You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
List of image pull secrets to be used on the managed DeploymentConfigs ServiceAccounts. See imagePullSecrets field in K8s ServiceAccount documentation for details on Image pull secrets. If not specified, threescale-registry-auth is used. Secret names that contain dockercfg- or token- anywhere in part of its name cannot be specified. If an update to this attribute is performed the corresponding DeploymentConfig pods have to be redeployed by the user to make the changes effective
ResourceRequirementsEnabled
resourceRequirementsEnabled
bool
No
true
When true, 3Scale API management solution is deployed with the optimal resource requirements and limits. Setting this to false removes those resource requirements. Warning Only set it to false for development and evaluation environments. When set to true, default compute resources are set for the APIManager components. See Default APIManager components compute resources to see the default assigned values
RedisResources describes the compute resource requirements. Takes precedence over spec.resourceRequirementsEnabled with replace behavior
MemcachedImage
memcachedImage
string
No
nil
Used to overwrite the desired Memcached image for the Memcached used by System. Only takes effect when .spec.highAvailability.enabled is not set to true
The minimum resources the volume should have. Resources will not take any effect when VolumeName is provided. This parameter is not updateable when the underlying PV is not resizable.
VolumeName
volumeName
string
No
nil
The binding reference to the existing PersistentVolume backing this claim
Local object reference to the secret to be used where the AWS configuration is stored. See LocalObjectReference on how to specify the local object reference to the secret
The secret name specified in the configurationSecretRef field must be
pre-created by the user before creating the APIManager custom resource.
Otherwise the operator will complain about it. See the
fileStorage S3 credentials secret
specification to see what fields the secret should have and the values
that should be set on it.
DeprecatedSystemS3Spec
DEPRECATED Setting fields here has no effect. Use SystemS3Spec instead
Note: Deploying databases internally with this section is meant for evaluation purposes. Check HighAvailabilitySpec for production ready recommended deployments.
Field
json/yaml field
Type
Required
Default value
Description
MySQL
mysql
*SystemMySQLSpec
No
nil
Enable MySQL database as System's database. Only takes effect when .spec.highAvailability.enabled is not set to true. See MySQLSpec specification
PostgreSQL
postgresql
*SystemPostgreSQLSpec
No
nil
Enable PostgreSQL database as System's database. Only takes effect when .spec.highAvailability.enabled is not set to true. See PostgreSQLSpec
MySQLSpec
Field
json/yaml field
Type
Required
Default value
Description
Image
image
string
No
nil
Used to overwrite the desired container image for System's MySQL database
The minimum resources the volume should have. Resources will not take any effect when VolumeName is provided. This parameter is not updateable when the underlying PV is not resizable.
VolumeName
volumeName
string
No
nil
The binding reference to the existing PersistentVolume backing this claim
PostgreSQLSpec
Field
json/yaml field
Type
Required
Default value
Description
Image
image
string
No
nil
Used to overwrite the desired container image for System's PostgreSQL database
The minimum resources the volume should have. Resources will not take any effect when VolumeName is provided. This parameter is not updateable when the underlying PV is not resizable.
VolumeName
volumeName
string
No
nil
The binding reference to the existing PersistentVolume backing this claim
SystemAppSpec
Field
json/yaml field
Type
Required
Default value
Description
Replicas
replicas
integer
No
1
Number of Pod replicas of the system-app deployment
Resources describes the compute resource requirements. Takes precedence over spec.resourceRequirementsEnabled with replace behavior
ZyncSpec
Field
json/yaml field
Type
Required
Default value
Description
Image
image
string
No
nil
Used to overwrite the desired container image for Zync
PostgreSQLImage
postgreSQLImage
string
No
nil
Used to overwrite the desired PostgreSQL image for the PostgreSQL used by Zync. Does not take effect when .spec.highAvailability.enabled and spec.highAvailability.externalZyncDatabase are set to true
Affinity is a group of affinity scheduling rules. Does not take effect when .spec.highAvailability.enabled and spec.highAvailability.externalZyncDatabase are set to true
Tolerations allow pods to schedule onto nodes with matching taints. Does not take effect when .spec.highAvailability.enabled and spec.highAvailability.externalZyncDatabase are set to true
DatabaseResources describes the compute resource requirements. Takes precedence over spec.resourceRequirementsEnabled with replace behavior. Does not take effect when .spec.highAvailability.enabled and spec.highAvailability.externalZyncDatabase are set to true
Resources describes the compute resource requirements. Takes precedence over spec.resourceRequirementsEnabled with replace behavior
HighAvailabilitySpec
Field
json/yaml field
Type
Required
Default value
Description
Enabled
enabled
bool
No
false
Enable to use external system database, backend redis, and system redis databases
ExternalZyncDatabaseEnabled
externalZyncDatabaseEnabled
bool
No
false
Enable to user external zync database. The value of this field only takes effect when spec.highAvailability.enabled is set to true
When HighAvailability is enabled the following secrets have to be pre-created by the user:
backend-redis with the REDIS_STORAGE_URL and
REDIS_QUEUES_URL fields with values pointing to the desired external
databases. The databases should be configured
in high-availability mode
system-database with the URL field with the value
pointing to the desired external database. The database should be configured
in high-availability mode
system-redis with the URL and MESSAGE_BUS_URL fields
with the value pointing to the desired external databases. The databases
should be configured in high-availability mode
Additionally, when HighAvailability is enabled, if the externalZyncDatabaseEnabled field is
also enabled the user has to pre-create the following secret too:
zync with the DATABASE_URL and DATABASE_PASSWORD fields
with the values pointing to the desired external database settings.
The database should be configured in high-availability mode
PodDisruptionBudgetSpec
Field
json/yaml field
Type
Required
Default value
Description
Enabled
enabled
bool
No
false
Enable to automatically create PodDisruptionBudgets for components that can scale. Not including any of the databases or redis services.
Additionally, if desired, several sensitive APIManager configuration options
can be controlled by pre-creating some Kubernetes secrets before deploying the
APIManager Custom Resource.
The available configurable secrets are:
backend-internal-api
Field
Description
Default value
username
Backend internal API username. Backend internal API is used by System
3scale_api_user
password
Backend internal API password. Backend internal API is used by System
Autogenerated value
backend-listener
Field
Description
Default value
service_endpoint
Backend listener service endpoint. Used by System
http://backend-listener:3000
route_endpoint
Backend listener route endpoint. Used by System
https://backend-<tenantName>.<wildcardDomain>
backend-redis
Field
Description
Default value
REDIS_STORAGE_URL
Backend's redis storage database URL
redis://backend-redis:6379/0
REDIS_STORAGE_SENTINEL_ROLE
Backend's redis storage sentinel role name. Used only when Redis sentinel is configured in the Redis database being used
""
REDIS_STORAGE_SENTINEL_HOSTS
Backend's redis storage sentinel hosts name. Used only when Redis sentinel is configured in the Redis database being used
""
REDIS_QUEUES_URL
Backend's redis queues database URL
redis://backend-redis:6379/1
REDIS_QUEUES_SENTINEL_ROLE
Backend's redis queues sentinel role name. Used only when Redis sentinel is configured in the Redis database being used
""
REDIS_QUEUES_SENTINEL_HOSTS
Backend's redis queues sentinel hosts name. Used only when Redis sentinel is configured in the Redis database being used
""
system-app
Field
Description
Default value
SECRET_KEY_BASE
System application secret key base
Autogenerated value
system-database
Field
Description
Default value
URL
URL of the Porta database. The format of the URL must be: mysql2://root:<RootPassword>@<DatabaseHost>/<DatabaseName>
mysql2://root:<AutogeneratedValue>@system-mysql/<AutogeneratedValue> where '<>' fields should be replaced by the desired values
DB_USER
Non-administrative database username
mysql
DB_PASSWORD
Password of the non-administrative database user
Autogenerated value
ORACLE_SYSTEM_PASSWORD
Password of Oracle's SYSTEM administrative user. Required and only used when system's database provided in URL field is an external Oracle database
N/A
system-events-hook
Field
Description
Default value
URL
TODO
http://system-master:3000/master/events/import
PASSWORD
Shared secret to import events from backend to system
Autogenerated value
system-master-apicast
Field
Description
Default value
ACCESS_TOKEN
Read only access token that APIcast uses to download its configuration from System
Autogenerated value
BASE_URL
URL of the 3scale portal admin endpoint with authentication part
http://<ACCESS_TOKEN>@system-master:3000
PROXY_CONFIGS_ENDPOINT
URL of the available configs for all System's services
reCAPTCHA site key (used in spam protection) for System
""
SECRET_KEY
reCAPTCHA secret key (used in spam protection) for System
""
system-redis
Field
Description
Default value
URL
System's Redis database URL
redis://system-redis:6379/1
MESSAGE_BUS_URL
System's Message Bus Redis database URL
redis://system-redis:6379/8
NAMESPACE
Define the namespace to be used by System's Redis Database. The empty value means not namespaced
""
MESSAGE_BUS_NAMESPACE
Define the namespace to be used by System's Message Bus Redis Database. The empty value means not namespaced
""
SENTINEL_HOSTS
System's Redis sentinel hosts. Used only when Redis sentinel is configured
""
SENTINEL_ROLE
System's Redis sentinel role name. Used only when Redis sentinel is configured
""
MESSAGE_BUS_SENTINEL_HOSTS
System's Message Bus Redis sentinel hosts. Used only when Redis sentinel is configured
""
MESSAGE_BUS_SENTINEL_ROLE
System's Message Bus Redis sentinel role name. Used only when Redis sentinel is configured
""
system-seed
Field
Description
Default value
MASTER_USER
System's master username
master
MASTER_PASSWORD
System's master password
Autogenerated value
MASTER_ACCESS_TOKEN
System's master access token
Autogenerated value
MASTER_DOMAIN
System's master domain name
master
ADMIN_USER
System's admin user of the tenant created by default
admin
ADMIN_PASSWORD
System's admin password of the tenant created by default
Autogenerated value
ADMIN_ACCESS_TOKEN
System's admin access token of the tenant created by default
Autogenerated value
TENANT_NAME
Tenant name under the root that Admin UI will be available with -admin suffix
<tenantName>
zync
Field
Description
Default value
DATABASE_URL
PostgreSQL database used by Zync. Not configurable when spec.highAvailability.enabled is false
When .spec.highAvailability.enabled and .spec.highAvailability.zyncExternalDatabaseEnabled are set to true this parameter is mandatory and has to follow the format: postgresql://<zync-db-username>:<ZYNC_DATABASE_PASSWORD>@<zync-db-host>:<zync-db-port>/zync_production, where <zync-db-username> must be an already existing user in the external database with full permissions on the zync_production logical database, zync_production logical database must be an already existing logical database in the external database and the specified value of <ZYNC_DATABASE_PASSWORD> must be the same as the ZYNC_DATABASE_PASSWORD parameter in this secret. Otherwise it has a default value, which is postgresql://zync:<ZYNC_DATABASE_PASSWORD>@zync-database:5432/zync_production
ZYNC_DATABASE_PASSWORD
Database password associated to the user specified in the DATABASE_URL parameter
When .spec.highAvailability.enabled and .spec.highAvailability.zyncExternalDatabaseEnabled are set to true this parameter is mandatory and must have the same value as the password part of the DATABASE_URL parameter in this secret . Otherwise the default value is an autogenerated value if not defined
SECRET_KEY_BASE
Zync's application key generator to encrypt communications
Autogenerated value
ZYNC_AUTHENTICATION_TOKEN
Authentication token used to authenticate System when calling Zync
Autogenerated value
fileStorage-S3-credentials-secret
The name of this secret can be any name as long as does not collide with other
existing secret names.
Field
Description
Required
AWS_ACCESS_KEY_ID
AWS Access Key ID to use in S3 Storage for System's file storage
Y
AWS_SECRET_ACCESS_KEY
AWS Access Key Secret to use in S3 Storage for System's file storage
Y
AWS_BUCKET
S3 bucket to be used as System's FileStorage for assets
Y
AWS_REGION
Region of the S3 bucket to be used as System's FileStorage for assets
Default: false - When set to true, the bucket name is always left in the request URI and never moved to the host as a sub-domain
N
system-smtp
Field
Description
Default value
address
Address (hostname or IP) of the remote mail server to use. If set to a value different than "" System will use the mail server to send mails related to events that happen in the API management solution
""
port
Port of the remote mail server to use
""
domain
In case the mail server requires a HELO domain
""
authentication
In case the mail server requires authentication, set this setting to the authentication type here. plain to send the password in the clear, login to send password Base64 encoded, or cram_md5 to combine a Challenge/Response mechanism based on the HMAC-MD5 algorithm
""
username
In case the mail server requires authentication and the authentication type requires it
""
password
In case the mail server requires authentication and the authentication type requires it
""
openssl.verify.mode
When using TLS, you can set how OpenSSL checks the certificate. This is really useful if you need to validate a self-signed and/or a wildcard certificate. You can use the name of an OpenSSL verify constant: none or peer
""
Default APIManager components compute resources
When APIManager's spec.resourceRequirementsEnabled attribute is set to
true, default compute resources are set for the APIManager components.
The specific compute resources default values that are set for the
APIManager components are the following ones: