diff --git a/charts/janssen-all-in-one/README.md b/charts/janssen-all-in-one/README.md index 8407e3ad8c7..eebe9260446 100644 --- a/charts/janssen-all-in-one/README.md +++ b/charts/janssen-all-in-one/README.md @@ -30,9 +30,10 @@ Kubernetes: `>=v1.22.0-0` | adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. | | alb.ingress | bool | `false` | switches the service to Nodeport for ALB ingress | | auth-server | object | `{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"lockAdditionalAnnotations":{},"lockConfigAdditionalAnnotations":{},"lockConfigEnabled":false,"lockConfigLabels":{},"lockEnabled":false,"lockLabels":{},"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}},"lockEnabled":false}` | Parameters used globally across all services helm charts. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.1.6_dev"},"initKeysLife":48,"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","enabled":true,"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.1.6_dev"},"initKeysLife":48,"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server-key-rotation.customCommand | list | `[]` | Add custom jobs's command. If passed, it will override the default conditional command. | | auth-server-key-rotation.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | | auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy | @@ -228,10 +229,12 @@ Kubernetes: `>=v1.22.0-0` | customAnnotations.deployment | object | `{}` | | | customAnnotations.destinationRule | object | `{}` | | | customAnnotations.horizontalPodAutoscaler | object | `{}` | | +| customAnnotations.pod | object | `{}` | | | customAnnotations.podDisruptionBudget | object | `{}` | | | customAnnotations.role | object | `{}` | | | customAnnotations.roleBinding | object | `{}` | | | customAnnotations.secret | object | `{}` | | +| customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen-all-in-one/templates/cronjobs.yaml b/charts/janssen-all-in-one/templates/cronjobs.yaml index a09ed9bc15a..3567d2b116d 100644 --- a/charts/janssen-all-in-one/templates/cronjobs.yaml +++ b/charts/janssen-all-in-one/templates/cronjobs.yaml @@ -41,8 +41,11 @@ spec: serviceAccountName: {{ .Values.serviceAccountName }} containers: - name: {{ include "janssen-all-in-one.name" . }}-as-key-rotation - {{- if (index .Values "auth-server-key-rotation" "customScripts") }} + {{- if or (index .Values "auth-server-key-rotation" "customScripts") (index .Values "auth-server-key-rotation" "customCommand") }} command: + {{- if index .Values "auth-server-key-rotation" "customCommand" }} + {{- toYaml (index .Values "auth-server-key-rotation" "customCommand") | nindent 18 }} + {{- else }} - /bin/sh - -c - | @@ -50,6 +53,7 @@ spec: {{- toYaml . | replace "- " "" | nindent 20}} {{- end }} /app/bin/entrypoint.sh + {{- end}} {{- end}} image: "{{ index .Values "auth-server-key-rotation" "image" "repository" }}:{{ index .Values "auth-server-key-rotation" "image" "tag" }}" env: @@ -132,8 +136,11 @@ spec: {{- end }} containers: - name: {{ include "janssen-all-in-one.name" . }}-kc-scheduler - {{- if (index .Values "kc-scheduler" "customScripts") }} + {{- if or (index .Values "kc-scheduler" "customScripts") (index .Values "kc-scheduler" "customCommand") }} command: + {{- if index .Values "kc-scheduler" "customCommand" }} + {{- toYaml (index .Values "kc-scheduler" "customCommand") | nindent 18 }} + {{- else }} - /bin/sh - -c - | @@ -141,6 +148,7 @@ spec: {{- toYaml . | replace "- " "" | nindent 20}} {{- end }} /app/bin/entrypoint.sh + {{- end}} {{- end}} image: "{{ index .Values "kc-scheduler" "image" "repository" }}:{{ index .Values "kc-scheduler" "image" "tag" }}" env: diff --git a/charts/janssen-all-in-one/templates/deployment.yml b/charts/janssen-all-in-one/templates/deployment.yml index 797eb1d955f..d9ebdb6f331 100644 --- a/charts/janssen-all-in-one/templates/deployment.yml +++ b/charts/janssen-all-in-one/templates/deployment.yml @@ -29,10 +29,15 @@ spec: labels: APP_NAME: auth-server app: {{ .Release.Name }}-{{ include "janssen-all-in-one.name" . }}-aio - {{- if .Values.istio.ingress }} + {{- if or (.Values.istio.ingress) (.Values.customAnnotations.pod) }} annotations: + {{- if .Values.istio.ingress }} sidecar.istio.io/rewriteAppHTTPProbers: "true" {{- end }} + {{- if .Values.customAnnotations.pod }} + {{ toYaml .Values.customAnnotations.pod | indent 4 }} + {{- end }} + {{- end }} spec: {{- with .Values.image.pullSecrets }} imagePullSecrets: @@ -58,8 +63,11 @@ spec: securityContext: runAsUser: 1000 runAsNonRoot: true - {{- if or (not .Values.isFqdnRegistered) ( .Values.customScripts) }} + {{- if or (not .Values.isFqdnRegistered) ( .Values.customScripts) (.Values.customCommand) }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 12 }} + {{- else }} - /bin/sh - -c - | @@ -68,6 +76,7 @@ spec: {{- end }} python3 /scripts/tls_generator.py & /app/bin/entrypoint.sh + {{- end}} {{- end}} ports: - name: {{ .Values.service.name }} diff --git a/charts/janssen-all-in-one/values.yaml b/charts/janssen-all-in-one/values.yaml index 7e2ae5cc7ef..a02c0007510 100644 --- a/charts/janssen-all-in-one/values.yaml +++ b/charts/janssen-all-in-one/values.yaml @@ -26,6 +26,7 @@ customAnnotations: clusterRoleBinding: {} configMap: {} cronjob: {} + pod: {} deployment: {} destinationRule: {} horizontalPodAutoscaler: {} @@ -358,6 +359,8 @@ auth-server-key-rotation: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] + # -- Add custom jobs's command. If passed, it will override the default conditional command. + customCommand: [] casa: # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. appLoggers: @@ -745,6 +748,8 @@ additionalAnnotations: { } # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] +# -- Add custom pod's command. If passed, it will override the default conditional command. +customCommand: [] # -- Responsible for synchronizing Keycloak SAML clients kc-scheduler: @@ -802,5 +807,7 @@ kc-scheduler: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [] + # -- Add custom job's command. If passed, it will override the default conditional command. + customCommand: [] # -- Boolean flag to enable/disable the kc-scheduler cronjob chart. enabled: false diff --git a/charts/janssen/README.md b/charts/janssen/README.md index 85257b1ebad..6e63903f08a 100644 --- a/charts/janssen/README.md +++ b/charts/janssen/README.md @@ -41,10 +41,11 @@ Kubernetes: `>=v1.22.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| -| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.1.6_dev"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.1.6_dev"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server-key-rotation.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | auth-server-key-rotation.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | | auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy | @@ -68,6 +69,7 @@ Kubernetes: `>=v1.22.0-0` | auth-server-key-rotation.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | | auth-server.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | auth-server.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | auth-server.dnsConfig | object | `{}` | Add custom dns config | | auth-server.dnsPolicy | string | `""` | Add custom dns policy | @@ -94,9 +96,10 @@ Kubernetes: `>=v1.22.0-0` | auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/casa","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Janssen Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Auth Server. | +| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/casa","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Janssen Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Auth Server. | | casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| casa.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | casa.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | casa.dnsConfig | object | `{}` | Add custom dns config | | casa.dnsPolicy | string | `""` | Add custom dns policy | @@ -124,10 +127,11 @@ Kubernetes: `>=v1.22.0-0` | casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"janssen","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"janssen","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbjanssen.default.svc.cluster.local","cnCouchbaseUser":"janssen","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"janssen","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnMaxRamPercent":"75.0","cnMessageType":"DISABLED","cnOpaUrl":"http://opa.opa.svc.cluster.cluster.local:8181/v1","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","cnVaultAddr":"http://localhost:8200","cnVaultAppRolePath":"approle","cnVaultKvPath":"secret","cnVaultNamespace":"","cnVaultPrefix":"jans","cnVaultRoleId":"","cnVaultRoleIdFile":"/etc/certs/vault_role_id","cnVaultSecretId":"","cnVaultSecretIdFile":"/etc/certs/vault_secret_id","cnVaultVerify":false,"kcDbPassword":"Test1234#","kcDbSchema":"keycloak","kcDbUrlDatabase":"keycloak","kcDbUrlHost":"mysql.kc.svc.cluster.local","kcDbUrlPort":3306,"kcDbUrlProperties":"?useUnicode=true&characterEncoding=UTF-8&character_set_server=utf8mb4","kcDbUsername":"keycloak","kcDbVendor":"mysql","kcLogLevel":"INFO","lbAddr":"","quarkusTransactionEnableRecovery":true},"countryCode":"US","customScripts":[],"dnsConfig":{},"dnsPolicy":"","email":"support@jans.io","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.1.6_dev"},"lifecycle":{},"orgName":"Janssen","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"salt":"","state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. | -| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"janssen","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"janssen","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbjanssen.default.svc.cluster.local","cnCouchbaseUser":"janssen","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"janssen","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnMaxRamPercent":"75.0","cnMessageType":"DISABLED","cnOpaUrl":"http://opa.opa.svc.cluster.cluster.local:8181/v1","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","cnVaultAddr":"http://localhost:8200","cnVaultAppRolePath":"approle","cnVaultKvPath":"secret","cnVaultNamespace":"","cnVaultPrefix":"jans","cnVaultRoleId":"","cnVaultRoleIdFile":"/etc/certs/vault_role_id","cnVaultSecretId":"","cnVaultSecretIdFile":"/etc/certs/vault_secret_id","cnVaultVerify":false,"kcDbPassword":"Test1234#","kcDbSchema":"keycloak","kcDbUrlDatabase":"keycloak","kcDbUrlHost":"mysql.kc.svc.cluster.local","kcDbUrlPort":3306,"kcDbUrlProperties":"?useUnicode=true&characterEncoding=UTF-8&character_set_server=utf8mb4","kcDbUsername":"keycloak","kcDbVendor":"mysql","kcLogLevel":"INFO","lbAddr":"","quarkusTransactionEnableRecovery":true},"countryCode":"US","customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","email":"support@jans.io","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.1.6_dev"},"lifecycle":{},"orgName":"Janssen","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"salt":"","state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | | config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| config-api.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | config-api.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | config-api.dnsConfig | object | `{}` | Add custom dns config | | config-api.dnsPolicy | string | `""` | Add custom dns policy | @@ -215,6 +219,7 @@ Kubernetes: `>=v1.22.0-0` | config.configmap.lbAddr | string | `""` | Load balancer address for AWS if the FQDN is not registered. | | config.configmap.quarkusTransactionEnableRecovery | bool | `true` | Quarkus transaction recovery. When using MySQL, there could be issue regarding XA_RECOVER_ADMIN; refer to https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_xa-recover-admin for details. | | config.countryCode | string | `"US"` | Country code. Used for certificate creation. | +| config.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | config.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | config.dnsConfig | object | `{}` | Add custom dns config | | config.dnsPolicy | string | `""` | Add custom dns policy | @@ -236,9 +241,10 @@ Kubernetes: `>=v1.22.0-0` | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | | fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| fido2.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | fido2.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | fido2.dnsConfig | object | `{}` | Add custom dns config | | fido2.dnsPolicy | string | `""` | Add custom dns policy | @@ -267,7 +273,7 @@ Kubernetes: `>=v1.22.0-0` | fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| global | object | `{"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"lockAdditionalAnnotations":{},"lockConfigAdditionalAnnotations":{},"lockConfigEnabled":false,"lockConfigLabels":{},"lockEnabled":false,"lockLabels":{},"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}},"lockEnabled":false},"auth-server-key-rotation":{"customAnnotations":{"cronjob":{},"secret":{},"service":{}},"enabled":true,"initKeysLife":48},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"casaAdditionalAnnotations":{},"casaEnabled":false,"casaLabels":{}}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnConfiguratorConfigurationFile":"/etc/jans/conf/configuration.json","cnConfiguratorCustomSchema":{"secretName":""},"cnConfiguratorDumpFile":"/etc/jans/conf/configuration.out.json","cnCouchbasePasswordFile":"/etc/jans/conf/couchbase_password","cnCouchbaseSuperuserPasswordFile":"/etc/jans/conf/couchbase_superuser_password","cnDocumentStoreType":"DB","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnPersistenceType":"sql","cnPrometheusPort":"","cnSqlPasswordFile":"/etc/jans/conf/sql_password","config":{"customAnnotations":{"clusterRoleBinding":{},"configMap":{},"job":{},"role":{},"roleBinding":{},"secret":{},"service":{},"serviceAccount":{}},"enabled":true},"config-api":{"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","configApiServerServiceName":"config-api","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"configApiAdditionalAnnotations":{},"configApiEnabled":true,"configApiLabels":{}},"plugins":"fido2,scim,user-mgt"},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2AdditionalAnnotations":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"fido2Enabled":false,"fido2Labels":{}}},"fqdn":"demoexample.jans.io","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"kc-scheduler":{"enabled":false},"kcAdminCredentialsFile":"/etc/jans/conf/kc_admin_creds","kcDbPasswordFile":"/etc/jans/conf/kc_db_password","lbIp":"22.22.22.22","link":{"appLoggers":{"enableStdoutLogPrefix":"true","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"linkEnabled":true},"linkServiceName":"link"},"nginx-ingress":{"enabled":true},"persistence":{"customAnnotations":{"job":{},"secret":{},"service":{}},"enabled":true},"saml":{"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"samlAdditionalAnnotations":{},"samlEnabled":false,"samlLabels":{}},"samlServiceName":"saml"},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{}},"scimServiceName":"scim"},"serviceAccountName":"default","storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global | object | `{"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"lockAdditionalAnnotations":{},"lockConfigAdditionalAnnotations":{},"lockConfigEnabled":false,"lockConfigLabels":{},"lockEnabled":false,"lockLabels":{},"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}},"lockEnabled":false},"auth-server-key-rotation":{"customAnnotations":{"cronjob":{},"secret":{},"service":{}},"enabled":true,"initKeysLife":48},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"casaAdditionalAnnotations":{},"casaEnabled":false,"casaLabels":{}}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnConfiguratorConfigurationFile":"/etc/jans/conf/configuration.json","cnConfiguratorCustomSchema":{"secretName":""},"cnConfiguratorDumpFile":"/etc/jans/conf/configuration.out.json","cnCouchbasePasswordFile":"/etc/jans/conf/couchbase_password","cnCouchbaseSuperuserPasswordFile":"/etc/jans/conf/couchbase_superuser_password","cnDocumentStoreType":"DB","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnPersistenceType":"sql","cnPrometheusPort":"","cnSqlPasswordFile":"/etc/jans/conf/sql_password","config":{"customAnnotations":{"clusterRoleBinding":{},"configMap":{},"job":{},"role":{},"roleBinding":{},"secret":{},"service":{},"serviceAccount":{}},"enabled":true},"config-api":{"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","configApiServerServiceName":"config-api","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"configApiAdditionalAnnotations":{},"configApiEnabled":true,"configApiLabels":{}},"plugins":"fido2,scim,user-mgt"},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2AdditionalAnnotations":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"fido2Enabled":false,"fido2Labels":{}}},"fqdn":"demoexample.jans.io","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"kc-scheduler":{"enabled":false},"kcAdminCredentialsFile":"/etc/jans/conf/kc_admin_creds","kcDbPasswordFile":"/etc/jans/conf/kc_db_password","lbIp":"22.22.22.22","link":{"appLoggers":{"enableStdoutLogPrefix":"true","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"linkEnabled":true},"linkServiceName":"link"},"nginx-ingress":{"enabled":true},"persistence":{"customAnnotations":{"job":{},"secret":{},"service":{}},"enabled":true},"saml":{"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"samlAdditionalAnnotations":{},"samlEnabled":false,"samlLabels":{}},"samlServiceName":"saml"},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{}},"scimServiceName":"scim"},"serviceAccountName":"default","storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | | global.alb.ingress | bool | `false` | Activates ALB ingress | | global.auth-server-key-rotation.enabled | bool | `true` | Boolean flag to enable/disable the auth-server-key rotation cronjob chart. | | global.auth-server-key-rotation.initKeysLife | int | `48` | The initial auth server key rotation keys life in hours | @@ -452,9 +458,10 @@ Kubernetes: `>=v1.22.0-0` | global.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service. Envs defined in global.userEnvs will be globally available to all services | | global.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | | global.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | -| kc-scheduler | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/kc-scheduler","tag":"1.1.6_dev"},"interval":10,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for synchronizing Keycloak SAML clients | +| kc-scheduler | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/kc-scheduler","tag":"1.1.6_dev"},"interval":10,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for synchronizing Keycloak SAML clients | | kc-scheduler.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | kc-scheduler.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| kc-scheduler.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | kc-scheduler.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | kc-scheduler.dnsConfig | object | `{}` | Add custom dns config | | kc-scheduler.dnsPolicy | string | `""` | Add custom dns policy | @@ -473,9 +480,10 @@ Kubernetes: `>=v1.22.0-0` | kc-scheduler.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | kc-scheduler.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | kc-scheduler.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| link | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/link","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Link. | +| link | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/link","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Link. | | link.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | link.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| link.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | link.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | link.dnsConfig | object | `{}` | Add custom dns config | | link.dnsPolicy | string | `""` | Add custom dns policy | @@ -506,9 +514,10 @@ Kubernetes: `>=v1.22.0-0` | nginx-ingress.ingress.additionalAnnotations | object | `{}` | Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} Enable client certificate authentication nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" Create the secret containing the trusted ca certificates nginx.ingress.kubernetes.io/auth-tls-secret: "janssen/tls-certificate" Specify the verification depth in the client certificates chain nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" Specify if certificates are passed to upstream server nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" | | nginx-ingress.ingress.additionalLabels | object | `{}` | Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} | | nginx-ingress.ingress.tls | list | `[{"hosts":["demoexample.jans.io"],"secretName":"tls-certificate"}]` | Secrets holding HTTPS CA cert and key. | -| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.1.6_dev"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Janssen Server persistence layer. | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.1.6_dev"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Janssen Server persistence layer. | | persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| persistence.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | persistence.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | persistence.dnsConfig | object | `{}` | Add custom dns config | | persistence.dnsPolicy | string | `""` | Add custom dns policy | @@ -526,9 +535,10 @@ Kubernetes: `>=v1.22.0-0` | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| saml | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/saml","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | SAML. | +| saml | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/saml","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | SAML. | | saml.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | saml.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| saml.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | saml.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | saml.dnsConfig | object | `{}` | Add custom dns config | | saml.dnsPolicy | string | `""` | Add custom dns policy | @@ -555,9 +565,10 @@ Kubernetes: `>=v1.22.0-0` | saml.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | saml.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | saml.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | | scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| scim.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | scim.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | scim.dnsConfig | object | `{}` | Add custom dns config | | scim.dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/auth-server-key-rotation/README.md b/charts/janssen/charts/auth-server-key-rotation/README.md index 6267fead9e4..e27c53d4279 100644 --- a/charts/janssen/charts/auth-server-key-rotation/README.md +++ b/charts/janssen/charts/auth-server-key-rotation/README.md @@ -27,6 +27,7 @@ Kubernetes: `>=v1.22.0-0` | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | affinity | object | `{}` | | +| customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/auth-server-key-rotation/templates/cronjobs.yaml b/charts/janssen/charts/auth-server-key-rotation/templates/cronjobs.yaml index a74638a2654..92b52765831 100644 --- a/charts/janssen/charts/auth-server-key-rotation/templates/cronjobs.yaml +++ b/charts/janssen/charts/auth-server-key-rotation/templates/cronjobs.yaml @@ -41,8 +41,11 @@ spec: serviceAccountName: {{ .Values.global.serviceAccountName }} containers: - name: {{ include "auth-server-key-rotation.name" . }} - {{- if .Values.customScripts }} + {{- if or (.Values.customScripts) (.Values.customCommand) }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 18 }} + {{- else }} - /bin/sh - -c - | @@ -50,6 +53,7 @@ spec: {{- toYaml . | replace "- " "" | nindent 20}} {{- end }} /app/scripts/entrypoint.sh + {{- end}} {{- end}} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" env: diff --git a/charts/janssen/charts/auth-server-key-rotation/values.yaml b/charts/janssen/charts/auth-server-key-rotation/values.yaml index e8b49c61e3e..f27cbe625a1 100644 --- a/charts/janssen/charts/auth-server-key-rotation/values.yaml +++ b/charts/janssen/charts/auth-server-key-rotation/values.yaml @@ -59,4 +59,6 @@ additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken additionalAnnotations: { } # -- Add custom scripts that have been mounted to run before the entrypoint. -customScripts: [] \ No newline at end of file +customScripts: [] +# -- Add custom job's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/charts/auth-server/README.md b/charts/janssen/charts/auth-server/README.md index beb3c34f180..673f0d0e49e 100644 --- a/charts/janssen/charts/auth-server/README.md +++ b/charts/janssen/charts/auth-server/README.md @@ -27,6 +27,7 @@ Kubernetes: `>=v1.22.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/auth-server/templates/deployment.yml b/charts/janssen/charts/auth-server/templates/deployment.yml index e10359199d0..2b78d532085 100644 --- a/charts/janssen/charts/auth-server/templates/deployment.yml +++ b/charts/janssen/charts/auth-server/templates/deployment.yml @@ -28,10 +28,15 @@ spec: labels: APP_NAME: auth-server app: {{ .Release.Name }}-{{ include "auth-server.name" . }} - {{- if .Values.global.istio.ingress }} + {{- if or (.Values.global.istio.ingress) (index .Values.global "auth-server" "customAnnotations" "pod") }} annotations: + {{- if .Values.global.istio.ingress }} sidecar.istio.io/rewriteAppHTTPProbers: "true" {{- end }} + {{- if index .Values.global "auth-server" "customAnnotations" "pod" }} + {{ toYaml (index .Values.global "auth-server" "customAnnotations" "pod") | indent 4 }} + {{- end }} + {{- end }} spec: {{- with .Values.image.pullSecrets }} imagePullSecrets: @@ -59,8 +64,11 @@ spec: securityContext: runAsUser: 1000 runAsNonRoot: true - {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) (.Values.customCommand) }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 12 }} + {{- else }} - /bin/sh - -c - | @@ -71,6 +79,7 @@ spec: /usr/bin/python3 /scripts/updatelbip.py & {{- end}} /app/scripts/entrypoint.sh + {{- end}} {{- end}} ports: - name: {{ .Values.service.name }} diff --git a/charts/janssen/charts/auth-server/values.yaml b/charts/janssen/charts/auth-server/values.yaml index e7a869b2988..15440343637 100644 --- a/charts/janssen/charts/auth-server/values.yaml +++ b/charts/janssen/charts/auth-server/values.yaml @@ -91,4 +91,6 @@ additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken additionalAnnotations: { } # -- Add custom scripts that have been mounted to run before the entrypoint. -customScripts: [] \ No newline at end of file +customScripts: [] +# -- Add custom pod's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/charts/casa/README.md b/charts/janssen/charts/casa/README.md index 01ed8b42d8a..e1618cb8b88 100644 --- a/charts/janssen/charts/casa/README.md +++ b/charts/janssen/charts/casa/README.md @@ -27,6 +27,7 @@ Kubernetes: `>=v1.21.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/casa/templates/deployment.yaml b/charts/janssen/charts/casa/templates/deployment.yaml index 0a6f7237a7b..134abb18235 100644 --- a/charts/janssen/charts/casa/templates/deployment.yaml +++ b/charts/janssen/charts/casa/templates/deployment.yaml @@ -30,9 +30,14 @@ spec: APP_NAME: casa app: {{ .Release.Name }}-{{ include "casa.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.global.istio.ingress }} + {{- if or (.Values.global.istio.ingress) (.Values.global.casa.customAnnotations.pod) }} annotations: + {{- if .Values.global.istio.ingress }} sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + {{- if .Values.global.casa.customAnnotations.pod }} + {{ toYaml .Values.global.casa.customAnnotations.pod | indent 8 }} + {{- end }} {{- end }} spec: dnsPolicy: {{ .Values.dnsPolicy | quote }} @@ -62,8 +67,11 @@ spec: value: {{ include "casa.customJavaOptions" . | trim }} {{- include "casa.usr-envs" . | indent 12 }} {{- include "casa.usr-secret-envs" . | indent 12 }} - {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) (.Values.customCommand)}} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 14 }} + {{- else }} - /bin/sh - -c - | @@ -74,6 +82,7 @@ spec: /usr/bin/python3 /scripts/updatelbip.py & {{- end}} /app/scripts/entrypoint.sh + {{- end}} {{- end}} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: diff --git a/charts/janssen/charts/casa/values.yaml b/charts/janssen/charts/casa/values.yaml index 81981516e6b..22cf268bd5f 100644 --- a/charts/janssen/charts/casa/values.yaml +++ b/charts/janssen/charts/casa/values.yaml @@ -104,4 +104,6 @@ additionalLabels: { } # -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken additionalAnnotations: { } # -- Add custom scripts that have been mounted to run before the entrypoint. -customScripts: [] \ No newline at end of file +customScripts: [] +# -- Add custom pod's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/charts/config-api/README.md b/charts/janssen/charts/config-api/README.md index 102af652194..ed4c36f84a0 100644 --- a/charts/janssen/charts/config-api/README.md +++ b/charts/janssen/charts/config-api/README.md @@ -28,6 +28,7 @@ Kubernetes: `>=v1.22.0-0` | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | affinity | object | `{}` | | +| customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/config-api/templates/deployment.yaml b/charts/janssen/charts/config-api/templates/deployment.yaml index 3dd0ec6a6cf..53315cc354c 100644 --- a/charts/janssen/charts/config-api/templates/deployment.yaml +++ b/charts/janssen/charts/config-api/templates/deployment.yaml @@ -28,10 +28,15 @@ spec: labels: app: {{ .Release.Name }}-{{ include "config-api.name" . }} release: {{ .Release.Name }} - {{- if .Values.global.istio.ingress }} + {{- if or (.Values.global.istio.ingress) (index .Values.global "config-api" "customAnnotations" "pod") }} annotations: + {{- if .Values.global.istio.ingress }} sidecar.istio.io/rewriteAppHTTPProbers: "true" {{- end }} + {{- if index .Values.global "config-api" "customAnnotations" "pod" }} + {{ toYaml (index .Values.global "config-api" "customAnnotations" "pod") | indent 4 }} + {{- end }} + {{- end }} spec: {{- with .Values.image.pullSecrets }} imagePullSecrets: @@ -59,8 +64,11 @@ spec: runAsUser: 1000 runAsNonRoot: true imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) (.Values.customCommand) }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 14 }} + {{- else }} - /bin/sh - -c - | @@ -71,6 +79,7 @@ spec: /usr/bin/python3 /scripts/updatelbip.py & {{- end}} /app/scripts/entrypoint.sh + {{- end}} {{- end}} ports: - containerPort: 9444 diff --git a/charts/janssen/charts/config-api/values.yaml b/charts/janssen/charts/config-api/values.yaml index cac05ee50f1..110d93e22ba 100644 --- a/charts/janssen/charts/config-api/values.yaml +++ b/charts/janssen/charts/config-api/values.yaml @@ -99,4 +99,6 @@ additionalAnnotations: { } # -- Add custom scripts that have been mounted to run before the entrypoint. # - /tmp/custom.sh # - /tmp/custom2.sh -customScripts: [ ] \ No newline at end of file +customScripts: [ ] +# -- Add custom pod's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/charts/config/README.md b/charts/janssen/charts/config/README.md index 434fb56b0e1..ba8047792e5 100644 --- a/charts/janssen/charts/config/README.md +++ b/charts/janssen/charts/config/README.md @@ -93,6 +93,7 @@ Kubernetes: `>=v1.22.0-0` | configmap.lbAddr | string | `""` | Loadbalancer address for AWS if the FQDN is not registered. | | configmap.quarkusTransactionEnableRecovery | bool | `true` | Quarkus transaction recovery. When using MySQL, there could be issue regarding XA_RECOVER_ADMIN; refer to https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_xa-recover-admin for details. | | countryCode | string | `"US"` | Country code. Used for certificate creation. | +| customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/config/templates/load-init-config.yml b/charts/janssen/charts/config/templates/load-init-config.yml index f55e08a604a..bacca16652b 100644 --- a/charts/janssen/charts/config/templates/load-init-config.yml +++ b/charts/janssen/charts/config/templates/load-init-config.yml @@ -82,6 +82,9 @@ spec: resources: {{- toYaml .Values.resources | nindent 10 }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 12 }} + {{- else }} - tini - -g - -- @@ -99,4 +102,5 @@ spec: {{- if .Values.global.istio.enabled }} curl -X POST http://localhost:15020/quitquitquit {{- end }} + {{- end}} restartPolicy: Never diff --git a/charts/janssen/charts/config/values.yaml b/charts/janssen/charts/config/values.yaml index 4566195a34b..eaddb6e5eda 100644 --- a/charts/janssen/charts/config/values.yaml +++ b/charts/janssen/charts/config/values.yaml @@ -225,3 +225,5 @@ additionalAnnotations: { } # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] +# -- Add custom job's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/charts/fido2/README.md b/charts/janssen/charts/fido2/README.md index 11515beaee7..8588a838156 100644 --- a/charts/janssen/charts/fido2/README.md +++ b/charts/janssen/charts/fido2/README.md @@ -28,6 +28,7 @@ Kubernetes: `>=v1.22.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/fido2/templates/deployment.yml b/charts/janssen/charts/fido2/templates/deployment.yml index bccc9f45146..a9976692344 100644 --- a/charts/janssen/charts/fido2/templates/deployment.yml +++ b/charts/janssen/charts/fido2/templates/deployment.yml @@ -28,10 +28,15 @@ spec: labels: APP_NAME: fido2 app: {{ .Release.Name }}-{{ include "fido2.name" . }} - {{- if .Values.global.istio.ingress }} + {{- if or (.Values.global.istio.ingress) (.Values.global.fido2.customAnnotations.pod) }} annotations: + {{- if .Values.global.istio.ingress }} sidecar.istio.io/rewriteAppHTTPProbers: "true" {{- end }} + {{- if .Values.global.fido2.customAnnotations.pod }} + {{ toYaml .Values.global.fido2.customAnnotations.pod | indent 4 }} + {{- end }} + {{- end }} spec: {{- with .Values.image.pullSecrets }} imagePullSecrets: @@ -59,8 +64,11 @@ spec: value: {{ include "fido2.customJavaOptions" . | trim }} {{- include "fido2.usr-envs" . | indent 10 }} {{- include "fido2.usr-secret-envs" . | indent 10 }} - {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) (.Values.customCommand) }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 12 }} + {{- else }} - /bin/sh - -c - | @@ -71,6 +79,7 @@ spec: /usr/bin/python3 /scripts/updatelbip.py & {{- end}} /app/scripts/entrypoint.sh + {{- end}} {{- end}} ports: - name: {{ .Values.service.name }} diff --git a/charts/janssen/charts/fido2/values.yaml b/charts/janssen/charts/fido2/values.yaml index 205be305fe2..52e03eb9f4d 100644 --- a/charts/janssen/charts/fido2/values.yaml +++ b/charts/janssen/charts/fido2/values.yaml @@ -92,4 +92,6 @@ additionalAnnotations: { } # -- Add custom scripts that have been mounted to run before the entrypoint. # - /tmp/custom.sh # - /tmp/custom2.sh -customScripts: [ ] \ No newline at end of file +customScripts: [ ] +# -- Add custom pod's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/charts/kc-scheduler/README.md b/charts/janssen/charts/kc-scheduler/README.md index 1891cc0de8d..6470336d7b7 100644 --- a/charts/janssen/charts/kc-scheduler/README.md +++ b/charts/janssen/charts/kc-scheduler/README.md @@ -26,6 +26,7 @@ Kubernetes: `>=v1.22.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/kc-scheduler/templates/cronjobs.yaml b/charts/janssen/charts/kc-scheduler/templates/cronjobs.yaml index a37c6735b65..a879b865200 100644 --- a/charts/janssen/charts/kc-scheduler/templates/cronjobs.yaml +++ b/charts/janssen/charts/kc-scheduler/templates/cronjobs.yaml @@ -36,8 +36,11 @@ spec: {{- end }} containers: - name: {{ include "kc-scheduler.name" . }} - {{- if .Values.customScripts }} + {{- if or (.Values.customScripts) (.Values.customCommand) }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 18 }} + {{- else }} - /bin/sh - -c - | @@ -45,6 +48,7 @@ spec: {{- toYaml . | replace "- " "" | nindent 20}} {{- end }} /app/scripts/entrypoint.sh + {{- end}} {{- end}} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" env: diff --git a/charts/janssen/charts/kc-scheduler/values.yaml b/charts/janssen/charts/kc-scheduler/values.yaml index 644574d30d3..1e420bd8c7b 100644 --- a/charts/janssen/charts/kc-scheduler/values.yaml +++ b/charts/janssen/charts/kc-scheduler/values.yaml @@ -52,3 +52,5 @@ additionalAnnotations: {} # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [] +# -- Add custom job's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/charts/link/README.md b/charts/janssen/charts/link/README.md index e8b761be48a..6281358f240 100644 --- a/charts/janssen/charts/link/README.md +++ b/charts/janssen/charts/link/README.md @@ -28,6 +28,7 @@ Kubernetes: `>=v1.22.0-0` | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | affinity | object | `{}` | | +| customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/link/templates/deployment.yaml b/charts/janssen/charts/link/templates/deployment.yaml index 5b4e7480444..f2d01e6b1cc 100644 --- a/charts/janssen/charts/link/templates/deployment.yaml +++ b/charts/janssen/charts/link/templates/deployment.yaml @@ -28,10 +28,15 @@ spec: labels: app: {{ .Release.Name }}-{{ include "link.name" . }} release: {{ .Release.Name }} - {{- if .Values.global.istio.ingress }} + {{- if or (.Values.global.istio.ingress) (.Values.global.link.customAnnotations.pod) }} annotations: + {{- if .Values.global.istio.ingress }} sidecar.istio.io/rewriteAppHTTPProbers: "true" {{- end }} + {{- if .Values.global.link.customAnnotations.pod }} + {{ toYaml .Values.global.link.customAnnotations.pod | indent 4 }} + {{- end }} + {{- end }} spec: {{- with .Values.image.pullSecrets }} imagePullSecrets: @@ -59,8 +64,11 @@ spec: runAsUser: 1000 runAsNonRoot: true imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) (.Values.customCommand) }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 14 }} + {{- else }} - /bin/sh - -c - | @@ -71,6 +79,7 @@ spec: /usr/bin/python3 /scripts/updatelbip.py & {{- end}} /app/scripts/entrypoint.sh + {{- end}} {{- end}} ports: - containerPort: 9091 diff --git a/charts/janssen/charts/link/values.yaml b/charts/janssen/charts/link/values.yaml index bf0754bceef..6bb0c217195 100644 --- a/charts/janssen/charts/link/values.yaml +++ b/charts/janssen/charts/link/values.yaml @@ -101,4 +101,6 @@ additionalAnnotations: { } # -- Add custom scripts that have been mounted to run before the entrypoint. # - /tmp/custom.sh # - /tmp/custom2.sh -customScripts: [ ] \ No newline at end of file +customScripts: [ ] +# -- Add custom pod's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/charts/persistence/README.md b/charts/janssen/charts/persistence/README.md index 87a8a74238a..09c5ab21896 100644 --- a/charts/janssen/charts/persistence/README.md +++ b/charts/janssen/charts/persistence/README.md @@ -26,6 +26,7 @@ Kubernetes: `>=v1.22.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/persistence/templates/jobs.yml b/charts/janssen/charts/persistence/templates/jobs.yml index 19a5710f9d3..9151cec8fae 100644 --- a/charts/janssen/charts/persistence/templates/jobs.yml +++ b/charts/janssen/charts/persistence/templates/jobs.yml @@ -47,8 +47,11 @@ spec: env: {{- include "persistence.usr-envs" . | indent 12 }} {{- include "persistence.usr-secret-envs" . | indent 12 }} - {{- if or ( .Values.global.istio.enabled ) ( .Values.customScripts )}} + {{- if or ( .Values.global.istio.enabled ) ( .Values.customScripts ) (.Values.customCommand) }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 10 }} + {{- else }} - tini - -g - -- @@ -62,6 +65,7 @@ spec: {{- if .Values.global.istio.enabled }} curl -X POST http://localhost:15020/quitquitquit {{- end }} + {{- end }} {{- end }} envFrom: - configMapRef: diff --git a/charts/janssen/charts/persistence/values.yaml b/charts/janssen/charts/persistence/values.yaml index 991e7241efb..28bb9522f10 100644 --- a/charts/janssen/charts/persistence/values.yaml +++ b/charts/janssen/charts/persistence/values.yaml @@ -55,4 +55,6 @@ additionalAnnotations: { } # -- Add custom scripts that have been mounted to run before the entrypoint. # - /tmp/custom.sh # - /tmp/custom2.sh -customScripts: [ ] \ No newline at end of file +customScripts: [ ] +# -- Add custom job's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/charts/saml/README.md b/charts/janssen/charts/saml/README.md index 5395eb25c2b..339eeaeb4f2 100644 --- a/charts/janssen/charts/saml/README.md +++ b/charts/janssen/charts/saml/README.md @@ -26,6 +26,7 @@ Kubernetes: `>=v1.21.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/saml/templates/deployment.yaml b/charts/janssen/charts/saml/templates/deployment.yaml index c90d34f6458..3650b5b2293 100644 --- a/charts/janssen/charts/saml/templates/deployment.yaml +++ b/charts/janssen/charts/saml/templates/deployment.yaml @@ -30,10 +30,15 @@ spec: APP_NAME: saml app: {{ .Release.Name }}-{{ include "saml.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.global.istio.ingress }} + {{- if or (.Values.global.istio.ingress) (.Values.global.link.customAnnotations.pod) }} annotations: + {{- if .Values.global.istio.ingress }} sidecar.istio.io/rewriteAppHTTPProbers: "true" {{- end }} + {{- if .Values.global.link.customAnnotations.pod }} + {{ toYaml .Values.global.link.customAnnotations.pod | indent 4 }} + {{- end }} + {{- end }} spec: dnsPolicy: {{ .Values.dnsPolicy | quote }} {{- with .Values.dnsConfig }} @@ -62,8 +67,11 @@ spec: value: {{ include "saml.customJavaOptions" . | trim }} {{- include "saml.usr-envs" . | indent 12 }} {{- include "saml.usr-secret-envs" . | indent 12 }} - {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) (.Values.customCommand) }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 14 }} + {{- else }} - /bin/sh - -c - | @@ -74,6 +82,7 @@ spec: /usr/bin/python3 /scripts/updatelbip.py & {{- end}} /app/scripts/entrypoint.sh + {{- end}} {{- end}} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: diff --git a/charts/janssen/charts/saml/values.yaml b/charts/janssen/charts/saml/values.yaml index 9ba63b582c5..50d127ba019 100644 --- a/charts/janssen/charts/saml/values.yaml +++ b/charts/janssen/charts/saml/values.yaml @@ -108,3 +108,5 @@ additionalLabels: { } additionalAnnotations: { } # -- Add custom scripts that have been mounted to run before the entrypoint. customScripts: [] +# -- Add custom pod's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/charts/scim/README.md b/charts/janssen/charts/scim/README.md index 27a9452c42c..4f4f900f099 100644 --- a/charts/janssen/charts/scim/README.md +++ b/charts/janssen/charts/scim/README.md @@ -27,6 +27,7 @@ Kubernetes: `>=v1.22.0-0` |-----|------|---------|-------------| | additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | | additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | diff --git a/charts/janssen/charts/scim/templates/deployment.yml b/charts/janssen/charts/scim/templates/deployment.yml index 13ff16a05ff..a6a33631d9b 100644 --- a/charts/janssen/charts/scim/templates/deployment.yml +++ b/charts/janssen/charts/scim/templates/deployment.yml @@ -28,10 +28,15 @@ spec: labels: APP_NAME: scim app: {{ .Release.Name }}-{{ include "scim.name" . }} - {{- if .Values.global.istio.ingress }} + {{- if or (.Values.global.istio.ingress) (.Values.global.scim.customAnnotations.pod) }} annotations: + {{- if .Values.global.istio.ingress }} sidecar.istio.io/rewriteAppHTTPProbers: "true" {{- end }} + {{- if .Values.global.scim.customAnnotations.pod }} + {{ toYaml .Values.global.scim.customAnnotations.pod | indent 4 }} + {{- end }} + {{- end }} spec: {{- with .Values.image.pullSecrets }} imagePullSecrets: @@ -59,8 +64,11 @@ spec: value: {{ include "scim.customJavaOptions" . | trim }} {{- include "scim.usr-envs" . | indent 10 }} {{- include "scim.usr-secret-envs" . | indent 10 }} - {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) }} + {{- if or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local") ( .Values.customScripts) (.Values.customCommand) }} command: + {{- if .Values.customCommand }} + {{- toYaml .Values.customCommand | nindent 12 }} + {{- else }} - /bin/sh - -c - | @@ -71,6 +79,7 @@ spec: /usr/bin/python3 /scripts/updatelbip.py & {{- end}} /app/scripts/entrypoint.sh + {{- end}} {{- end}} {{- if .Values.global.cloud.testEnviroment }} resources: {} diff --git a/charts/janssen/charts/scim/values.yaml b/charts/janssen/charts/scim/values.yaml index b09a4e705da..17950054936 100644 --- a/charts/janssen/charts/scim/values.yaml +++ b/charts/janssen/charts/scim/values.yaml @@ -91,4 +91,6 @@ additionalAnnotations: { } # -- Add custom scripts that have been mounted to run before the entrypoint. # - /tmp/custom.sh # - /tmp/custom2.sh -customScripts: [ ] \ No newline at end of file +customScripts: [ ] +# -- Add custom pod's command. If passed, it will override the default conditional command. +customCommand: [] \ No newline at end of file diff --git a/charts/janssen/values.yaml b/charts/janssen/values.yaml index 15bc154b1e0..ef57123b505 100644 --- a/charts/janssen/values.yaml +++ b/charts/janssen/values.yaml @@ -104,6 +104,8 @@ auth-server: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [] + # -- Add custom pod's command. If passed, it will override the default conditional command. + customCommand: [] # -- Responsible for regenerating auth-keys per x hours auth-server-key-rotation: # -- Add custom normal and secret envs to the service @@ -167,6 +169,8 @@ auth-server-key-rotation: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [] + # -- Add custom job's command. If passed, it will override the default conditional command. + customCommand: [] # -- Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. config: # -- Add custom normal and secret envs to the service. @@ -383,6 +387,8 @@ config: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] + # -- Add custom job's command. If passed, it will override the default conditional command. + customCommand: [] # -- Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). config-api: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -486,6 +492,8 @@ config-api: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] + # -- Add custom pod's command. If passed, it will override the default conditional command. + customCommand: [] # -- FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. fido2: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -594,6 +602,8 @@ fido2: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] + # -- Add custom pod's command. If passed, it will override the default conditional command. + customCommand: [] # -- Janssen Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Auth Server. casa: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -698,6 +708,8 @@ casa: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [] + # -- Add custom pod's command. If passed, it will override the default conditional command. + customCommand: [] # -- Parameters used globally across all services helm charts. global: # -- Add custom normal and secret envs to the service. @@ -719,6 +731,7 @@ global: destinationRule: {} podDisruptionBudget: {} virtualService: {} + pod: {} deployment: {} horizontalPodAutoscaler: {} service: {} @@ -850,6 +863,7 @@ global: destinationRule: {} podDisruptionBudget: {} virtualService: {} + pod: {} deployment: {} horizontalPodAutoscaler: {} service: {} @@ -922,6 +936,7 @@ global: destinationRule: {} podDisruptionBudget: {} virtualService: {} + pod: {} deployment: {} horizontalPodAutoscaler: {} service: {} @@ -969,6 +984,7 @@ global: destinationRule: {} podDisruptionBudget: {} virtualService: {} + pod: {} deployment: {} horizontalPodAutoscaler: {} service: {} @@ -1051,6 +1067,7 @@ global: destinationRule: {} podDisruptionBudget: {} virtualService: {} + pod: {} deployment: {} horizontalPodAutoscaler: {} service: {} @@ -1117,6 +1134,7 @@ global: destinationRule: {} podDisruptionBudget: {} virtualService: {} + pod: {} deployment: {} horizontalPodAutoscaler: {} service: {} @@ -1156,6 +1174,7 @@ global: destinationRule: {} podDisruptionBudget: {} virtualService: {} + pod: {} deployment: {} horizontalPodAutoscaler: {} service: {} @@ -1277,6 +1296,8 @@ persistence: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] + # -- Add custom job's command. If passed, it will override the default conditional command. + customCommand: [] # -- System for Cross-domain Identity Management (SCIM) version 2.0 scim: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -1385,6 +1406,8 @@ scim: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] + # -- Add custom pod's command. If passed, it will override the default conditional command. + customCommand: [] # -- Link. link: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -1492,6 +1515,8 @@ link: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] + # -- Add custom pod's command. If passed, it will override the default conditional command. + customCommand: [] # -- SAML. saml: # -- Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API @@ -1599,6 +1624,8 @@ saml: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [ ] + # -- Add custom pod's command. If passed, it will override the default conditional command. + customCommand: [] # -- Responsible for synchronizing Keycloak SAML clients kc-scheduler: @@ -1656,3 +1683,5 @@ kc-scheduler: # - /tmp/custom.sh # - /tmp/custom2.sh customScripts: [] + # -- Add custom job's command. If passed, it will override the default conditional command. + customCommand: []