fix: address gateway customization in shib and overide ttl

closes #630
GluuFederation · Apr 1, 2024 · ef59ebe · ef59ebe
1 parent 39cd007
commit ef59ebe
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 5 deletions.
diff --git a/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-destination-rules.yaml b/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-destination-rules.yaml
@@ -25,5 +25,5 @@ spec:
       consistentHash:
         httpCookie:
           name: casa-route
-          ttl: 60s
+          ttl: {{ .Values.istioDestinationRuleCookieTTL }}
 {{- end }}
diff --git a/...ernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-destination-rules.yaml b/...ernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-destination-rules.yaml
@@ -24,5 +24,5 @@ spec:
       consistentHash:
         httpCookie:
           name: passport-statefulset-route
-          ttl: 60s
+          ttl: {{ .Values.istioDestinationRuleCookieTTL }}
 {{- end }}
diff --git a/...tes/templates/helm/gluu/charts/oxshibboleth/templates/oxshibboleth-destination-rules.yaml b/...tes/templates/helm/gluu/charts/oxshibboleth/templates/oxshibboleth-destination-rules.yaml
@@ -25,6 +25,6 @@ spec:
       consistentHash:
         httpCookie:
           name: shib-stateful-route
-          ttl: 60s
+          ttl: {{ .Values.istioDestinationRuleCookieTTL }}
           path: /idp
 {{- end }}
diff --git a/...etes/templates/helm/gluu/charts/oxshibboleth/templates/oxshibboleth-virtual-services.yaml b/...etes/templates/helm/gluu/charts/oxshibboleth/templates/oxshibboleth-virtual-services.yaml
@@ -20,7 +20,13 @@ spec:
   hosts:
     - {{ .Values.global.domain }}
   gateways:
-    - {{ .Release.Name }}-global-gtw
+{{- if .Values.global.istio.gateways }}
+{{- with .Values.global.istio.gateways }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+{{- else }}
+  - {{ .Release.Name }}-global-gtw
+{{- end }}
   http:
   - name: {{ .Release.Name }}-istio-oxshibbioleth
     match:

diff --git a/...uu/kubernetes/templates/helm/gluu/charts/oxtrust/templates/oxtrust-destination-rules.yaml b/...uu/kubernetes/templates/helm/gluu/charts/oxtrust/templates/oxtrust-destination-rules.yaml
@@ -24,5 +24,5 @@ spec:
       consistentHash:
         httpCookie:
           name: admin-ui-route
-          ttl: 60s
+          ttl: {{ .Values.istioDestinationRuleCookieTTL }}
 {{- end }}
diff --git a/pygluu/kubernetes/templates/helm/gluu/values.yaml b/pygluu/kubernetes/templates/helm/gluu/values.yaml
@@ -1311,6 +1311,8 @@ oxtrust:
   # - /tmp/custom.sh
   # - /tmp/custom2.sh
   customScripts: []
+  # -- Istio Destination Rule loadBalancer.consistentHash.httpCookie.ttl if istio ingress is enabled
+  istioDestinationRuleCookieTTL: 60s
 
 # -- FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.
 fido2:
@@ -1779,6 +1781,8 @@ casa:
   # - /tmp/custom.sh
   # - /tmp/custom2.sh
   customScripts: []
+  # -- Istio Destination Rule loadBalancer.consistentHash.httpCookie.ttl if istio ingress is enabled
+  istioDestinationRuleCookieTTL: 60s
 
 # -- Gluu interface to Passport.js to support social login and inbound identity.
 oxpassport:
@@ -1899,6 +1903,8 @@ oxpassport:
   # - /tmp/custom.sh
   # - /tmp/custom2.sh
   customScripts: []
+  # -- Istio Destination Rule loadBalancer.consistentHash.httpCookie.ttl if istio ingress is enabled
+  istioDestinationRuleCookieTTL: 60s
 
 # -- Shibboleth project for the Gluu Server's SAML IDP functionality.
 oxshibboleth:
@@ -2021,6 +2027,8 @@ oxshibboleth:
   # - /tmp/custom.sh
   # - /tmp/custom2.sh
   customScripts: []
+  # -- Istio Destination Rule loadBalancer.consistentHash.httpCookie.ttl if istio ingress is enabled
+  istioDestinationRuleCookieTTL: 60s
 
 # -- CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may be depreciated.
 cr-rotate: