GluuFederation · moabu · Mar 25, 2025 · Mar 24, 2025
@@ -202,6 +202,100 @@ volumeMounts:
 {{- end }}
 {{- end }}
 
+
+{{/*
+Create JAVA_OPTIONS ENV for passing custom work and detailed logs
+*/}}
+{{- define "auth-server.customJavaOptions"}}
+{{ $custom := "" }}
+{{- $cnCustomJavaOptions := index .Values "auth-server" "cnCustomJavaOptions" }}
+{{- $custom := printf "%s" $cnCustomJavaOptions }}
+{{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}}
+{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.25) 1 ) -}}
+{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.7)) -}}
+{{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}}
+{{ $customJavaOptions | trim | quote }}
+{{- end }}
+
+{{/*
+Create JAVA_OPTIONS ENV for passing custom work and detailed logs
+*/}}
+{{- define "casa.customJavaOptions"}}
+{{ $custom := "" }}
+{{ $custom = printf "%s" .Values.casa.cnCustomJavaOptions }}
+{{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}}
+{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.10) 1 ) -}}
+{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.7)) -}}
+{{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}}
+{{ $customJavaOptions | trim | quote }}
+{{- end }}
+
+{{/*
+Create JAVA_OPTIONS ENV for passing custom work and detailed logs
+*/}}
+{{- define "config-api.customJavaOptions"}}
+{{ $custom := "" }}
+{{- $cnCustomJavaOptions := index .Values "config-api" "cnCustomJavaOptions" }}
+{{- $custom := printf "%s" $cnCustomJavaOptions }}
+{{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}}
+{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.10) 1 ) -}}
+{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.7)) -}}
+{{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}}
+{{ $customJavaOptions | trim | quote }}
+{{- end }}
+
+{{/*
+Create JAVA_OPTIONS ENV for passing custom work and detailed logs
+*/}}
+{{- define "fido2.customJavaOptions"}}
+{{ $custom := "" }}
+{{ $custom = printf "%s" .Values.fido2.cnCustomJavaOptions }}
+{{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}}
+{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.08) 1 ) -}}
+{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.7)) -}}
+{{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}}
+{{ $customJavaOptions | trim | quote }}
+{{- end }}
+
+{{/*
+Create JAVA_OPTIONS ENV for passing custom work and detailed logs
+*/}}
+{{- define "scim.customJavaOptions"}}
+{{ $custom := "" }}
+{{ $custom = printf "%s" .Values.scim.cnCustomJavaOptions }}
+{{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}}
+{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.15) 1 ) -}}
+{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.7)) -}}
+{{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}}
+{{ $customJavaOptions | trim | quote }}
+{{- end }}
+
+{{/*
+Create JAVA_OPTIONS ENV for passing custom work and detailed logs
+*/}}
+{{- define "link.customJavaOptions"}}
+{{ $custom := "" }}
+{{ $custom = printf "%s" .Values.link.cnCustomJavaOptions }}
+{{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}}
+{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.08) 1 ) -}}
+{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.7)) -}}
+{{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}}
+{{ $customJavaOptions | trim | quote }}
+{{- end }}
+
+{{/*
+Create JAVA_OPTIONS ENV for passing custom work and detailed logs
+*/}}
+{{- define "saml.customJavaOptions"}}
+{{ $custom := "" }}
+{{ $custom = printf "%s" .Values.saml.cnCustomJavaOptions }}
+{{ $memory := .Values.resources.limits.memory | replace "Mi" "" | int -}}
+{{- $maxDirectMemory := printf "-XX:MaxDirectMemorySize=%dm" ( mul (mulf $memory 0.10) 1 ) -}}
+{{- $xmx := printf "-Xmx%dm" (sub $memory (mulf $memory 0.7)) -}}
+{{- $customJavaOptions := printf "%s %s %s" $custom $maxDirectMemory $xmx -}}
+{{ $customJavaOptions | trim | quote }}
+{{- end }}
+
 {{/*
 Obfuscate configuration schema (only if configuration key is available)
 */}}

@@ -42,6 +42,10 @@ spec:
     {{- with .Values.image.pullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
     {{- end }}
       dnsPolicy: {{ .Values.dnsPolicy | quote }}
     {{- with .Values.dnsConfig }}
@@ -58,6 +62,20 @@ spec:
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
         env:
+          - name: CN_AUTH_JAVA_OPTIONS
+            value: {{ include "auth-server.customJavaOptions" . | trim }}
+          - name: CN_FIDO2_JAVA_OPTIONS
+            value: {{ include "fido2.customJavaOptions" . | trim }}
+          - name: CN_CASA_JAVA_OPTIONS
+            value: {{ include "casa.customJavaOptions" . | trim }}
+          - name: CN_CONFIG_API_JAVA_OPTIONS
+            value: {{ include "config-api.customJavaOptions" . | trim }}
+          - name: CN_SAML_JAVA_OPTIONS
+            value: {{ include "saml.customJavaOptions" . | trim }}
+          - name: CN_SCIM_JAVA_OPTIONS
+            value: {{ include "scim.customJavaOptions" . | trim }}
+          - name: CN_LINK_JAVA_OPTIONS
+            value: {{ include "link.customJavaOptions" . | trim }}
           {{- include "flex-all-in-one.usr-envs" . | indent 12 }}
           {{- include "flex-all-in-one.usr-secret-envs" . | indent 12 }}
         securityContext:

@@ -165,7 +165,8 @@ persistence:
   # -- Boolean flag to enable/disable the persistence job.
   enabled: true
 
-
+# -- Add tolerations for the pods
+tolerations: []
 
 
 alb:
@@ -175,6 +176,8 @@ alb:
 auth-server:
   # -- Boolean flag to enable/disable auth-server chart. You should never set this to false.
   enabled: true
+  # -- passing custom java options to auth-server. Notice you do not need to pass in any loggers options as they are introduced below in appLoggers. DO NOT PASS JAVA_OPTIONS in envs.
+  cnCustomJavaOptions: ""
   # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
   appLoggers:
     # -- Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e auth-server-script ===> 2022-12-20 17:49:55,744 INFO
@@ -343,6 +346,7 @@ auth-server-key-rotation:
   #     exec:
   #       command: ["sh", "-c", "mkdir /opt/jans/jetty/jans-auth/custom/static/stylesheet/"]
   lifecycle: {}
+
   # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"}
   additionalLabels: { }
   # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"}
@@ -385,6 +389,8 @@ casa:
   casaServiceName: casa
   # -- Boolean flag to enable/disable the casa chart.
   enabled: true
+  # -- passing custom java options to casa. Notice you do not need to pass in any loggers options as they are introduced below in appLoggers. DO NOT PASS JAVA_OPTIONS in envs.
+  cnCustomJavaOptions: ""
   # -- Enable endpoints in either istio or nginx ingress depending on users choice
   ingress:
     # -- Enable casa endpoints /casa
@@ -398,6 +404,8 @@ config-api:
   configApiServerServiceName: config-api
   # -- Boolean flag to enable/disable the config-api chart.
   enabled: true
+  # -- passing custom java options to config-api. Notice you do not need to pass in any loggers options as they are introduced below in appLoggers. DO NOT PASS JAVA_OPTIONS in envs.
+  cnCustomJavaOptions: ""
   # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
   appLoggers:
     # -- Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e config-api_persistence ===> 2022-12-20 17:49:55,744 INFO
@@ -444,6 +452,8 @@ fido2:
   fido2ServiceName: fido2
   # -- Boolean flag to enable/disable the fido2 chart.
   enabled: true
+  # -- passing custom java options to fido2. Notice you do not need to pass in any loggers options as they are introduced below in appLoggers. DO NOT PASS JAVA_OPTIONS in envs.
+  cnCustomJavaOptions: ""
   # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
   appLoggers:
     # -- Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e fido2 ===> 2022-12-20 17:49:55,744 INFO
@@ -489,6 +499,8 @@ scim:
   scimServiceName: scim
   # -- Boolean flag to enable/disable the SCIM chart.
   enabled: true
+  # -- passing custom java options to scim. Notice you do not need to pass in any loggers options as they are introduced below in appLoggers. DO NOT PASS JAVA_OPTIONS in envs.
+  cnCustomJavaOptions: ""
   # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
   appLoggers:
     # -- Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e jans-scim ===> 2022-12-20 17:49:55,744 INFO
@@ -528,6 +540,8 @@ link:
   linkServiceName: link
   # -- Boolean flag to enable/disable the link chart.
   enabled: false
+  # -- passing custom java options to link. Notice you do not need to pass in any loggers options as they are introduced below in appLoggers. DO NOT PASS JAVA_OPTIONS in envs.
+  cnCustomJavaOptions: ""
   # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
   appLoggers:
     # -- Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e link-persistence ===> 2022-12-20 17:49:55,744 INFO
@@ -561,6 +575,8 @@ saml:
   samlServiceName: saml
   # -- Boolean flag to enable/disable the saml chart.
   enabled: false
+  # -- passing custom java options to saml. Notice you do not need to pass in any loggers options as they are introduced below in appLoggers. DO NOT PASS JAVA_OPTIONS in envs.
+  cnCustomJavaOptions: ""
   # -- Enable endpoints in either istio or nginx ingress depending on users choice
   ingress:
     # Enable saml endpoints /kc
@@ -735,7 +751,7 @@ resources:
 # -- Configure the liveness healthcheck for the auth server if needed.
 livenessProbe:
   # -- Executes the python3 healthcheck.
-  # https://github.com/GluuProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py
+  # https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py
   exec:
     command:
       - python3
@@ -744,7 +760,7 @@ livenessProbe:
   periodSeconds: 30
   timeoutSeconds: 5
 # -- Configure the readiness healthcheck for the auth server if needed.
-# https://github.com/GluuProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py
+# https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py
 readinessProbe:
   exec:
     command:
@@ -774,6 +790,7 @@ additionalAnnotations: { }
 customScripts: [ ]
 # -- Add custom pod's command. If passed, it will override the default conditional command.
 customCommand: []
+
 # -- Responsible for synchronizing Keycloak SAML clients
 kc-scheduler:
   # -- Add custom normal and secret envs to the service