feat(charts): add pod level annotations and customizable command (#9973)

* feat(charts): add pod-level annotation and customized command

Signed-off-by: Amro Misbah <[email protected]>

* docs(charts): generate helm-docs

Signed-off-by: Amro Misbah <[email protected]>

* feat(kc-scheduler): add custom command

Signed-off-by: Amro Misbah <[email protected]>

---------

Signed-off-by: Amro Misbah <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
Former-commit-id: 12b1ca4

charts/janssen-all-in-one/README.md

@@ -30,9 +30,10 @@ Kubernetes: `>=v1.22.0-0`
 | adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. |
 | alb.ingress | bool | `false` | switches the service to Nodeport for ALB ingress |
 | auth-server | object | `{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"lockAdditionalAnnotations":{},"lockConfigAdditionalAnnotations":{},"lockConfigEnabled":false,"lockConfigLabels":{},"lockEnabled":false,"lockLabels":{},"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}},"lockEnabled":false}` | Parameters used globally across all services helm charts. |
-| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.1.6_dev"},"initKeysLife":48,"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
+| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.1.6_dev"},"initKeysLife":48,"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
 | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
+| auth-server-key-rotation.customCommand | list | `[]` | Add custom jobs's command. If passed, it will override the default conditional command. |
 | auth-server-key-rotation.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh |
 | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config |
 | auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy |
@@ -228,10 +229,12 @@ Kubernetes: `>=v1.22.0-0`
 | customAnnotations.deployment | object | `{}` |  |
 | customAnnotations.destinationRule | object | `{}` |  |
 | customAnnotations.horizontalPodAutoscaler | object | `{}` |  |
+| customAnnotations.pod | object | `{}` |  |
 | customAnnotations.podDisruptionBudget | object | `{}` |  |
 | customAnnotations.role | object | `{}` |  |
 | customAnnotations.roleBinding | object | `{}` |  |
 | customAnnotations.secret | object | `{}` |  |
+| customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. |
 | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh |
 | dnsConfig | object | `{}` | Add custom dns config |
 | dnsPolicy | string | `""` | Add custom dns policy |

charts/janssen-all-in-one/templates/cronjobs.yaml

@@ -41,15 +41,19 @@ spec:
           serviceAccountName: {{ .Values.serviceAccountName }}
           containers:
             - name: {{ include "janssen-all-in-one.name" . }}-as-key-rotation
-              {{- if (index .Values "auth-server-key-rotation" "customScripts") }}
+              {{- if or (index .Values "auth-server-key-rotation" "customScripts") (index .Values "auth-server-key-rotation" "customCommand") }}
               command:
+                {{- if index .Values "auth-server-key-rotation" "customCommand" }}
+                {{- toYaml (index .Values "auth-server-key-rotation" "customCommand") | nindent 18 }}
+                {{- else }}
                 - /bin/sh
                 - -c
                 - |
                     {{- with (index .Values "auth-server-key-rotation" "customScripts") }}
                     {{- toYaml . | replace "- " "" | nindent 20}}
                     {{- end }}
                     /app/bin/entrypoint.sh
+                {{- end}}
               {{- end}}
               image: "{{ index .Values "auth-server-key-rotation" "image" "repository" }}:{{ index .Values "auth-server-key-rotation" "image" "tag" }}"
               env:
@@ -132,15 +136,19 @@ spec:
         {{- end }}
           containers:
             - name: {{ include "janssen-all-in-one.name" . }}-kc-scheduler
-              {{- if (index .Values "kc-scheduler" "customScripts") }}
+              {{- if or (index .Values "kc-scheduler" "customScripts") (index .Values "kc-scheduler" "customCommand") }}
               command:
+                {{- if index .Values "kc-scheduler" "customCommand" }}
+                {{- toYaml (index .Values "kc-scheduler" "customCommand") | nindent 18 }}
+                {{- else }}
                 - /bin/sh
                 - -c
                 - |
                     {{- with (index .Values "kc-scheduler" "customScripts") }}
                     {{- toYaml . | replace "- " "" | nindent 20}}
                     {{- end }}
                     /app/bin/entrypoint.sh
+                {{- end}}    
               {{- end}}
               image: "{{ index .Values "kc-scheduler" "image" "repository" }}:{{ index .Values "kc-scheduler" "image" "tag" }}"
               env:

charts/janssen-all-in-one/templates/deployment.yml

@@ -29,10 +29,15 @@ spec:
       labels:
         APP_NAME: auth-server
         app: {{ .Release.Name }}-{{ include "janssen-all-in-one.name" . }}-aio
-      {{- if .Values.istio.ingress }}
+      {{- if or (.Values.istio.ingress) (.Values.customAnnotations.pod) }}
       annotations:
+      {{- if .Values.istio.ingress }}
         sidecar.istio.io/rewriteAppHTTPProbers: "true"
       {{- end }}
+      {{- if .Values.customAnnotations.pod }}
+      {{ toYaml .Values.customAnnotations.pod | indent 4 }}              
+      {{- end }}
+      {{- end }}
     spec:
     {{- with .Values.image.pullSecrets }}
       imagePullSecrets:
@@ -58,8 +63,11 @@ spec:
         securityContext:
           runAsUser: 1000
           runAsNonRoot: true
-        {{- if or (not .Values.isFqdnRegistered) ( .Values.customScripts) }}
+        {{- if or (not .Values.isFqdnRegistered) ( .Values.customScripts) (.Values.customCommand) }}
         command:
+          {{- if .Values.customCommand }}
+          {{- toYaml .Values.customCommand | nindent 12 }}
+          {{- else }}
           - /bin/sh
           - -c
           - |
@@ -68,6 +76,7 @@ spec:
               {{- end }}
               python3 /scripts/tls_generator.py &
               /app/bin/entrypoint.sh
+          {{- end}}    
         {{- end}}
         ports:
         - name: {{ .Values.service.name }}

charts/janssen-all-in-one/values.yaml

@@ -26,6 +26,7 @@ customAnnotations:
   clusterRoleBinding: {}
   configMap: {}
   cronjob: {}
+  pod: {}
   deployment: {}
   destinationRule: {}
   horizontalPodAutoscaler: {}
@@ -358,6 +359,8 @@ auth-server-key-rotation:
   # - /tmp/custom.sh
   # - /tmp/custom2.sh
   customScripts: [ ]
+  # -- Add custom jobs's command. If passed, it will override the default conditional command.
+  customCommand: []
 casa:
   # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed.
   appLoggers:
@@ -745,6 +748,8 @@ additionalAnnotations: { }
 # - /tmp/custom.sh
 # - /tmp/custom2.sh
 customScripts: [ ]
+# -- Add custom pod's command. If passed, it will override the default conditional command.
+customCommand: []
 
 # -- Responsible for synchronizing Keycloak SAML clients
 kc-scheduler:
@@ -802,5 +807,7 @@ kc-scheduler:
   # - /tmp/custom.sh
   # - /tmp/custom2.sh
   customScripts: []
+  # -- Add custom job's command. If passed, it will override the default conditional command.
+  customCommand: []
   # -- Boolean flag to enable/disable the kc-scheduler cronjob chart.
   enabled: false