This repo contains Helm charts for the Apigee Registry API and related tools.
The charts directory contains Helm charts for the parts of an API Registry.
-
registry-server installs the Registry API gRPC service.
-
registry-gateway installs an Envoy proxy configured to provide grpc-web and grpc-transcoding support.
-
registry-viewer installs the Registry Viewer.
-
registry-controller installs an instance of the
registry
tool configured to run as a controller with built-in support for running a small set of default linters and similar tools.
Users familiar with Helm can install these charts directly, but we also include directories containing scripts supporting common environments.
This directory contains scripts for installing these charts in minikube. It starts a local installation suitable for exploration.
minikube/SETUP.sh
will start minikube and install the charts. It should be run from the directory containing this README.minikube/TEARDOWN.sh
will delete everything and stop minikube.minikube/dash.sh
will open the Kubernetes dashboard in a local browser.minikube/viewer.sh
will open the Registry Viewer in a local browser.minikube/registry-config.sh
will configure theregistry
tool to work with the minikube installation.
This directory contains scripts for installing the charts in microk8s. This sets up a registry for more persistent usage. We have used them to run the API Registry in a local "bare-metal" cluster.
microk8s/SETUP.sh
will start minikube and install the charts. It should be run from the directory containing this README.microk8s/TEARDOWN.sh
will delete everything and stop minikube.
Connections to the API and viewer use SSL, so two hostnames are required along with an SSL certificate that can be used for both. These should be set as environment variables.
export REGISTRY_HOST registry.example.com
export VIEWER_HOST apis.example.com
The SETUP.sh
script also expects a file named secret.yaml
at the root of
this repo. It should contain a YAML description of a Kubernetes secret named
registry-tls
in the registry
namespace. For example:
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: registry-tls
namespace: registry
data:
tls.crt: <base64-encoded certificate>
tls.key: <base64-encoded key>
Alternately, this secret could be created from local credentials:
kubectl create secret tls registry-tls --namespace=registry --cert=fullchain.pem --key=privkey.pem
To directly call the registry server, expose the registry-server
using one of
the following methods:
# expose the pod for local testing (your pod name will vary)
kubectl port-forward -n registry pods/registry-server-d67c558c8-g9rmz 8080:8080
# expose the deployment for local testing
kubectl port-forward -n registry deployments/registry-server 8080:8080
# expose the service for local testing
kubectl port-forward -n registry services/registry-server 8080:80
Since these commands run for the lifetime of the connection, change to a different shell to call the API.
# first configure the registry tool
registry config configurations create helm
registry config set address localhost:8080
registry config set insecure true
registry config set location global
# verify the registry-server and its database connection
registry rpc admin get-storage --json
The registry-server
requires PostgreSQL, and the chart currently expects an
installation of the
bitnami/postgresql chart in the
registry
namespace. Future chart revisions might support
Cloud SQL and other database hosting services.
Quoting the bitnami/postgresql
installation notes:
PostgreSQL can be accessed via port 5432 on the following DNS names from within your cluster:
data-postgresql.registry.svc.cluster.local - Read/Write connection
To get the password for "postgres" run:
export POSTGRES_PASSWORD=$(kubectl get secret --namespace registry data-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)
To connect to your database run the following command:
kubectl run data-postgresql-client --rm --tty -i --restart='Never' --namespace registry --image docker.io/bitnami/postgresql:15.2.0-debian-11-r14 --env="PGPASSWORD=$POSTGRES_PASSWORD" \
--command -- psql --host data-postgresql -U postgres -d postgres -p 5432
NOTE: If you access the container using bash, make sure that you execute "/opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash" in order to avoid the error "psql: local user with ID 1001} does not exist"
To connect to your database from outside the cluster execute the following commands:
kubectl port-forward --namespace registry svc/data-postgresql 5432:5432 &
PGPASSWORD="$POSTGRES_PASSWORD" psql --host 127.0.0.1 -U postgres -d postgres -p 5432
WARNING: The configured password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue.
- https://helm.sh/docs/howto/chart_repository_sync_example/
- https://opensource.com/article/20/5/helm-charts
- https://docs.vmware.com/en/VMware-Application-Catalog/services/tutorials/GUID-create-first-helm-chart-index.html
Contents are copyrighted and licensed identically to the contents of
apigee/registry-experimental.
This repo is intended to be merged into registry-experimental
.