.yaml @@ -1,3 +1,6 @@ +# +# Copyright IBM Corp. 2024, 2025 +# apiVersion: v1 kind: Service metadata: @@ -5,9 +8,9 @@ metadata: namespace: {{ default "control-plane" .Release.Namespace }} spec: ports: - - port: 8080 + - port: 8443 protocol: TCP - targetPort: 8080 + targetPort: 8443 name: http selector: app: {{ .Values.applications.ui.name }} diff --git a/deployment/helm/values.yaml b/deployment/helm/values.yaml index 0986580..ed172b2 100644 --- a/deployment/helm/values.yaml +++ b/deployment/helm/values.yaml @@ -149,6 +149,12 @@ applications: plan: "Free" stage: "Staging" key: "AP-BCBBKBNAYWW6-2-2" + +secrets: + certs: + name: certs-secret + mountPath: /certs + domainName: my-control-plane imagePullSecretName: regcred # -- Optionally configure a ingress class to use for the kubernetes ingress (default: nginx) pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy