API Portal failed on certificate mount

Question

API Portal failed on certificate mount

Closed this issue 3 years ago · 6 comments

It looks like the api portal container is now referencing a wrong secret mount ... shouldn't this be apiportal-certs instead?

Answer 1 · 2022-02-22T13:09:56.000Z

Can you please check, if you have configured the following in you values.yaml?

apiportal.config.ssl.existingSecret

If not, by default a secret is created with the following name, which is referenced in the API-Portal deployment:
axway-apim-apiportal-certificates

The name of the secret is based on the apiportal.nameOverride.
Have you set apiportal.nameOverride?
For instance to apiportal?

Answer 2 · 2022-02-22T13:28:40.000Z

@cwiechmann Yes, I did set it as nameOverride: "apiportal"

Answer 3 · 2022-02-22T13:37:21.000Z

@cwiechmann I think the error is from below. Template certificates.name is defined as apiportal.name. However axway-apim-apiportal-certificates was generated

*/}}
{{- define "certificates.name" -}}
{{ include "apiportal.name" . }}-certificates
{{- end }}

Answer 4 · 2022-02-22T13:40:05.000Z

Hmm, include {{ include "apiportal.name" . }} means, it should use the following definition from the main helpers file that should honor your override:

{{/*
API-Portal name - Short by default as it look nicer in the ANM-Topology view
*/}}
{{- define "apiportal.name" -}}
{{- if .Values.apiportal.nameOverride -}}
{{ .Values.apiportal.nameOverride }}
{{- else -}}
{{- default .Chart.Name .Values.apiportal.nameOverride | trunc 63 | trimSuffix "-" -}}-apiportal
{{- end -}}
{{- end -}}

But I do agree, if it doesn't work something must be wrong here.

Answer 5 · 2022-02-22T14:03:40.000Z

One additional comment. The API-Portal Certificate-Secret is created only during the first installation of the HELM-Chart, as it's using the following HELM annotations:

  annotations:
    "helm.sh/hook": "pre-install"
    "helm.sh/hook-delete-policy": "before-hook-creation"

That means, if you have added the name override later, the secret is not re-created again with your new name. I think if you manually delete it, it should be re-created with the secret-name as expected.

Or you set the existing secret pointing to that secret already existing.

Answer 6 · 2022-02-22T14:10:32.000Z

@cwiechmann Thanks, that was the issue .. recreating the secrets worked