Merge pull request #1784 from CrowleyRajapakse/apim-dpcp-sync

CrowleyRajapakse · web-flow · commit fa2a9a71ad0f · 2026-04-28T11:13:00.000+05:30
Adding k8s templates related to gateway to apim sync mode
diff --git a/kubernetes/gateway-operator/config/gateway_values.yaml b/kubernetes/gateway-operator/config/gateway_values.yaml
@@ -28,6 +28,18 @@ gateway:
         xds_port: 18000
         shutdown_timeout: 15s
         gateway_id: "platform-gateway-id"
+      controlplane:
+        insecure_skip_verify: false
+        reconnect_initial: 1s
+        reconnect_max: 5m
+        polling_interval: 15m
+        deployment_push_enabled: false
+        sync_batch_size: 50
+        gateway_name: ""
+        apim_oauth2_client_id: ""
+        apim_oauth2_client_secret: ""
+        apim_oauth2_username: ""
+        apim_oauth2_password: ""
       policy_server:
         port: 18001
         tls:
@@ -140,6 +152,10 @@ gateway:
         level: info
         format: json
 
+    immutable_gateway:
+      enabled: false
+      artifacts_dir: "/etc/api-platform-gateway/immutable_gateway/artifacts"
+
   # Raw TOML appended to generated config.toml (see gateway chart values.yaml)
   config_toml: ""
 
diff --git a/kubernetes/helm/gateway-helm-chart/templates/gateway/gateway-config.yaml b/kubernetes/helm/gateway-helm-chart/templates/gateway/gateway-config.yaml
@@ -48,6 +48,11 @@ data:
     polling_interval = {{ $gc.controlplane.polling_interval | quote }}
     deployment_push_enabled = {{ $gc.controlplane.deployment_push_enabled }}
     sync_batch_size = {{ $gc.controlplane.sync_batch_size }}
+    gateway_name = {{ $gc.controlplane.gateway_name | quote }}
+    apim_oauth2_client_id = {{ $gc.controlplane.apim_oauth2_client_id | quote }}
+    apim_oauth2_client_secret = {{ $gc.controlplane.apim_oauth2_client_secret | quote }}
+    apim_oauth2_username = {{ $gc.controlplane.apim_oauth2_username | quote }}
+    apim_oauth2_password = {{ $gc.controlplane.apim_oauth2_password | quote }}
 
     {{- range $gc.encryption.providers }}
     [[controller.encryption.providers]]
@@ -228,6 +233,12 @@ data:
 {{ dict "policy_configurations" .Values.gateway.config.policy_configurations | toToml | indent 4 }}
     {{- end }}
 
+    {{- if .Values.gateway.config.immutable_gateway }}
+    [immutable_gateway]
+    enabled = {{ .Values.gateway.config.immutable_gateway.enabled }}
+    artifacts_dir = {{ .Values.gateway.config.immutable_gateway.artifacts_dir | quote }}
+    {{- end }}
+
     {{- if .Values.gateway.config_toml }}
 {{ .Values.gateway.config_toml | indent 4 }}
     {{- end }}
diff --git a/kubernetes/helm/gateway-helm-chart/values.yaml b/kubernetes/helm/gateway-helm-chart/values.yaml
@@ -110,6 +110,17 @@ gateway:
         # Number of deployments to fetch per batch during startup sync
         sync_batch_size: 50
 
+        # Friendly name shown for this gateway in the APIM control plane
+        gateway_name: ""
+
+        # OAuth2 Option 1: Client Credentials flow
+        apim_oauth2_client_id: ""
+        apim_oauth2_client_secret: ""
+
+        # OAuth2 Option 2: Resource Owner Password Credentials flow
+        apim_oauth2_username: ""
+        apim_oauth2_password: ""
+
       # Encryption provider configuration for secret management.
       # File paths must match the mount path set in gateway.controller.encryptionKeys.mountPath.
       encryption:
@@ -318,6 +329,11 @@ gateway:
         # Log format: json, text
         format: json
 
+    # Static API artifacts bundled with the gateway (see docs/gateway/immutable-gateway.md)
+    immutable_gateway:
+      enabled: false
+      artifacts_dir: "/etc/api-platform-gateway/immutable_gateway/artifacts"
+
   # Raw TOML string to append to the generated config.toml
   # Use this for additional configuration not covered by the structured values above
   # Example:
diff --git a/kubernetes/helm/operator-helm-chart/values.yaml b/kubernetes/helm/operator-helm-chart/values.yaml
@@ -169,6 +169,38 @@ gateway:
             # Directory containing policy definitions
             definitions_path: ./default-policies
 
+          # Control plane connection configuration
+          # Note: host and token are set via gateway.controller.controlPlane and rendered as env vars in the deployment.
+          controlplane:
+            # Skip TLS certificate verification for the control plane connection (insecure, dev/test only)
+            insecure_skip_verify: false
+
+            # Initial delay before retrying a failed control plane connection
+            reconnect_initial: 1s
+
+            # Maximum delay between reconnection attempts (exponential backoff cap)
+            reconnect_max: 5m
+
+            # How often to reconcile state with the control plane
+            polling_interval: 15m
+
+            # Push API deployment events to the control plane
+            deployment_push_enabled: false
+
+            # Number of deployments to fetch per batch during startup sync
+            sync_batch_size: 50
+
+            # Friendly name shown for this gateway in the APIM control plane
+            gateway_name: ""
+
+            # OAuth2 Option 1: Client Credentials flow
+            apim_oauth2_client_id: ""
+            apim_oauth2_client_secret: ""
+
+            # OAuth2 Option 2: Resource Owner Password Credentials flow
+            apim_oauth2_username: ""
+            apim_oauth2_password: ""
+
           # Logging configuration
           logging:
             # Log level: "debug", "info", "warn", or "error"
@@ -367,6 +399,11 @@ gateway:
             # Log format: json, text
             format: json
 
+        # Static API artifacts bundled with the gateway (see docs/gateway/immutable-gateway.md)
+        immutable_gateway:
+          enabled: false
+          artifacts_dir: "/etc/api-platform-gateway/immutable_gateway/artifacts"
+
         policy_configurations: {}
 
       # metadata for the generated shared ConfigMap (annotations / labels)
diff --git a/kubernetes/helm/resources/apim-apigateway-restapi-operator-demo/01-gateway-values-configmap.yaml b/kubernetes/helm/resources/apim-apigateway-restapi-operator-demo/01-gateway-values-configmap.yaml
@@ -14,6 +14,16 @@ data:
           controlplane:
             # Skip TLS certificate verification for the control plane connection (insecure, dev/test only)
             insecure_skip_verify: true
+            gateway_name: ""
+            # OAuth2 Option 1: Client Credentials flow
+            apim_oauth2_client_id: ""
+            apim_oauth2_client_secret: ""
+            # OAuth2 Option 2: Resource Owner Password Credentials flow
+            apim_oauth2_username: ""
+            apim_oauth2_password: ""
+        immutable_gateway:
+          enabled: false
+          artifacts_dir: "/etc/api-platform-gateway/immutable_gateway/artifacts"
       controller:
         controlPlane:
           host: host.docker.internal:9444
diff --git a/kubernetes/helm/resources/apim-gateway-api-operator-demo/01-gateway-values-configmap.yaml b/kubernetes/helm/resources/apim-gateway-api-operator-demo/01-gateway-values-configmap.yaml
@@ -14,6 +14,16 @@ data:
           controlplane:
             # Skip TLS certificate verification for the control plane connection (insecure, dev/test only)
             insecure_skip_verify: true
+            gateway_name: ""
+            # OAuth2 Option 1: Client Credentials flow
+            apim_oauth2_client_id: ""
+            apim_oauth2_client_secret: ""
+            # OAuth2 Option 2: Resource Owner Password Credentials flow
+            apim_oauth2_username: ""
+            apim_oauth2_password: ""
+        immutable_gateway:
+          enabled: false
+          artifacts_dir: "/etc/api-platform-gateway/immutable_gateway/artifacts"
       controller:
         controlPlane:
           host: host.docker.internal:9444
