feat(jans-link): add ingress resource for jans-link (#1933)

Signed-off-by: Amro Misbah <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>

charts/gluu-all-in-one/README.md

@@ -323,7 +323,9 @@ Kubernetes: `>=v1.22.0-0`
 | link.appLoggers.scriptLogLevel | string | `"INFO"` | cacherefresh_script.log level |
 | link.appLoggers.scriptLogTarget | string | `"FILE"` | cacherefresh_script.log target |
 | link.enabled | bool | `false` | Boolean flag to enable/disable the link chart. |
-| link.ingress | object | `{"linkEnabled":true}` | Enable endpoints in either istio or nginx ingress depending on users choice |
+| link.ingress | object | `{"linkAdditionalAnnotations":{},"linkEnabled":true,"linkLabels":{}}` | Enable endpoints in either istio or nginx ingress depending on users choice |
+| link.ingress.linkAdditionalAnnotations | object | `{}` | link ingress resource additional annotations. |
+| link.ingress.linkLabels | object | `{}` | link ingress resource labels. key app is taken |
 | link.linkServiceName | string | `"link"` | Name of the link service. Please keep it as default. |
 | livenessProbe | object | `{"exec":{"command":["python3","/app/jans_aio/jans_auth/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
 | livenessProbe.exec | object | `{"command":["python3","/app/jans_aio/jans_auth/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/GluuProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py |
@@ -368,7 +370,7 @@ Kubernetes: `>=v1.22.0-0`
 | scim.ingress.scimConfigEnabled | bool | `false` | Enable endpoint /.well-known/scim-configuration |
 | scim.ingress.scimConfigLabels | object | `{}` | SCIM config ingress resource labels. key app is taken |
 | scim.ingress.scimEnabled | bool | `false` | Enable SCIM endpoints /jans-scim |
-| scim.ingress.scimLabels | object | `{}` | SCIM config ingress resource labels. key app is taken |
+| scim.ingress.scimLabels | object | `{}` | SCIM ingress resource labels. key app is taken |
 | scim.scimServiceName | string | `"scim"` | Name of the scim service. Please keep it as default. |
 | service.name | string | `"http-aio"` | The name of the aio port within the aio service. Please keep it as default. |
 | service.port | int | `8080` | Port of the fido2 service. Please keep it as default. |

charts/gluu-all-in-one/templates/nginx-ingress.yaml

@@ -614,6 +614,53 @@ spec:
 
 ---
 
+{{ if .Values.link.ingress.linkEnabled -}}
+{{ $fullName := include "flex-all-in-one.fullname" . -}}
+{{- $ingressPath := index .Values "nginx-ingress" "ingress" "path" -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-link
+  labels:
+    app: {{ $fullName }}-link
+{{- if index .Values "nginx-ingress" "ingress" "additionalLabels" }}
+{{ toYaml (index .Values "nginx-ingress" "ingress" "additionalLabels") | indent 4 }}
+{{- end }}
+{{- if .Values.link.ingress.linkLabels }}
+{{ toYaml .Values.link.ingress.linkLabels | indent 4 }}
+{{- end }}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+{{- if .Values.link.ingress.linkAdditionalAnnotations }}
+{{ toYaml .Values.link.ingress.linkAdditionalAnnotations | indent 4 }}
+{{- end }}
+{{- if index .Values "nginx-ingress" "ingress" "additionalAnnotations" }}
+{{ toYaml (index .Values "nginx-ingress" "ingress" "additionalAnnotations") | indent 4 }}
+{{- end }}
+spec:
+  ingressClassName: {{ index .Values "nginx-ingress" "ingress" "ingressClassName" }}
+{{- if index .Values "nginx-ingress" "ingress" "tlsSecretName" }}
+  tls:
+    - hosts:
+        - {{ .Values.fqdn | quote }}
+      secretName: {{ index .Values "nginx-ingress" "ingress" "tlsSecretName" }}
+{{- end }}
+  rules:
+    - host: {{ .Values.fqdn | quote }}
+      http:
+        paths:
+          - path: /jans-link
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Values.service.name }}
+                port:
+                  number: 8080
+{{- end }}
+
+---
+
 {{ if index .Values "auth-server" "ingress" "authServerEnabled" -}}
 {{ $fullName := include "flex-all-in-one.fullname" . -}}
 {{- $ingressPath := index .Values "nginx-ingress" "ingress" "path" -}}

charts/gluu-all-in-one/values.yaml

@@ -521,7 +521,7 @@ scim:
     scimConfigLabels: { }
     # -- SCIM config ingress resource additional annotations.
     scimConfigAdditionalAnnotations: { }
-    # -- SCIM config ingress resource labels. key app is taken
+    # -- SCIM ingress resource labels. key app is taken
     scimLabels: { }
     # -- SCIM ingress resource additional annotations.
     scimAdditionalAnnotations: { }
@@ -554,6 +554,10 @@ link:
   ingress:
     # Enable link endpoints /jans-link
     linkEnabled: true
+    # -- link ingress resource labels. key app is taken
+    linkLabels: { }
+    # -- link ingress resource additional annotations.
+    linkAdditionalAnnotations: { }
 saml:
   # -- Name of the saml service. Please keep it as default.
   samlServiceName: saml

charts/gluu/charts/nginx-ingress/templates/ingress.yaml

@@ -729,6 +729,62 @@ spec:
 
 ---
 
+{{ if .Values.global.link.ingress.linkEnabled -}}
+{{ $fullName := include "nginx-ingress.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-link
+  labels:
+    app: {{ $fullName }}-link
+{{- if .Values.ingress.additionalLabels }}
+{{ toYaml .Values.ingress.additionalLabels | indent 4 }}
+{{- end }}
+{{- if .Values.global.link.ingress.linkLabels }}
+{{ toYaml .Values.global.link.ingress.linkLabels | indent 4 }}
+{{- end }}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+{{- if .Values.global.link.ingress.linkAdditionalAnnotations }}
+{{ toYaml .Values.global.link.ingress.linkAdditionalAnnotations | indent 4 }}
+{{- end }}
+{{- if .Values.ingress.additionalAnnotations }}
+{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }}
+{{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.ingressClassName }}
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+  {{- $host := . -}}
+  {{- with $ }}
+    - host: {{ $host | quote }}
+      http:
+        paths:
+          - path: /jans-link
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Values.global.link.linkServiceName }}
+                port:
+                  number: 9091
+  {{- end }}
+  {{- end }}
+{{- end }}
+
+---
+
 {{ if index .Values "global" "auth-server" "ingress" "authServerEnabled" -}}
 {{ $fullName := include "nginx-ingress.fullname" . -}}
 {{- $ingressPath := .Values.ingress.path -}}

charts/gluu/openbanking-values.yaml

@@ -553,7 +553,7 @@ nginx-ingress:
     scimConfigLabels: { }
     # -- SCIM config ingress resource additional annotations.
     scimConfigAdditionalAnnotations: { }
-    # -- SCIM config ingress resource labels. key app is taken
+    # -- SCIM ingress resource labels. key app is taken
     scimLabels: { }
     # -- SCIM ingress resource additional annotations.
     scimAdditionalAnnotations: { }

charts/gluu/values.schema.json

@@ -1338,6 +1338,24 @@
                                     "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$"
                                 }
                             }
+                        },
+                        "ingress": {
+                            "description": "Endpoint control",
+                            "type": "object",
+                            "properties": {
+                                "linkEnabled": {
+                                    "description": "Enable link endpoints /jans-link",
+                                    "type": "boolean"
+                                },
+                                "linkLabels": {
+                                    "description": "link ingress resource labels. key app is taken",
+                                    "type": "object"
+                                },
+                                "linkAdditionalAnnotations": {
+                                    "description": "",
+                                    "type": "object"
+                                }
+                            }
                         }
                     }
                 },

charts/gluu/values.yaml

@@ -1322,7 +1322,7 @@ global:
       scimConfigLabels: { }
       # -- SCIM config ingress resource additional annotations.
       scimConfigAdditionalAnnotations: { }
-      # -- SCIM config ingress resource labels. key app is taken
+      # -- SCIM ingress resource labels. key app is taken
       scimLabels: { }
       # -- SCIM ingress resource additional annotations.
       scimAdditionalAnnotations: { }
@@ -1382,6 +1382,10 @@ global:
     ingress:
       # Enable link endpoints /jans-link
       linkEnabled: true
+      # -- link ingress resource labels. key app is taken
+      linkLabels: { }
+      # -- link ingress resource additional annotations.
+      linkAdditionalAnnotations: { }
   saml:
     # — Add custom annotations for kubernetes resources for the service
     customAnnotations:
@@ -1401,7 +1405,7 @@ global:
     ingress:
       # Enable saml endpoints /kc
       samlEnabled: false
-      # -- SAML config ingress resource labels. key app is taken
+      # -- SAML ingress resource labels. key app is taken
       samlLabels: { }
       # -- SAML ingress resource additional annotations.
       samlAdditionalAnnotations: { }