Skip to content

feat(charts): cloudtools integration with Helm charts #2037

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
moabu merged 6 commits into from
Apr 11, 2025
Merged

feat(charts): cloudtools integration with Helm charts #2037

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
bfbd1ef
feat(charts): cloudtools integration with Helm charts
iromli Apr 7, 2025
4eeb004
docs: fix chart version
iromli Apr 7, 2025
ec257ef
feat(charts): cloudtools for flex aio
iromli Apr 7, 2025
4541168
fix: remove invalid reference of janssen-all-in-one in charts
iromli Apr 7, 2025
3ee7010
chore(cloud-native): update FLEX and JANS source version
iromli Apr 10, 2025
ffa9a98
Merge branch 'main' into cn-cloudtools-chart
moabu Apr 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 28 additions & 4 deletions charts/gluu-all-in-one/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ Kubernetes: `>=v1.22.0-0`
| adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. |
| alb.ingress | bool | `false` | switches the service to Nodeport for ALB ingress |
| auth-server | object | `{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","cnCustomJavaOptions":"","enabled":true,"ingress":{"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"authServerProtectedRegister":false,"authServerProtectedRegisterAdditionalAnnotations":{},"authServerProtectedRegisterLabels":{},"authServerProtectedToken":false,"authServerProtectedTokenAdditionalAnnotations":{},"authServerProtectedTokenLabels":{},"authzenAdditionalAnnotations":{},"authzenConfigEnabled":true,"authzenConfigLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"lockAdditionalAnnotations":{},"lockConfigAdditionalAnnotations":{},"lockConfigEnabled":false,"lockConfigLabels":{},"lockEnabled":false,"lockLabels":{},"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}},"lockEnabled":false}` | Parameters used globally across all services helm charts. |
| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"0.0.0-nightly"},"initKeysLife":48,"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/cloudtools","tag":"0.0.0-nightly"},"initKeysLife":48,"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
| auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| auth-server-key-rotation.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. |
Expand All @@ -45,7 +45,7 @@ Kubernetes: `>=v1.22.0-0`
| auth-server-key-rotation.enabled | bool | `true` | Boolean flag to enable/disable the auth-server-key rotation cronjob. |
| auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets |
| auth-server-key-rotation.image.repository | string | `"ghcr.io/janssenproject/jans/certmanager"` | Image to use for deploying. |
| auth-server-key-rotation.image.repository | string | `"ghcr.io/janssenproject/jans/cloudtools"` | Image to use for deploying. |
| auth-server-key-rotation.image.tag | string | `"0.0.0-nightly"` | Image tag to use for deploying. |
| auth-server-key-rotation.initKeysLife | int | `48` | The initial auth server key rotation keys life in hours |
| auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours |
Expand Down Expand Up @@ -140,6 +140,30 @@ Kubernetes: `>=v1.22.0-0`
| certManager.certificate.issuerName | string | `""` | |
| certManager.certificate.tlsSecretName | string | `"tls-certificate"` | |
| city | string | `"Austin"` | City. Used for certificate creation. |
| cleanup | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/cloudtools","tag":"0.0.0-nightly"},"interval":60,"lifecycle":{},"limit":1000,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Cleanup expired entries in persistence |
| cleanup.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| cleanup.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| cleanup.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. |
| cleanup.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh |
| cleanup.dnsConfig | object | `{}` | Add custom dns config |
| cleanup.dnsPolicy | string | `""` | Add custom dns policy |
| cleanup.enabled | bool | `true` | Boolean flag to enable/disable the cleanup cronjob chart. |
| cleanup.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| cleanup.image.pullSecrets | list | `[]` | Image Pull Secrets |
| cleanup.image.repository | string | `"ghcr.io/janssenproject/jans/cloudtools"` | Image to use for deploying. |
| cleanup.image.tag | string | `"0.0.0-nightly"` | Image tag to use for deploying. |
| cleanup.interval | int | `60` | Interval of running the cleanup process (in minutes) |
| cleanup.limit | int | `1000` | Max. numbers of entries to cleanup |
| cleanup.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
| cleanup.resources.limits.cpu | string | `"300m"` | CPU limit. |
| cleanup.resources.limits.memory | string | `"300Mi"` | Memory limit. |
| cleanup.resources.requests.cpu | string | `"300m"` | CPU request. |
| cleanup.resources.requests.memory | string | `"300Mi"` | Memory request. |
| cleanup.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service |
| cleanup.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 |
| cleanup.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| cleanup.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| cleanup.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
| cnAwsConfigFile | string | `"/etc/jans/conf/aws_config_file"` | |
| cnAwsSecretsReplicaRegionsFile | string | `"/etc/jans/conf/aws_secrets_replica_regions"` | |
| cnAwsSharedCredentialsFile | string | `"/etc/jans/conf/aws_shared_credential_file"` | |
Expand Down Expand Up @@ -292,7 +316,7 @@ Kubernetes: `>=v1.22.0-0`
| istio.ingress | bool | `false` | Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. |
| istio.namespace | string | `"istio-system"` | The namespace istio is deployed in. The is normally istio-system. |
| istio.tlsSecretName | string | `"tls-certificate"` | |
| kc-scheduler | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":false,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/kc-scheduler","tag":"0.0.0-nightly"},"interval":10,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for synchronizing Keycloak SAML clients |
| kc-scheduler | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":false,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/cloudtools","tag":"0.0.0-nightly"},"interval":10,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for synchronizing Keycloak SAML clients |
| kc-scheduler.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| kc-scheduler.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| kc-scheduler.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. |
Expand All @@ -302,7 +326,7 @@ Kubernetes: `>=v1.22.0-0`
| kc-scheduler.enabled | bool | `false` | Boolean flag to enable/disable the kc-scheduler cronjob chart. |
| kc-scheduler.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| kc-scheduler.image.pullSecrets | list | `[]` | Image Pull Secrets |
| kc-scheduler.image.repository | string | `"ghcr.io/janssenproject/jans/kc-scheduler"` | Image to use for deploying. |
| kc-scheduler.image.repository | string | `"ghcr.io/janssenproject/jans/cloudtools"` | Image to use for deploying. |
| kc-scheduler.image.tag | string | `"0.0.0-nightly"` | Image tag to use for deploying. |
| kc-scheduler.interval | int | `10` | Interval of running the scheduler (in minutes) |
| kc-scheduler.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
Expand Down
106 changes: 104 additions & 2 deletions charts/gluu-all-in-one/templates/cronjobs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ spec:
resources:
{{- toYaml (index .Values "auth-server-key-rotation" "resources") | nindent 16 }}
{{- end }}
args: ["patch", "auth", "--opts", "interval:{{ index .Values "auth-server-key-rotation" "keysLife" }}", "--opts", "key-strategy:{{ index .Values "auth-server-key-rotation" "keysStrategy" }}", "--opts", "privkey-push-delay:{{ index .Values "auth-server-key-rotation" "keysPushDelay" }}", "--opts", "privkey-push-strategy:{{ index .Values "auth-server-key-rotation" "keysPushStrategy" }}"]
args: ["certmanager", "patch", "auth", "--opts", "interval:{{ index .Values "auth-server-key-rotation" "keysLife" }}", "--opts", "key-strategy:{{ index .Values "auth-server-key-rotation" "keysStrategy" }}", "--opts", "privkey-push-delay:{{ index .Values "auth-server-key-rotation" "keysPushDelay" }}", "--opts", "privkey-push-strategy:{{ index .Values "auth-server-key-rotation" "keysPushStrategy" }}"]
volumes:
{{- with (index .Values "auth-server-key-rotation" "volumes") }}
{{- toYaml . | nindent 12 }}
Expand Down Expand Up @@ -148,7 +148,7 @@ spec:
{{- toYaml . | replace "- " "" | nindent 20}}
{{- end }}
/app/bin/entrypoint.sh
{{- end}}
{{- end}}
{{- end}}
image: "{{ index .Values "kc-scheduler" "image" "repository" }}:{{ index .Values "kc-scheduler" "image" "tag" }}"
env:
Expand Down Expand Up @@ -181,6 +181,7 @@ spec:
resources:
{{- toYaml (index .Values "kc-scheduler" "resources") | nindent 16 }}
{{- end }}
args: ["kc-sync"]
volumes:
{{- with (index .Values "kc-scheduler" "volumes") }}
{{- toYaml . | nindent 12 }}
Expand All @@ -196,3 +197,104 @@ spec:
- {{ .Values.fqdn }}
{{- end }}
{{- end }}

---

{{ if .Values.cleanup.enabled -}}
kind: CronJob
apiVersion: batch/v1
metadata:
name: {{ include "flex-all-in-one.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name }}-{{ include "flex-all-in-one.name" . }}-cleanup
{{ include "flex-all-in-one.labels" . | indent 4 }}
{{- if (index .Values "cleanup" "additionalLabels") }}
{{ toYaml (index .Values "cleanup" "additionalLabels") | indent 4 }}
{{- end }}
{{- if (index .Values "cleanup" "additionalAnnotations") }}
annotations:
{{ toYaml (index .Values "cleanup" "additionalAnnotations") | indent 4 }}
{{- end }}
spec:
schedule: "@every {{ index .Values "cleanup" "interval" }}m"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
spec:
{{- with (index .Values "cleanup" "image" "pullSecrets") }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ index .Values "cleanup" "dnsPolicy" | quote }}
{{- with (index .Values "cleanup" "dnsConfig") }}
dnsConfig:
{{ toYaml . | indent 12 }}
{{- end }}
containers:
- name: {{ include "flex-all-in-one.name" . }}-cleanup
{{- if or (index .Values "cleanup" "customScripts") (index .Values "cleanup" "customCommand") }}
command:
{{- if index .Values "cleanup" "customCommand" }}
{{- toYaml (index .Values "cleanup" "customCommand") | nindent 18 }}
{{- else }}
- /bin/sh
- -c
- |
{{- with (index .Values "cleanup" "customScripts") }}
{{- toYaml . | replace "- " "" | nindent 20}}
{{- end }}
/app/bin/entrypoint.sh
{{- end}}
{{- end}}
image: "{{ index .Values "cleanup" "image" "repository" }}:{{ index .Values "cleanup" "image" "tag" }}"
env:
{{- include "flex-all-in-one.usr-envs" . | indent 16 }}
{{- include "flex-all-in-one.usr-secret-envs" . | indent 16 }}
imagePullPolicy: {{ index .Values "cleanup" "image" "pullPolicy" }}
lifecycle:
{{- toYaml (index .Values "cleanup" "lifecycle") | nindent 16 }}
volumeMounts:
{{- with (index .Values "cleanup" "volumeMounts") }}
{{- toYaml . | nindent 16 }}
{{- end }}
{{- with (include "flex-all-in-one.config.schema" . | fromYaml).volumeMounts }}
{{- toYaml . | nindent 16 }}
{{- end }}
envFrom:
- configMapRef:
name: {{ .Release.Name }}-config-cm
{{ if .Values.usrEnvs.secret }}
- secretRef:
name: {{ .Release.Name }}-global-user-custom-envs
{{- end }}
{{ if .Values.usrEnvs.normal }}
- configMapRef:
name: {{ .Release.Name }}-global-user-custom-envs
{{- end }}
{{- if .Values.testEnviroment }}
resources: {}
{{- else }}
resources:
{{- toYaml (index .Values "cleanup" "resources") | nindent 16 }}
{{- end }}
args: ["cleanup", "--limit", "{{ .Values.cleanup.limit }}"]
volumes:
{{- with (index .Values "cleanup" "volumes") }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with (include "flex-all-in-one.config.schema" . | fromYaml).volumes }}
{{- toYaml . | nindent 12 }}
{{- end }}
restartPolicy: Never
{{- if not .Values.isFqdnRegistered }}
hostAliases:
- ip: {{ .Values.lbIp }}
hostnames:
- {{ .Values.fqdn }}
{{- end }}
{{- end }}
67 changes: 65 additions & 2 deletions charts/gluu-all-in-one/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -310,7 +310,7 @@ auth-server-key-rotation:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
repository: ghcr.io/janssenproject/jans/certmanager
repository: ghcr.io/janssenproject/jans/cloudtools
# -- Image tag to use for deploying.
tag: 0.0.0-nightly
# -- Image Pull Secrets
Expand Down Expand Up @@ -809,7 +809,7 @@ kc-scheduler:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
repository: ghcr.io/janssenproject/jans/kc-scheduler
repository: ghcr.io/janssenproject/jans/cloudtools
# -- Image tag to use for deploying.
tag: 0.0.0-nightly
# -- Image Pull Secrets
Expand Down Expand Up @@ -851,3 +851,66 @@ kc-scheduler:
customCommand: []
# -- Boolean flag to enable/disable the kc-scheduler cronjob chart.
enabled: false

# -- Cleanup expired entries in persistence
cleanup:
# -- Add custom normal and secret envs to the service
usrEnvs:
# -- Add custom normal envs to the service
# variable1: value1
normal: {}
# -- Add custom secret envs to the service
# variable1: value1
secret: {}
# -- Add custom dns policy
dnsPolicy: ""
# -- Add custom dns config
dnsConfig: {}
image:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
repository: ghcr.io/janssenproject/jans/cloudtools
# -- Image tag to use for deploying.
tag: 0.0.0-nightly
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Resource specs.
resources:
limits:
# -- CPU limit.
cpu: 300m
# -- Memory limit.
memory: 300Mi
requests:
# -- CPU request.
cpu: 300m
# -- Memory request.
memory: 300Mi
# -- Interval of running the cleanup process (in minutes)
interval: 60
# -- Max. numbers of entries to cleanup
limit: 1000
# -- Configure any additional volumes that need to be attached to the pod
volumes: []
# -- Configure any additional volumesMounts that need to be attached to the containers
volumeMounts: []
# Actions on lifecycle events such as postStart and preStop
# Example
# lifecycle:
# postStart:
# exec:
# command: ["sh", "-c", "mkdir /opt/jans/jetty/jans-auth/custom/static/stylesheet/"]
lifecycle: {}
# -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"}
additionalLabels: { }
# -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"}
additionalAnnotations: {}
# -- Add custom scripts that have been mounted to run before the entrypoint.
# - /tmp/custom.sh
# - /tmp/custom2.sh
customScripts: []
# -- Add custom job's command. If passed, it will override the default conditional command.
customCommand: []
# -- Boolean flag to enable/disable the cleanup cronjob chart.
enabled: true
Loading
Loading