From eba8c7b89a0f92585c0627e948a68c139f2abd25 Mon Sep 17 00:00:00 2001 From: Tharsanan1 Date: Wed, 20 Nov 2024 12:40:33 +0530 Subject: [PATCH] Add perf test results --- .../performance/benchmarks/cpus-2/summary.csv | 48 +- test/performance/helm/values-cpu1.yaml | 430 ++++++++++++++++++ test/performance/helm/values-cpu2.yaml | 430 ++++++++++++++++++ 3 files changed, 884 insertions(+), 24 deletions(-) create mode 100644 test/performance/helm/values-cpu1.yaml create mode 100644 test/performance/helm/values-cpu2.yaml diff --git a/test/performance/benchmarks/cpus-2/summary.csv b/test/performance/benchmarks/cpus-2/summary.csv index c6dbf485f..3894fb850 100644 --- a/test/performance/benchmarks/cpus-2/summary.csv +++ b/test/performance/benchmarks/cpus-2/summary.csv @@ -1,25 +1,25 @@ Concurrent Users,Message Size (Bytes),Total requests,Average Response Time (ms),Throughput (Requests/sec),Error %,Error Count,90th Percentile of Response Time (ms),95th Percentile of Response Time (ms),99th Percentile of Response Time (ms),Adapter CPU,Adapter Memory,Enforcer CPU,Enforcer Memory,Router CPU,Router Memory -10,50B,3383291,2.59,3759.22,0,0,3,3,21,5m,43Mi,1000m,794Mi,1302m,223Mi -50,50B,4088705,10.93,4542.97,0,0,36,44,48,6m,43Mi,998m,793Mi,1265m,226Mi -100,50B,4334747,20.68,4816.36,0,0,50,54,59,6m,43Mi,996m,793Mi,1295m,232Mi -200,50B,4684356,38.34,5204.78,0,0,66,70,78,6m,43Mi,997m,789Mi,1377m,244Mi -500,50B,5442614,82.59,6046.83,0,0,107,112,123,6m,43Mi,998m,786Mi,1675m,253Mi -1000,50B,5668381,158.68,6297.35,0,0,205,215,253,5m,43Mi,999m,780Mi,1758m,259Mi -10,1KiB,3360878,2.61,3734.38,0,0,3,3,19,5m,43Mi,999m,793Mi,1364m,225Mi -50,1KiB,4038207,11.06,4486.86,0,0,32,40,45,6m,43Mi,997m,793Mi,1358m,232Mi -100,1KiB,4305882,20.82,4784.3,0,0,46,50,56,5m,43Mi,996m,789Mi,1386m,241Mi -200,1KiB,4685084,38.33,5205.23,0,0,63,68,76,5m,43Mi,996m,788Mi,1491m,250Mi -500,1KiB,5396222,83.3,5995.39,0,0,107,113,125,5m,43Mi,998m,784Mi,1762m,255Mi -1000,1KiB,5604466,160.5,6226.09,0,0,206,216,250,6m,43Mi,999m,761Mi,1772m,260Mi -10,10KiB,3235393,2.71,3594.84,0,0,3,4,11,5m,43Mi,995m,793Mi,1490m,225Mi -50,10KiB,3950350,11.31,4389.23,0,0,24,33,39,5m,43Mi,996m,793Mi,1536m,233Mi -100,10KiB,4208265,21.3,4675.66,0,0,40,44,50,6m,43Mi,996m,789Mi,1570m,243Mi -200,10KiB,4657685,38.55,5175.13,0,0,57,63,72,6m,43Mi,995m,788Mi,1728m,254Mi -500,10KiB,4982326,90.22,5535.55,0,0,108,115,129,6m,43Mi,994m,784Mi,1939m,255Mi -1000,10KiB,5054140,177.98,5614.81,0,0,213,224,250,6m,43Mi,996m,728Mi,1942m,261Mi -10,100KiB,2187293,4.03,2430.31,0,0,6,6,8,6m,43Mi,729m,793Mi,1753m,228Mi -50,100KiB,2639398,16.96,2932.6,0,0,23,25,31,6m,43Mi,766m,793Mi,1992m,240Mi -100,100KiB,2593709,34.6,2881.82,0,0,43,46,53,6m,43Mi,653m,789Mi,1984m,252Mi -200,100KiB,2494564,72.06,2771.61,0,0,85,90,103,6m,43Mi,614m,788Mi,1987m,270Mi -500,100KiB,2423797,185.54,2692.87,0,0,203,210,235,7m,43Mi,586m,781Mi,1993m,300Mi -1000,100KiB,2435185,369.97,2704.67,0,0,403,415,459,5m,42Mi,622m,683Mi,1990m,436Mi +10,50B,3470934,2.42,3856.49,0,0.0,3.0,3.0,4.0,4m,40Mi,674m,685Mi,1199m,266Mi +50,50B,5709235,7.54,6343.44,0,0.0,9.0,15.0,22.0,5m,40Mi,997m,684Mi,1714m,265Mi +100,50B,6058849,14.28,6731.81,0,0.0,22.0,27.0,33.0,4m,40Mi,996m,684Mi,1761m,266Mi +200,50B,6447993,26.93,7164.04,0,0.0,35.0,39.0,46.0,4m,40Mi,994m,685Mi,1913m,267Mi +500,50B,5721025,77.77,6355.96,0,0.0,87.0,91.0,101.0,5m,40Mi,886m,684Mi,1994m,271Mi +1000,50B,5604589,158.87,6225.93,0,0.0,175.0,182.0,196.0,5m,40Mi,832m,667Mi,1994m,277Mi +10,1KiB,3444343,2.45,3826.92,0,0.0,3.0,3.0,4.0,5m,40Mi,690m,685Mi,1305m,266Mi +50,1KiB,5710310,7.56,6344.57,0,0.0,9.0,11.0,17.0,4m,40Mi,993m,684Mi,1841m,265Mi +100,1KiB,6066568,14.3,6740.34,0,0.0,18.0,21.0,27.0,4m,40Mi,993m,684Mi,1903m,266Mi +200,1KiB,6194184,28.35,6882.01,0,0.0,34.0,36.0,41.0,4m,40Mi,978m,684Mi,1992m,268Mi +500,1KiB,5929577,74.96,6587.52,0,0.0,84.0,87.0,97.0,5m,40Mi,929m,684Mi,1994m,272Mi +1000,1KiB,5789512,153.81,6431.35,0,0.0,169.0,176.0,190.0,4m,40Mi,877m,662Mi,1994m,277Mi +10,10KiB,3076834,2.76,3418.6,0,0.0,3.0,4.0,4.0,5m,40Mi,626m,685Mi,1339m,270Mi +50,10KiB,5286779,8.23,5873.98,0,0.0,10.0,11.0,13.0,4m,40Mi,953m,684Mi,1953m,267Mi +100,10KiB,5528629,15.8,6142.72,0,0.0,19.0,20.0,23.0,5m,40Mi,921m,684Mi,1987m,268Mi +200,10KiB,5328762,33.17,5920.47,0,0.0,38.0,40.0,46.0,5m,40Mi,882m,684Mi,1993m,272Mi +500,10KiB,5235460,85.12,5816.47,0,0.0,95.0,98.0,109.0,4m,40Mi,850m,684Mi,1992m,281Mi +1000,10KiB,5243898,170.18,5825.12,0,0.0,184.0,191.0,209.0,4m,40Mi,800m,657Mi,1993m,298Mi +10,100KiB,2154391,4.03,2393.71,0,0.0,5.0,5.0,6.0,4m,40Mi,512m,685Mi,1767m,272Mi +50,100KiB,2757537,16.15,3063.8,0,0.0,21.0,23.0,26.0,5m,40Mi,536m,684Mi,1989m,272Mi +100,100KiB,2662375,33.61,2958.01,0,0.0,41.0,44.0,51.0,5m,40Mi,474m,684Mi,1990m,276Mi +200,100KiB,2496576,71.9,2773.71,0,0.0,82.0,85.0,95.0,4m,40Mi,454m,684Mi,1990m,298Mi +500,100KiB,2541564,176.8,2823.42,0,0.0,199.0,206.0,224.0,5m,40Mi,453m,674Mi,1985m,370Mi +1000,100KiB,2560651,351.47,2844.05,0,0.0,393.0,403.0,437.0,5m,40Mi,431m,650Mi,1982m,482Mi diff --git a/test/performance/helm/values-cpu1.yaml b/test/performance/helm/values-cpu1.yaml new file mode 100644 index 000000000..b1e191642 --- /dev/null +++ b/test/performance/helm/values-cpu1.yaml @@ -0,0 +1,430 @@ +# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. +# +# WSO2 LLC. licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +wso2: + subscription: + imagePullSecrets: "" + + apk: + webhooks: + validatingwebhookconfigurations: true + mutatingwebhookconfigurations: true + conversionwebhookconfigurations: true + auth: + enabled: true + enableServiceAccountCreation: true + enableClusterRoleCreation: true + serviceAccountName: wso2apk-platform + roleName: wso2apk-role + listener: + hostname: "api.am.wso2.com" + port: 9095 + # secretName: "idp-tls" + idp: + issuer: "https://idp.am.wso2.com/token" + usernameClaim: "sub" + organizationClaim: "organization" + groupsClaim: "groups" + consumerKeyClaim: "clientId" + # organizationResolver: "controlPlane" # controlplane,none + # tls: + # secretName: "wso2apk-idp-certificates" + # fileName: "idp.crt" + # signing: + # jwksEndpoint: "https://idp.am.wso2.com:9095/oauth2/jwks" + # secretName: "wso2apk-idp-signing" + # fileName: "idp.crt" + # cp: + # enabledSubscription: true + # host: "apim-apk-agent-service.apk.svc.cluster.local" + # skipSSLVerification: true + # skipSSLVerification: false + # persistence: + # type: "K8s" + dp: + enabled: true + gateway: + listener: + hostname: "gw.wso2.com" + service: {} + # secretName: "idp-tls" + # partitionServer: + # enabled: false + # host: "https://control-plane-wso2-apk-partition-server.control-plane.svc.cluster.local" + # serviceBasePath: "/api/publisher/v1" + # partitionName: "default" + # hostnameVerificationEnable: true + # tls: + # secretName: "partition-server-cert" + # fileName: "certificate.crt" + # headers: + # - name: "apiKey" + # value: "123-456-789" + configdeployer: + enabled: true + deployment: + resources: + requests: + memory: "512Mi" + cpu: "200m" + limits: + memory: "1024Mi" + cpu: "500m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-config-deployer-service:1.2.0 + # debug: true + # configs: + # tls: + # secretName: "my-secret" + # certKeyFilename: "tls.key" + # certFilename: "certchain.crt" + adapter: + deployment: + resources: + requests: + memory: "500Mi" + cpu: "500m" + limits: + memory: "500Mi" + cpu: "500m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-adapter:1.2.0 + security: + sslHostname: "adapter" + logging: + level: "DEBG" # LogLevels can be "DEBG", "FATL", "ERRO", "WARN", "INFO", "PANC" + # # logFormat: "TEXT" # Values can be "JSON", "TEXT" + configs: + enableGatewayClassController: false + # apiNamespaces: + # - "apk-v12" + # tls: + # secretName: "adapter-cert" + # certKeyFilename: "" + # certFilename: "" + commonController: + deployment: + resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "200m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-common-controller:1.2.0 + security: + sslHostname: "commoncontroller" + # configs: + # apiNamespaces: + # - "apk-v12" + ratelimiter: + enabled: true + deployment: + resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-ratelimiter:1.2.0 + security: + sslHostname: "ratelimiter" + # configs: + # tls: + # secretName: "ratelimiter-cert" + # certKeyFilename: "" + # certFilename: "" + # certCAFilename: "" + gatewayRuntime: + service: + annotations: + service.beta.kubernetes.io/azure-load-balancer-internal: "true" + service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "default" + deployment: + replicas: 1 + router: + resources: + requests: + memory: "600Mi" + cpu: "1000m" + limits: + memory: "600Mi" + cpu: "1000m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + imagePullPolicy: Always + image: wso2/apk-router:1.2.0 + # configs: + # tls: + # secretName: "router-cert" + # certKeyFilename: "" + # certFilename: "" + # logging: + # wireLogs: + # enable: true + # accessLogs: + # enable: true + env: + TRAILING_ARGS: "--log-level warn" + enforcer: + resources: + requests: + memory: "1000Mi" + cpu: "1000m" + limits: + memory: "1000Mi" + cpu: "1000m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + imagePullPolicy: Always + image: wso2/apk-enforcer:1.2.0 + security: + sslHostname: "enforcer" +# logging: +# level: DEBUG + configs: + javaOpts: "-Dhttpclient.hostnameVerifier=AllowAll -Xms1500m -Xmx1500m -XX:MaxRAMFraction=2" + authService: + maxMessageSize: 1000000000 + maxHeaderLimit: 8192 + keepAliveTime: 600 + threadPool: + coreSize: 400 + maxSize: 1000 + keepAliveTime: 600 + queueSize: 2000 +# tls: +# secretName: "router-cert" +# certKeyFilename: "" +# certFilename: "" +# JWKSClient: +# skipSSLVerification: false +# hostnameVerifier: "AllowAll" + + metrics: + enabled: false + # configDSBalHost: 0.0.0.0 + # idpDSBalHost: 0.0.0.0 + # statsd: + # image: + # repository: prom/statsd-exporter + # tag: v0.26.0 + # imagePullPolicy: Always + # resources: + # limits: + # memory: 128Mi + # requests: + # cpu: 0.1 + # memory: 64Mi +idp: + enabled: true + listener: + hostname: "idp.am.wso2.com" + # secretName: "idp-tls" + database: + driver: "org.postgresql.Driver" + url: "jdbc:postgresql://wso2apk-db-service:5432/WSO2AM_DB" + host: "wso2apk-db-service" + port: 5432 + databaseName: "WSO2AM_DB" + username: "wso2carbon" + secretName: "apk-db-secret" + secretKey: "DB_PASSWORD" + validationQuery: "SELECT 1" + validationTimeout: 250 + idpds: + configs: + issuer: "https://idp.am.wso2.com/token" + keyId: "gateway_certificate_alias" + hostname: "idp.am.wso2.com" + loginPageURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login" + loginErrorPageUrl: "https://idp.am.wso2.com:9095/authenticationEndpoint/error" + loginCallBackURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login-callback" + deployment: + resources: + requests: + memory: "512Mi" + cpu: "200m" + limits: + memory: "1024Mi" + cpu: "500m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-idp-domain-service:1.2.0 + idpui: + deployment: + resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "256Mi" + cpu: "100m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-idp-ui:1.2.0 + configs: + idpLoginUrl: "https://idp.am.wso2.com:9095/commonauth/login" + idpAuthCallBackUrl: "https://idp.am.wso2.com:9095/oauth2/auth-callback" + +gatewaySystem: + enabled: true + enableServiceAccountCreation: true + enableClusterRoleCreation: true + serviceAccountName: gateway-api-admission + applyGatewayWehbhookJobs: true + deployment: + image: registry.k8s.io/gateway-api/admission-server:v1.0.0 + imagePullPolicy: Always + +certmanager: + enabled: true + enableClusterIssuer: true + enableRootCa: true + rootCaSecretName: "apk-root-certificate" + +postgresql: + enabled: true + fullnameOverride: "wso2apk-db-service" + auth: + database: WSO2AM_DB + postgresPassword: wso2carbon + username: wso2carbon + password: wso2carbon + primary: + extendedConfiguration: | + max_connections = 400 + initdb: + scriptsConfigMap: postgres-initdb-scripts-configmap + user: wso2carbon + password: wso2carbon + service: + ports: + postgresql: 5432 + podSecurityContext: + enabled: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containerSecurityContext: + enabled: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsUser: null + + image: + debug: true + +redis: + enabled: true + architecture: standalone + fullnameOverride: redis + primary: + service: + ports: + redis: 6379 + master: + podSecurityContext: + enabled: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containerSecurityContext: + enabled: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsUser: null + auth: + enabled: false + image: + debug: true diff --git a/test/performance/helm/values-cpu2.yaml b/test/performance/helm/values-cpu2.yaml new file mode 100644 index 000000000..b8168ad78 --- /dev/null +++ b/test/performance/helm/values-cpu2.yaml @@ -0,0 +1,430 @@ +# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. +# +# WSO2 LLC. licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +wso2: + subscription: + imagePullSecrets: "" + + apk: + webhooks: + validatingwebhookconfigurations: true + mutatingwebhookconfigurations: true + conversionwebhookconfigurations: true + auth: + enabled: true + enableServiceAccountCreation: true + enableClusterRoleCreation: true + serviceAccountName: wso2apk-platform + roleName: wso2apk-role + listener: + hostname: "api.am.wso2.com" + port: 9095 + # secretName: "idp-tls" + idp: + issuer: "https://idp.am.wso2.com/token" + usernameClaim: "sub" + organizationClaim: "organization" + groupsClaim: "groups" + consumerKeyClaim: "clientId" + # organizationResolver: "controlPlane" # controlplane,none + # tls: + # secretName: "wso2apk-idp-certificates" + # fileName: "idp.crt" + # signing: + # jwksEndpoint: "https://idp.am.wso2.com:9095/oauth2/jwks" + # secretName: "wso2apk-idp-signing" + # fileName: "idp.crt" + # cp: + # enabledSubscription: true + # host: "apim-apk-agent-service.apk.svc.cluster.local" + # skipSSLVerification: true + # skipSSLVerification: false + # persistence: + # type: "K8s" + dp: + enabled: true + gateway: + listener: + hostname: "gw.wso2.com" + service: {} + # secretName: "idp-tls" + # partitionServer: + # enabled: false + # host: "https://control-plane-wso2-apk-partition-server.control-plane.svc.cluster.local" + # serviceBasePath: "/api/publisher/v1" + # partitionName: "default" + # hostnameVerificationEnable: true + # tls: + # secretName: "partition-server-cert" + # fileName: "certificate.crt" + # headers: + # - name: "apiKey" + # value: "123-456-789" + configdeployer: + enabled: true + deployment: + resources: + requests: + memory: "512Mi" + cpu: "200m" + limits: + memory: "1024Mi" + cpu: "500m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-config-deployer-service:1.2.0 + # debug: true + # configs: + # tls: + # secretName: "my-secret" + # certKeyFilename: "tls.key" + # certFilename: "certchain.crt" + adapter: + deployment: + resources: + requests: + memory: "500Mi" + cpu: "500m" + limits: + memory: "500Mi" + cpu: "500m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-adapter:1.2.0 + security: + sslHostname: "adapter" + logging: + level: "DEBG" # LogLevels can be "DEBG", "FATL", "ERRO", "WARN", "INFO", "PANC" + # # logFormat: "TEXT" # Values can be "JSON", "TEXT" + configs: + enableGatewayClassController: false + # apiNamespaces: + # - "apk-v12" + # tls: + # secretName: "adapter-cert" + # certKeyFilename: "" + # certFilename: "" + commonController: + deployment: + resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "200m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-common-controller:1.2.0 + security: + sslHostname: "commoncontroller" + # configs: + # apiNamespaces: + # - "apk-v12" + ratelimiter: + enabled: true + deployment: + resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-ratelimiter:1.2.0 + security: + sslHostname: "ratelimiter" + # configs: + # tls: + # secretName: "ratelimiter-cert" + # certKeyFilename: "" + # certFilename: "" + # certCAFilename: "" + gatewayRuntime: + service: + annotations: + service.beta.kubernetes.io/azure-load-balancer-internal: "true" + service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "default" + deployment: + replicas: 1 + router: + resources: + requests: + memory: "1000Mi" + cpu: "2000m" + limits: + memory: "1000Mi" + cpu: "2000m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + imagePullPolicy: Always + image: wso2/apk-router:1.2.0 + # configs: + # tls: + # secretName: "router-cert" + # certKeyFilename: "" + # certFilename: "" + # logging: + # wireLogs: + # enable: true + # accessLogs: + # enable: true + env: + TRAILING_ARGS: "--log-level warn" + enforcer: + resources: + requests: + memory: "2000Mi" + cpu: "1000m" + limits: + memory: "2000Mi" + cpu: "1000m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + imagePullPolicy: Always + image: wso2/apk-enforcer:1.2.0 + security: + sslHostname: "enforcer" +# logging: +# level: DEBUG + configs: + javaOpts: "-Dhttpclient.hostnameVerifier=AllowAll -Xms1500m -Xmx1500m -XX:MaxRAMFraction=2" + authService: + maxMessageSize: 1000000000 + maxHeaderLimit: 8192 + keepAliveTime: 600 + threadPool: + coreSize: 400 + maxSize: 1000 + keepAliveTime: 600 + queueSize: 2000 +# tls: +# secretName: "router-cert" +# certKeyFilename: "" +# certFilename: "" +# JWKSClient: +# skipSSLVerification: false +# hostnameVerifier: "AllowAll" + + metrics: + enabled: false + # configDSBalHost: 0.0.0.0 + # idpDSBalHost: 0.0.0.0 + # statsd: + # image: + # repository: prom/statsd-exporter + # tag: v0.26.0 + # imagePullPolicy: Always + # resources: + # limits: + # memory: 128Mi + # requests: + # cpu: 0.1 + # memory: 64Mi +idp: + enabled: true + listener: + hostname: "idp.am.wso2.com" + # secretName: "idp-tls" + database: + driver: "org.postgresql.Driver" + url: "jdbc:postgresql://wso2apk-db-service:5432/WSO2AM_DB" + host: "wso2apk-db-service" + port: 5432 + databaseName: "WSO2AM_DB" + username: "wso2carbon" + secretName: "apk-db-secret" + secretKey: "DB_PASSWORD" + validationQuery: "SELECT 1" + validationTimeout: 250 + idpds: + configs: + issuer: "https://idp.am.wso2.com/token" + keyId: "gateway_certificate_alias" + hostname: "idp.am.wso2.com" + loginPageURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login" + loginErrorPageUrl: "https://idp.am.wso2.com:9095/authenticationEndpoint/error" + loginCallBackURl: "https://idp.am.wso2.com:9095/authenticationEndpoint/login-callback" + deployment: + resources: + requests: + memory: "512Mi" + cpu: "200m" + limits: + memory: "1024Mi" + cpu: "500m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-idp-domain-service:1.2.0 + idpui: + deployment: + resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "256Mi" + cpu: "100m" + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 5 + strategy: RollingUpdate + replicas: 1 + imagePullPolicy: Always + image: wso2/apk-idp-ui:1.2.0 + configs: + idpLoginUrl: "https://idp.am.wso2.com:9095/commonauth/login" + idpAuthCallBackUrl: "https://idp.am.wso2.com:9095/oauth2/auth-callback" + +gatewaySystem: + enabled: true + enableServiceAccountCreation: true + enableClusterRoleCreation: true + serviceAccountName: gateway-api-admission + applyGatewayWehbhookJobs: true + deployment: + image: registry.k8s.io/gateway-api/admission-server:v1.0.0 + imagePullPolicy: Always + +certmanager: + enabled: true + enableClusterIssuer: true + enableRootCa: true + rootCaSecretName: "apk-root-certificate" + +postgresql: + enabled: true + fullnameOverride: "wso2apk-db-service" + auth: + database: WSO2AM_DB + postgresPassword: wso2carbon + username: wso2carbon + password: wso2carbon + primary: + extendedConfiguration: | + max_connections = 400 + initdb: + scriptsConfigMap: postgres-initdb-scripts-configmap + user: wso2carbon + password: wso2carbon + service: + ports: + postgresql: 5432 + podSecurityContext: + enabled: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containerSecurityContext: + enabled: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsUser: null + + image: + debug: true + +redis: + enabled: true + architecture: standalone + fullnameOverride: redis + primary: + service: + ports: + redis: 6379 + master: + podSecurityContext: + enabled: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containerSecurityContext: + enabled: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsUser: null + auth: + enabled: false + image: + debug: true