Description:

Currently, the kubernetes extension supports "kubectl add api" only. This has to be changed to support kubectl update API as well.
Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
When user defined a namespace and not defined a security in swagger it should be able to refer a default security from the user defined name space.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
As of now microgateway config file and dockerfile for kaniko job have a name which does not change according to API instances.
This is not an issue if the API instances are added sequentially, because the resources get updated according to changes.
But when an API is added before the kaniko job of the previous API instance is completed, the configuration file of the previous API can get overridden by the new changes.
Further, to connect the cascade deletion to the API, the above files need to have a connection with the api instance.
Hence it is needed to maintain separate configmaps for above files
Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
make a zip file containing artifacts needs for the deployment and sample scenarios.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Currently the token revocation feature and request/response validation feature available in microgateway are not supported by the api operator.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Currently when the number of replicas is more than 1, then the backend serves more than the limit set by the ratelimiting policy. This is because the limit is set to each node and hence the deployment allows number of requets equal to replicas * limit.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
The template we need to generate docker file takes from coping it to the bin. Instead need to make it available for the user in a configmap so that user can customize it.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

1. In the step 4, we're asked to "Download API controller v3.0.0 for your operating system from the website". But when we visit we don't see a download link to API controller v3.0.0. The link is for Dev-Ops Tooling.

Maybe we can fix the QSG like this?

"Download Dev-Ops Tooling (API controller v3.0.0) for your operating system from the website".

or

"Download API controller v3.0.0 (Dev-Ops Tooling) for your operating system from the website".

2. Liveness and readiness probes start after 5 mins which is too long. Ideally, it should start early and have a retry mechanism until the pod is ready.

3. apictl readme says For WSO2 API Manager 2.6.0.

4. Mac doesn't trust the developer of apictl.

5. In step 3, it says "For Docker for Mac use 'localhost' for the K8s node IP"

this should be 127.0.0.1 instead of localhost.

Description:
At the moment when the user deletes an api or the operator; the related services, configmaps, secrets, jobs and other resources are not deleted. User will have to manually clean up all the garbage resources. The operator has to facilitate automatic deletion of related resources when user wants to delete a particular api, as well as if the user wants to delete the operator.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

If 'update-api' command is executed instead of 'add api" command, all the k8s artifacts will get created. However, k8s service will not get created if the service is not available.
Correct behaviour should check if the service is available in the cluster and create the service if it is not available.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
need to handle target endpoints defined in resource level with sidecar deployment. When the deployment is sidecar, target endpoints should replace with localhost.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Keymanager related configuration and secrets are being configured with the micro-gw via the APIM-Controller. Hence this flow has to be tested properly to verify the behaviour and identify the issues if there's any.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

Scenario 6 and 7 depict the private jet mode and sidecar patterns. Here the image for backend is not compatible with the API definition. Hence they properly need to modify the improve the quality of the scenarios.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

Scenario 4 is about deploying oauth2 protected APIs in the k8s cluster and invoking them. However, this requires APIM deployment etc to test properly. Current scenario-4 is missing some of the artefacts to deploy APIM in the Kubernetes cluster and to map them properly.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

To push the image to the docker registry, docker config is attached to the Kaniko pod.
As of now, we are attaching it as a config map. Since this contains confidential information, we should move it to secret.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Kaniko job fails when adding a new API and the relevant image does not exists.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
The user namespace is obtained by the controller config file at the moment. But the user should be able to give the preferred namespace when executing the kubectl add api & kubectl update api commands. The microgateway deployment and service should be created in this namespace from the above commands.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Currently analytics feature is not supported by the k8s operator.
Provide analytics support for the operator. The sensitive data should be provided by a secret and other needed parameters through a configmap. Analytics should be disabled if either of these are not configured. Microgateway configuration should be handled accordingly. Since container crashing can cause loss of data, separate volume (EmptyDir) should be mounted to handle the usage data files.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

End-users (DevOps), needs to be delivered the k8s controller artefacts in a convenient manner. Hence ATM, it is best to deliver them as a zip including a well-documented readme as well.

The read me also should include the necessary instructions,

• In deploying kubernetes extension
• In deploying controller configuration (description of each configuration)
• Artifacts of the controller
• CRDs (with sample)

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

The existing images in the API controller use mgw-3.0.0-beta2 images for both runtime and toolkit. This has to be changed to the latest version and modify the other changes required to compatible to controller with the latest mgw release.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
When I execute the kubectl add api petstore --from-file=swagger.yaml, I got the following error.

Generating a api kind
The API "petstore" is invalid: []: Invalid value: map[string]interface {}{"apiVersion":"wso2.com/v1alpha1", "kind":"API", "metadata":map[string]interface {}{"clusterName":"", "name":"petstore", "namespace":"wso2-system", "generation":1, "creationTimestamp":"2019-06-05T19:13:02Z", "uid":"f0b3fb2d-87c5-11e9-9715-080027146fec", "selfLink":""}, "spec":map[string]interface {}{"definition":map[string]interface {}{"replicas":1, "configMapKeyRef":map[string]interface {}{"name":"petstore"}}, "mode":"privateJet"}}: validation failure list:
spec.definition.swagger in body is required

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:
copy the kubectl-add.sh extension as instructed in readme.
And execute the command to add api "kubectl add api petstore --from-file=swagger.yaml"

Related Issues:

Description:

Currently, the pods in the clusters do not have the readiness and liveness probes to make sure the pods are ready to accept the traffic and pods are healthy. Hence we need to include these properties to enhance the quality of the deployment.
Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Need to add sample scenarios for privetJet and sidecar modes so that users can easily test.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
API deployment pod replaces when the endpoint mode is sidecar and it only shows one container running inside the pod

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

Kaniko job is responsible to create the micro-gateway image using the micro-gw toolkit and runtime. However, this job has to be only scheduled, if the particular micro-gw image is not available in the container image registry.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Currently the mgw http and https ports are not configurable by the user in the operator

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

As of now, the configuration steps break the user experience. We need to enhance the UX to avoid the confusions for the users.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
It is more convenient for users to have some test scenarios to test following security flows.

• Basic security
• JWT
• Oauth

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

As of now, the image being built has the following format.
"API CR name" + "version in the API definition".

IMO, this has to be changed in the following way.
"API name in the API definition" + "version in the API definition".

Because, if multiple users use the same swagger with different API name, there is no point of having different docker images. Hence the above proposed convention.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Currently it supports importing single certificate at a time to the truststore. it needs to extend with multiple certificate import since for an API it is possible to have multiple certificates for multiple endpoints.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
This should enable the security flow as follows.

1. Get the name of the security cr from the swagger. (ex: security:
   - basicauth:
   - read
   - write)
2. Get all securities defined in swagger and get crs from user namespace and update config files and mount certificates for all of securities.
3. Modify the swagger by adding securitySchemes for defined securities.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
At the moment we create only the deployment and the service. We need to create the HPA for auto-scaling based on CPU limits.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
whenever user does not defined securities in swagger definition should use default security schema. It should copied to the user namespace as well. The flow copies the security when resources level securities are not defined. should do the same when API level securities not defined.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
when using basic security flow and make a curl request with externalIP and the port it will gives error response

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
APIM configurations are needed only when connect with APIM. Therefore need to make that configurations optional.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

When the API portal pod is not available, the analytics dashboard is not accessible although the analytics dashboard pod status is displayed as 'Ready'.
To make it easier for the user to debug, it is better if the analytics dashboard is not in ready state when the api portal is not available.

Description:

When deploying a targetendpoint, it creates a service with cluster IP. However the port and the target port both are taken from the "port" defined in the targetEndpoint CRs which would break the call from APIM CR (mgw) to the target endpoint.
Instead of that, these should be allowed to assign default HTTP and HTTPs endpoint when necessary.

Suggested Labels:

Suggested Assignees:

Affected Product Version:
v1.0.0-alpha

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Kaniko supports different args such as insecure registry, etc.

We should be able to support those without adding those to the code. Probably we can use a config map for Kaniko args. Then add those args to the kaniko job.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Earlier we only deleted the completed jobs in updating an existing API. need to delete completed jobs when adding a new API as well.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Change the basic flow as to build and push the relevant docker image and generate kubernetes deployment and service for the API when required.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
currently support API security with Oauth2 and JWT authentications. this need to be extend to have the basic authentication support as well. Here the user need to provide the credentials to as a secret and embed the secret name in the security cr created.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
It is good to delete jobs and related resources after successful completion unless it'll remain and grow in the cluster.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

According to current implementation, the dockerhub credentials have to be entered in apim-operator/controller-configs/dockersecrettemplate.yaml and the docker hub registry/username has to be entered again in the apim-operator/controller-configs/controller_conf.yaml.

If they have to be entered only once, the user experience will be improved

Description:
To test the k8s-operator flow, it is helpful to have sample resource artifacts.
Functions to be tested:
Adding API
Update API
Delete API
Analytics
OAuth2 flow
JWT flow
Ratelimiting
Security kind
Target endpoint kind

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
As of now some API related resources are in the wso2-system namespace, while deployment and service are created in the user given namepsace. But for the user to have more insight into the workflow of the operator, all the API related resources should be in the user namespace. Also, if a user tries to add an api name which does not exist in that user namespace, but exists in another namespace; the earlier approach would give arise to an error saying kubernetes job already exists.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
need to provide multiple ports to the load balancer service

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:

Analytics related configuration, secrets and volume mounts are being configured with the micro-gw via the APIM-Controller. Hence this flow has to be tested properly to verify the behaviour and identify the issues if there's any.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

When the apim-operator is deployed in a namespace other than wso2-system, the controllers run in an error loop forever when a custom resource is deployed.

Description:
Earlier when the user provide the swagger file we edited the same swagger for microgateway and updated the same configmap. Hence user won't be able to get the original copy of swagger file. Therefore need to keep both original swagger file and modified swagger file in two configmaps.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

Description:
Earlier there is no way to add interceptors to modify request and response flows. Need to add that support.

Suggested Labels:

Suggested Assignees:

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues: