Layer 7 Container gateway 11.x does not apply the java arguments set in config.javaArgs section.
search cancel

Layer 7 Container gateway 11.x does not apply the java arguments set in config.javaArgs section.

book

Article ID: 383047

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

When deploying a container gateway using the example helm charts as base , the java arguments specified in the  config.javaArgs section are not applied to the running container. 

https://github.com/CAAPIM/apim-charts/tree/stable/charts/gateway#java-args

config:
  heapSize: "2g"
  minHeapSize: "1g"
  maxHeapSize: "3g"
  javaArgs:
    - -Dcom.l7tech.bootstrap.autoTrustSslKey=trustAnchor,TrustedFor.SSL,TrustedFor.SAML_ISSUER
    - -Dcom.l7tech.server.audit.message.saveToInternal=false
    - -Dcom.l7tech.server.audit.admin.saveToInternal=false
    - -Dcom.l7tech.server.audit.system.saveToInternal=false
    - -Dcom.l7tech.server.audit.log.format=json
    - -Djava.util.logging.config.file=/opt/SecureSpan/Gateway/node/default/etc/conf/log-override.properties
    - -Dcom.l7tech.server.pkix.useDefaultTrustAnchors=true
    - -Dcom.l7tech.security.ssl.hostAllowWildcard=true

The created config map and the running process only has the settings from the additionalEnv section .

kubectl describe  configmap  <gatewaypodname>-configmap -n <environment>

 

Resolution

The java arguments set in the config.javaArgs section of the helm chart are overwritten by the  EXTRA_JAVA_ARGS  environment variable set in the additionalEnv section .

additionalEnv: {  
            # Added extra java arg so the traffic file logging sinks works with the stout of the pods.
            EXTRA_JAVA_ARGS: "-Dcom.l7tech.security.ssl.hostAllowWildcard=true",
            TZ: "Europe/Amsterdam"
          }

The helm chart is creating a  EXTRA_JAVA_ARGS  from the settings in config.javaArgs and is using this to configure the gateway pod. 

When this same variable is also set in additionalEnv  section it will replace the created one and ignore the setting set in config.javaArgs

The only java argument set is the one from EXTRA_JAVA_ARGS: "-Dcom.l7tech.security.ssl.hostAllowWildcard=true".

The additional java arguments should be placed in config.javaArgs and the additionalEnv should be used for new additional variables.

Using existing variables used by the helm charts will be replaced by the value in this setting !

Powered by Wolken Software